Packet Storm new exploits for January, 2003.
12d6eca11008594b11e9a4a31a5a046eCups v1.1.17 and below remote exploit which spawns a shell as lp. Modified version of the original sigcups.c exploit.
bfc5956950b52e54932b47d057edd76fThe at utility in Solaris has name handling and race condition vulnerabilities. Using the -r switch to remove a job allows an attacker to remove any file on the filesystem as root. Although at filters out absolute paths, a simple ../ directory traversal maneuver allows an attacker to remove files out of the allowed boundary.
ade275e5de208f97a322a2f79d94f71cPlatinumFTPserver, the server engine that runs as an application on Windows 9x and a service under NT/2K/XP, has a directory traversal vulnerability that allows remote attackers to enter directories that reside outside the bounding FTP root directory. Another vulnerability exists which allows an attacker to commit a DoS against the server. Version affected: 1.0.7. Version Unaffected: 1.0.8.
a833b7d7a2a1d81359c6be96784cd9dbHypermail 2, a popular tool that converts mails into html, has two buffer overflows. One exists in the hypermail program itself and another is in the CGI program mail. The overflow in the main program can be overflowed by sending an email while the CGI program can be overflowed by a DNS server being populated with faulty information. Versions affected: 2.1.3, 2.1.4, 2.1.5, possibly others. 2.1.6 is not affected.
d197f6b39b31e4f89f67d75abd1b2706ISC dhcpd v3.0.1rc8 and below remote root format string exploit. Tested against Debian 3.0, Mandrake 8.1, Red Hat 7.2, 7.3, and 8.0, and SuSE 7.3. Includes the option to check for vulnerability on any platform by crashing the service.
1da87ccba0bbd62b90b532655ce17f50Middle2.c allows you to recover SMB password in clear text (from the network) when they should be encrypted. It operates a man in the middle attack with complete traffic redirection which does not need forwarding with transparent proxy. Tested under linux Debian 3.0.
72b94090bdeab6247eab00da6d230bedStunnel v3.15 - 3.21 remote format string exploit. Tested against Red Hat 7.2, 7.3, 8.0, Slackware 8.1, Debian GNU 3.0, and Mandrake 9.0. More information on the bug available here.
036f5e357caf9ea94e601b435e2e825dPHP 3.0.16 and below remote format string exploit for Linux/x86. Gives a uid=nobody shell. File logging must be enabled for this exploit to work. Includes offset brute forcing and instructions for finding offsets.
8af5a42ddce32cd2f679e37bdf031475Tanne v0.6.17 remote root format string exploit for Linux/x86 which has been tested against Redhat 6.1, 7.0, and 8.0. Tanne is a secure http session management tool sometimes used in online banking.
e24f9a3ee77041901841ec35bca67165S8forum GPG remote exploit in java which emulates a shell with the privileges of the web server.
bece5e7a608cfb12be2df0a1b34ec757Efstrip is an exploit for the efstool vulnerability. Unlike other exploits for this vulnerability, Efstrip is robust, doesn't need a wide range of attack options, and doesn't need brute forcing. It actually ./works.
98075b5b8ff7957d017481f1985b1428The S8forum v3.0 allows remote users to execute commands on the webserver. Includes exploit instructions and patch included.
fb79079160eb35543d7b60bb52b21463Cups v1.1.17 and below remote exploit which spawns a shell as lp. Tested against Gentoo Linux with cups-1.1.17_pre20021025 installed.
6bd7f9189ad7341bed17442f15738257Mysqlsuite includes three tools which take advantage of the vulnerability in check_scramble() function of mysql described in mysql.4.0.5a.txt. Mysqlhack allows remote command execution with a valid mysql user and pass. Mysqlgetusers allows you do a dictionary login-only attack to find other users. Mysqlexploit spawns a shell on port 10000 on vulnerable linux mysql servers with a valid mysql login and pass and writable database. Fixed in Mysql v3.23.54.
e6b7d33cae59e81b420ced9b17400378Smart Search CGI remote exploit in perl which attempts to spawn netcat listening with a shell.
31fb8b6bf42663316758975253dff0b0Crashms exploits the microsoft-ds bug and crashes windows machines via tcp port 445. Sends many 10k blocks of NULLs, causing blue screens on unpatched Windows 2000 boxes with microsoft-ds running on port 445.
ace3a302efcccc811cf5470e45732221
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed