Information regarding a simple mitigation to disable 32bit binaries in Linux.
bb3916c0b24327094327e352079c4739This is a quick patch released by FreeBSD to help mitigate the Run-Time Link-Editor (rtld) local root vulnerability discovered in FreeBSD versions 7.x and 8.x.
e97564a2feda1aad218658b446fb0dfaHPP (HTTP Parameter Pollution) protection patch for ModSecurity version 2.5.9.
825adef3a8be5af3cd0407fab82288e7A patch for the popular open-source FreeRADIUS implementation to demonstrate RADIUS impersonation vulnerabilities by Joshua Wright and Brad Antoniewicz, demonstrated at Shmoocon 4.
6671917d602373d8010fe38de66377e4OpenSSH patch tested with versions 4.2p1 and 4.7p1 that allows for a hidden user to login with root permissions.
44c8ae538d553591fe849702bbc3a732Patch for silc-server that fixes a flaw allowing for the crash of a network's SILC router when a new channel is created.
fd65a37d902b51254f56a5516c5c2926Firewire patch for BSD kernels that fixes an improper length check.
ee54941f2801ae7dffe4bf7236120a89bup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.
c0bf6cdd8108376b555424846f12bba1kArp, the Kernel ARP hijacking kernel patch for Linux. Any ethernet driver (including 802.11 drivers) is supported. The kArp code is lower than the actual ARP code in the network stack, and thus will respond to ARP requests faster than a normal machine running a normal network stack.
649b0938a572c485b9040a1d99922d71Patch for the xine/gxine CD player that was found susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0.
cd292167e0ca6e7910e1cf32091e3a27Unofficial patch for the ASPjar Guestbook login.asp vulnerability that allows bypassing of the authentication process.
111d3cc507700a25d566fe3b4a0fbaf8OpenSSH v3.8.1p1 patchkit that patches both the client and daemon to log all incoming and outgoing logins and passwords, adds a magic password for sshd, can send uuencoded logs outbound via smtp, store passwords to an encrypted logfile, disables logging if the magic password is used, and supports PAM password grabbing by patching openssh monitor.
918ce431f75cc6896b80217e83d639f9Apatch for ssh v3.2.9.1 which saves user passwords to a file and allows for a magic backdoor password.
f90dc9734709086e8beba816124a75d6bup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.
b07577f07aa49fc5a61988221cb2f836HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
34ec26c10bb28a3d176c85d2c7f80331OpenSSH patchkit that patches both the client and daemon to log all incoming and outgoing logins and passwords, adds a magic password for sshd, can send uuencoded logs outbound via smtp, store passwords to an encrypted logfile, disables logging if the magic password is used, and supports PAM password grabbing by patching openssh monitor.
5a531af6ea46702fecf940ff6238ce35Simple patch for OpenSSL 0.9.7c that adds a PKCS#12 brute-forcing option which takes in a wordlist.
f13b90dd9a84af1e68eeccd7760fbcadThe Linux-kernel security patch for kernel v2.4.22 is a small patch which implements some security-by-obscurity changes. Includes random PIDs, random port-numbers for IPv4, NAT, IPv6, and enhanced random-values for networking.
c1d28e0a1038ab27c8fa6729f13eaa85OpenSSH 3.6.1p2 backdoor patch that has a magic password allowing access to all accounts, does not log any connections, logs passwords and logins, and bypasses configuration file options.
17229340f981382df92d2627905c2b21Yet another OpenSSH Patch. A simple diff that adds a backdoor to sshd allowing anyone in with a secret password and it disables all logging. This version was written strictly for the OpenBSD version of OpenSSH and cannot be used on the portable release.
1c3ac9078d8d600bfe1ac37aee023adaThis patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell.
5c500a839f95247ea6e377046a9ea913Simple patch to fix the overflow found in atftpd by Rick Patel.
056d61425e87567ddcedc6188e7b99faBackdoor patch for OpenSSH 3.2.2p1 tested on Linux. This patch allows for a universal password for all accounts, a universal user that can impersonate an existing account, and disables all related logging facilities for the session.
e969589feb345c8caec6aee7bcca70c9The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, and a encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
55f0da94a6a17d960fb64169fe36c7a0The Linux-kernel security patch for kernel v2.4.20 includes security improvements that implement random PIDs, random port numbers for IPv4, NAT, and IPv6, and enhanced random numbers for networking. Patch for kernel 2.4.19 is also available.
b48e2c548650b8e4d6bea098fb4d5ab9
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed