Packet Storm new exploits for February, 2003.
84de4b102d3937e7a827dd07d7e32247Local root exploit for slocate on Linux-Sparc.
18b263d22c67433ac2accd80dd963e1dYabase v1.5.0 remote exploit to spawn bash shell with Apache uid.
564186b311e373f97f0129b5326a655aMoxftp v2.2 and below contains buffer overflow vulnerabilities which allow remote code execution. Includes exploit code which sends a shell.
a2887996e92bf9602abb6740e92d9b63HPUX local buffer overflow exploit for stmkfont which attempts to spawn a gid=bin shell. Tested on HPUX B11.11.
05612e25e66d3230934a22c2cc07a40fCpanel 5 and below remote exploit which allows users to view any file or execute remote commands due to an insecure open call in guestbook.cgi. Local root vulnerabilities also exist.
3b3e532e3718324aaa6fa16ed89e63f2Nethack v3.4.0 local buffer overflow exploit which spawns a shell as uid=games. Runs /usr/games/lib/nethackdir/nethack.
3b81d062cf1cb44bc672fbd44da2173eCpanel + Openwebmail local root exploit in perl which affects Cpanel 5 and below. Attempts to copy a suid root zsh into /tmp by exploiting /usr/local/cpanel/base/openwebmail/oom.
7e63aefe7851c82f7b4cf3fb23c7f0eeParameter validation bugs exist in Emumail v5.x which allow remote denial of service and allow remote users to view any account history.
ea4bcc708b43c31933aeea832cfe6070BisonFTP v4.r2 remote denial of service exploit in perl. Tested against Windows 98.
277856a954e219f9d43732719681b0efEfstool Local root exploit for redhat. Requires efstool to be +s for root exploitation. Useful for breaking out from restricted shells. Tested on Redhat 7.1, 7.2, and 7.3.
78953c7df4174a50294ac9c4d9e742a7Chat Local root exploit for redhat. Requires chat to be +s for root exploitation. Useful for breaking out from restricted Shells. Tested on Redhat 7.1, 7.2, and 7.3.
5303c6838e7ca0979a0692c70d9f8a5f/usr/sbin/pwck local root exploit for linux. Affects only +s pwck, remember though its a good way to break free from restricted shells - even to the same UID. Tested on Red Hat 7.1, 7.2, and 7.3.
c82ad0cde72f8529d0ca0c3e8899e234Absolute Telnet v2.00 buffer overflow exploit in perl. Creates a fake server for the client to connect to, and sends an overflow string once it connects. Tested against Windows XP, based on an advisory by kain@ircop.dk.
efb5f8069a8009f009dfcc20853a62c5Yabase v1.5.0 and below remote scanner / exploit tool which takes advantage of a bug in an include named Packages.php.
34b3822b69b141eac2c588036fabdc07Remote root exploit for Realserver 8 on several Windows platforms.
70745652eb1e4a3cf9ae25c7d58bde54A specially constructed Java Applet crashes Opera versions 6.05 and 7.01. Opera's own class files in the opera.jar library are susceptible to a buffer overrun which causes a JVM crash and then crashes Opera.
725fec5e451ee6bf4bcbb1761bddc632Local Exploit for a buffer overflow in /usr/ports/games/nethack32 which gives a privilege escalation to group id games.
f378d2b030c8552612f15a6d6c1eaf20Solaris "at -r" tmp race condition exploit which allows users to remove any file on the system.
107ec9758b5a552f2eaef1fbafd4cabfBoth the 32 FTP Client version p9.49.01 and ByteCatcher FTP Client V1.04b are susceptible to being crashed due to a large banner. Arbitrary code execution against the client may be possible.
e70a992d2288266bf6f813b4d09f1d4cMajordomo, the popular mailing list utility, defaults which_access to open in the configuration file. A list of email accounts for a mailing list can be compromised by this de-facto setting by sending which @. Patch included.
7c5a6d5fb943b636027c61c62cd94d09
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed