iDefense Security Advisory 05.21.08 - Remote exploitation of a design error vulnerability in Snort, as included in various vendors' operating system distributions, could allow an attacker to bypass filter rules. Due to a design error vulnerability, Snort does not properly reassemble fragmented IP packets. When receiving incoming fragments, Snort checks the Time To Live (TTL) value of the fragment, and compares it to the TTL of the initial fragment. If the difference between the initial fragment and the following fragments is more than a configured amount, the fragments will be silently discard. This results in valid traffic not being examined and/or filtered by Snort. iDefense has confirmed the existence of this vulnerability in Snort 2.8 and 2.6. Snort 2.4 is not vulnerable.
71694e299caa136a88ff4553f89f1078e330d6913b0b76957abb0e2e9cfa6bffiDefense Security Advisory 02.12.08 - Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92. Previous versions may also be affected.
a41220bd562f0751be2d8a4c85b3aa329da8712ae380c55def9f43dd8a24c6b3Gentoo Linux Security Advisory GLSA 200408-16 - glibc contains an information leak vulnerability allowing the debugging of SUID binaries. Versions 2.3.2 and below are affected.
6d3a5de31a54a4551b867471c5569c8bb8f3f2783a41ac572e82eca0028bf877Stealth Syscall Redirection - This article describes a technique of redirecting system calls without modifying the sys call table (implemented in Linux). This can be used to evade intrusion detection systems that use the sys call table to register redirected or trojaned system calls. The basic premise behind this attack is to modify the old system call code to jump to the new system call, thus control is transferred to the replacement system call and the sys call table is left untouched.
b65637f6eb6460d4d82d35adddf11e37ba7cdf38d977e6f9f161d95599528e70An article on UNIX ELF PARASITES AND VIRUSES including a fully working parasite infector and binary virus for Linux (UNIX portable however). The parasites and virus described and given do not destroy the executeables functionality but instead as with many DOS viruses simply append new code to the image. Rudimentary techniques for disabling the parasites and virus is also described. (includes LONG rant at beginning by author).
41101f0b3c5ca938f20c81b9751270536b75203824557fe9301873ac62f7da1eDemonstration and proof of the concept that access to kernel memory is of great use to a system attacker. Source code, examples included, along with implementation of 'kinsmod', an insmod using the kmem device, _not_ using native LKM support. (includes LONG rant at beginning by author).
b765ec3942e83df5d7d759cdc3b9d55fb7410033fef82b213946f4d7255be5d7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed