Tickling CGI Problems is a whitepaper that focuses on the security of Tcl CGI scripts.
39eb73658fb14fdf326b76d57f97545cWhitepaper entitled 'Attacking Automatic Wireless Network Selection'.
48b6fec3da6c92981ff5f42974cfbfafSCO OpenServer v5.0.5 /usr/bin/mscreen local exploit.
0d6decf4c717851249cad2b166d2b635Tru64 (OSF/1) /usr/bin/su local exploit - Works if executable stack is on.
3dd785c49420cd2ce460d0f2717087adHP/UX v11.0 /usr/bin/pppd local root buffer overflow exploit.
85fa875b1ad608dd1032cba400905cfbOpenBSD 2.7 local root exploit for /usr/bin/fstat + libutil exploit. Tested against OPenBSD 2.7 i386.
413bbf906ea1ced56144bc9ae638b641Solaris Solstice Internet Mail IMAP4 Server x86 exploit.
821fc99233c6792e3a5d571544e02056w00w00 Security Advisory - qmail-pop3d may pass an overly long command argument to it's password authentication service. When vpopmail is used to authenticate user information a remote attacker may compromise the privilege level that vpopmail is running, naturally root.
68b6d3a1b05e5e257c57d90c820d08c0Remote exploit for the inter7 supported vchkpw/vpopmail package for (replacement for chkeckpasswd). Tested on Sol/x86,linux/x86,Fbsd/x86 against linux-2.2.1 and FreeBSD 3.[34]-RELEASE, running vpopmail-3.4.10a/vpopmail-3.4.11[b-e]. Unofficial patch here.
2d7dedcfe66b33095eeacda82febfcc6UnixWare 7 exploit for /usr/bin/ppptalk.
c438be6a801d5b471662aa0078727a9e[w00giving #8] Here's a new version of my snoop exploit, it seems that it will work on the new patched version of snoop aswell, and actually, the target host dose NOT have to be running with -v. Snoop is a program similar to tcpdump that allows one to watch network traffic. There is a buffer overflow in the snoop program that occurs when a domain name greater than 1024 bytes is logged, because it will overwrite a buffer in print_domain_name. This vulnerability allows remote access to the system with the privileges of the user who ran snoop (usually root, because it requires read privileges on special devices). Remote Solaris 2.7 x86 snoop exploit included.
e8429fe065b5c9a3ef2ef9233adccd98The su command on SCO's UnixWare 7 has improper bounds checking on the username passed (via argv[1]), which can cause a buffer overflow when a lengthy username is passed.
7d654f8aa7afbbaa6837abbc7b25cf08[w00giving '99 #6]: UnixWare 7's Xsco. Due to improper bounds checking, an overflow occurs when a lengthy argument (argv[1]) is passed. Because Xsco runs with superuser privileges, this can be exploited for elevated privileges.
ee32bbd26c4442e9c04c96fc12fdbd60When patches/fixes are applied to binaries on UnixWare 7, the original, unpatched binary files (with the suid/sgid bits maintained) are stored in /var/sadm. By default, the permissions on this directory is 755. This allows normal users to execute and exploit old binaries leftover from patching.
2b77bb1e27a9c578a10d56f6439e7cacUnixWare 7's dtappgather runs with superuser privileges, but improperly check $DTUSERSESSION to ensure that the file is readable/writeable or owned by the user running it. Exploit included. w00w00 website here.
607cb87b7a06ebe7cda92ff030b6da15
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed