Packet Storm new exploits for July, 2003.
547ce621a6d09bbcafdec2ffa67f4064Half-Life client versions 1.1.1.0 and below (including all MODs based on the game, such as Counter-Strike and DoD) remote exploit that will pose as a server that overwrites the stored return address but does not attempt any command execution.
47c81302e345d9a31e8cb8ee2dab615fHalf-Life server versions 1.1.1.0 and below (including all MODs based on the game, such as Counter-Strike and DoD) remote exploit that will cause a denial of service.
5936369be7bf61fd4c0c410f03526b21lockdev 1.0.0 local exploit that escalates privileges to group lock. Tested against RedHat 7.3, 8.0, and 9.0.
f1abaa914fb3eae21371eee17e50e6adDCOM remote exploit utilizing the issue discussed here. Covers Microsoft Windows NT SP6/6a (cn), as well as Windows 2000 SP0-4 (cn) SP0-2 (jp) SP0-2,4 (kr) SP0-1 (mx) SP3-4 (Big 5) SP0-4 (english) SP0 Server (english), and Windows XP SP0-1 (english) SP1 (cn) SP0-1 (Big 5). Modified by sbaa.
330e19366c8d5664a7f2a55efc3a8e78Version two of this paper discussing more shatter attacks that are possible using SEH memory locations to escalate privileges in Windows. Exploit code included. Related information available here.
128b5b0cdea6aee5c389eaa7ac17b801Apache 1.3.x using the mod_mylo module version 0.2.1 and below is vulnerable to a buffer overflow. The mod_mylo module is designed to log HTTP requests to a MySQL database and insufficient bounds checking in mylo_log() allows a remote attacker to gain full webserver uid access. Remote exploit for SuSE 8.1 Linux with Apache 1.3.27, RedHat 7.2/7.3 Linux with Apache 1.3.20, and FreeBSD 4.8 with Apache 1.3.27 included.
b6a0cd78d32dfe4d978f56c3436cdb69A demonstration of ELF relocation.
d072fc2f8db2721c0971aa0ee90e4ab3Thorough analysis of the buffer overrun in the Windows RPC interface that was discovered by the Last Stage of Delirium. Exploit included for Windows 2000 SP4 Chinese version.
bcd9321ac5d7e4a8d74b197efe4a7e07Remote root exploit for samba 2.2.7a and below using reply_nttrans(). Written for the Linux x86 platform.
e79059d286adde4d8809a56206df5089Windows port of the remote exploit utilizing the DCOM RPC overflow originally coded by H D Moore.
4dadfb9aafb1cdac05ab734453dcee88Remote exploit utilizing the DCOM RPC overflow discovered by LSD. Includes targets for Windows 2000 and XP. Binds a shell on port 4444.
a731771b1cd73887da81c33d2f48471fAn interesting bug in the Mitel Voice Over IP system that allows an attacker to discover phone numbers calling through the DHCP server.
5b613c224e45a1343f68316310dd2b06PHP-G
c8eb6e9944f034550eae837f2e8114cdRemote denial of service exploit making use of the vulnerability found in DCOM under Windows.
1098316c80fe73f7861565b0b8ec61efRemote exploit for miniSQL version 1.3 and below that achieves privilege escalation root gid.
2fc4590154b857c4bf26fc805bb66099Remote buffer overflow denial of service exploit for the Netware Enterprise CGI2PERL.NLM.
c7063bffb5b954421951423f36a48c07Local root exploit for bru, or Backup and Restore Utility for Unix, that makes use of a stack overflow.
d98819e03bec7237629814af9f5d5a2cRemote exploit that causes a denial of service against Cisco IOS versions 11.x through 12.x using hping.
5b4d3da440603ada84738a3464e28b7eRemote exploit that causes a denial of service against Cisco IOS versions 11.x through 12.x.
1221af8aa6ac91916c03e6b599441b55Proof of concept local exploit for gnats version 3.113.1_6 tested on FreeBSD 5.0. If successful, escalates privileges to gnats.
f35302b106a2fee84c4ceed3da644de6Local root exploit for bru, or Backup and Restore Utility for Unix, that makes use of a stack overflow. Includes both Linux and FreeBSD targets.
9e4e064acba76fd0ff9c367ec8ea852cRemote exploit that will cause a denial of service against Cisco routers and switches. Warning: Broken.
be6bf5e146a17153190577d694cf26b6Zone-H Security Advisory ZH2003-11SA - Elite News version 1.0.0.0-1.0.0.3 Beta allows direct access to various system files which enables an attacker to retrieve the administrator login name, then utilize that name on another page to set a cookie that will be referenced by yet another page that allows an attacker to post as the administrator.
e900152d55dde53d9e5ec8afebc4cf84The Splatt Forum engine allows html code insertion for the post icon form input.
09c345c267efafe1d85c5484feea2ec0
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed