Packet Storm new exploits for April, 2003.
e7ff817b4f14361992054b05c064b6f2Remote root exploit for PoPToP, the PPTP server designed for Linux, versions 1.1.4-b3 and below. Fixed by blightninjas. Original code by einstein.
2b243280f9e11f0791582194ec588922Remote root exploit for Sendmail 8.12.8 and below that makes use of the vulnerability in prescan(). Note: This exploit is crippled and needs to be fixed.
5ade4c15fee8ada5982a9cad51e3dea1Remote root exploit for Sendmail 8.12.8 and below that uses the vulnerability in crackaddr().
df191d0300a456e052e99130d4837115Local root exploit for Qpopper v4.0.x poppassd that utilizes the ability to set the smbpasswd path.
ed3ad6341005ca980e5b240e9a2694ecSamba 2.2.x Remote root exploit. Tested against RedHat 8.0.
b45ad451237a0852cb806d8096116923Updated version of the remote root exploit for Realserver 8 on several Windows platforms.
e6997ae88e68cb958cb34e60f1d9e429A problem exists in True Galerie v1.0 that allows a remote attacker to obtain administrative access to this utility due to misuse of cookies.
31b936edf4c3057a878bbb7c8906aae4Local root exploit for a stack overflow discovered in the linux-atm binary /usr/local/sbin/les.
f359e77f4c99e42da154156e7123b11dSnort 1.9.1 and below remote exploit. Related CERT Advisory is here. Tested on Slackware 8.0.
63efca99c7a60adabcf0f9933904337eSAP DB is vulnerable to a race condition during installation. The installer creates a world writable file that gets compiled and then is setuid to root. If a local attacker can overwrite the file in the alloted time-frame they will be able to escalate their privileges.
707baa4e52349edd821816a0181694feThe Xeneo Web Server v2.2.9.0 is vulnerable to a Denial of Service attack when a GET request with 4096 ?'s are received. Tested against Windows XP Pro SP1 and Windows 2000 SP3.
6005e09c96be815df9a48d1c3c802832AN HTTPd versions 1.42h and prior ships with a script called count.pl which allows remote attackers to use a directory traversal attack to overwrite the contents of files on the system.
bb7b403dffcc890d5a26cfb87b43ff22PT News v1.7.7 allows access to administrator functionality without authentication via news.inc which is included in the index.php file.
87798f1e9b8b9a07ac7fd2086b0174f3mod_ntlm is the Apache module for versions 1.3 and 2.0 which gives Apache the ability to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. The log() function contains two remotely exploitable vulnerabilities. Both a heap overflow and an incorrect call to ap_log_rerror() allow for arbitrary code execution.
ad450fcef6dadc5b28ffbefe83da9432The Monkey HTTPd v0.6.1 web server is vulnerable to a remote buffer overflow in the handling of forms submitted with the POST request method. The unchecked buffer lies in the PostMethod() procedure.
5605063d4420a60aa0206189fb3365c5BadBlue web server versions 2.15 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The ext.dll that allows pages parsing with the LoadPage command attempts to prevent remote users from accessing .hts pages by checking the 'referer' HTTP header of requests, and also verifying that all requests for .hts pages originate from 127.0.0.1 (the loopback). By appending certain illegal characters to the requested filename, it is possible to cause BadBlue to interpret .hts files from a remote system, thereby yielding administrative control of the server to the attacker.
e98dbd9eeaba1247bc190d69fec06b8bRemote exploit written in Perl for the Twilight Utilities TW-WebServer that is vulnerable to a denial of service attack by a long HTTP GET request.
8b752ac5486724bb9a3b4ba974aa27f7Remote exploit written in C for the Twilight Utilities TW-WebServer that is vulnerable to a denial of service attack by a long HTTP GET request.
7352450188c50b46a73d0b823b566505FreeBSD and OpenBSD remote Samba v2.2.x call_trans2open i386 buffer overflow exploit. Tested against OpenBSD 3.0 and FreeBSD 4.6.2-RELEASE with Samba v2.2.x. Includes support for target brute forcing. Information about the vulnerability is available here.
ec9f643cb6856a51dfa1e9fc75d70906Local exploit for sendmail 8.11.6 which takes advantage of the vulnerable prescan() function which allows users to input 0xff to skip the length check of the buffer. Includes targets for Slackware 8.0, Redhat 7.2, and Redhat 7.3.
339af799e3edcf9140fa735a802bfc8eThe iWeb Mini Web Server for Microsoft Windows NT/XP/9x fails to properly filter GET requests for ../ which inadvertently allows for directory traversal attacks.
6dce02a7c8a43ebba137e18b57323d67Local root exploit for the Linux 2.2 and 2.4 kernels that have a flaw in ptrace where a kernel thread is created insecurely. This version escalates user privileges to root without the necessity of needing access to /proc.
bf597c6b557934d445609b525bd5e82fRemote root exploit for Samba 2.2.x and prior that works against Linux (all distributions), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x and 3.2 non-executable stack). It has a scanning abilities so a range of machines can be penetration tested at once on a network.
27b711137a11d23653dadbd3ab4d0cccA directory traversal bug exists in the QuickFront webserver that allows remote attackers to gain access to system files. Version affected: 1.0.0.189.
222a9abd3b16ea36884137398910fb05
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed