Linux Security Magazine May 29. In this issue - Articles: The Top 10 Security Risks, Intrusion Detection on Linux, Analyzing Future Computer Trends and Threats, Always-on Internet Security, Mini-FAQ: "antivirus software for Linux". New Advisories this week: FreeBSD process and krb5 vubnerabilities, TurboLinux gpm, SuSE gdm, Slackware fdmount, XFree86 Multiple distribution vulnerability, Red Hat Secure Web Server 3.0-3.2: mailmail, Qpopper Vulnerability, Mandrake 7 dump vulnerability, Mandrake xemacs vulnerability, Mandrake fdmount buffer overflow, Caldera buffer overflow in kdm, and Caldera DoS attack against X server.
7dfd070ef058e716f57228524f1de6980dc09e772cf2b571688d4489cf6a21e4conflict-DoS.c and conflictd.c are tools which spoof arp packets to make an annoying popup message appear on the target windows machine. It is faster to close all the boxes than reboot. Tested on FreeBSD 4.0. Uses libnet.
3052be4e41953d7b53d40912556f19985d90a258d2c2c9c779131052e107ad32Snuff is a packet sniffer for Linux 2.0/2.2 that can monitor many streams at once. It can also mail and wipe the log if reached a specified size.
20ada8083a2c773baff8cb842960c41146ad942dfe604084482ae24470262a29ECrack v0.1 - Energymech (StarGlider Class - IRC bot) brute force password cracker. Tested with emech-2.7.6 but should work with other versions also.
965bcadb702864ba2de652dc0a30c9932d3974a698c74d705f69c326931d9e6eHunt (linux binary distribution) is a program for intruding into a tcp connection, watching it and resetting it. It can handle all connections it sees. Features: Connection Management - setting what connections you are interested in, detecting an ongoing connection (not only SYN started), Normal active hijacking with the detection of the ACK storm, ARP spoofed/Normal hijacking with the detection of successful ARP spoof, synchronization of the true client with the server after hijacking (so that the connection don't have to be reset), resetting connection, watching connection; Daemons - reset daemon for automatic connection resetting, arp spoof/relayer daemon for arp spoofing of hosts with the ability to relay all packets from spoofed hosts, MAC discovery daemon for collecting MAC addresses, sniff daemon for logging TCP traffic with the ability to search for a particular string; Packet Engine - extensible packet engine for watching TCP, UDP, ICMP and ARP traffic, collecting TCP connections with sequence numbers and the ACK storm detection; Switched Environment - hosts on switched ports can be spoofed, sniffed and hijacked too; much, much more. Requires Linux 2.2, GlibC 2.1 with LinuxThreads, Ethernet.
ac19041b44e008c04d61ff7f5b5814d6dca222360f7b72d642db09ae5b89b9b3Hunt is a program for intruding into a tcp connection, watching it and resetting it. It can handle all connections it sees. Features: Connection Management - setting what connections you are interested in, detecting an ongoing connection (not only SYN started), Normal active hijacking with the detection of the ACK storm, ARP spoofed/Normal hijacking with the detection of successful ARP spoof, synchronization of the true client with the server after hijacking (so that the connection don't have to be reset), resetting connection, watching connection; Daemons - reset daemon for automatic connection resetting, arp spoof/relayer daemon for arp spoofing of hosts with the ability to relay all packets from spoofed hosts, MAC discovery daemon for collecting MAC addresses, sniff daemon for logging TCP traffic with the ability to search for a particular string; Packet Engine - extensible packet engine for watching TCP, UDP, ICMP and ARP traffic, collecting TCP connections with sequence numbers and the ACK storm detection; Switched Environment - hosts on switched ports can be spoofed, sniffed and hijacked too; much, much more. Requires Linux 2.2, GlibC 2.1 with LinuxThreads, Ethernet.
a8a1978f3bd05ca3f01c168c13c9a09b1e1e9038c14fdfe43694c07fe3a0e328SuSE Security Announcement - A local security hole was discovered in the KDE CD player, kmulti here.
3d6e3eea20f253e2d757f141b870e0c57ded66217a446d1cc10dd0bab9e94906Remote Cart32 exploit - Though L0pht released an advisory and patch for the well known Cart32 bug, this is the first exploit released to date. Allows remote command execution.
b15ca1584e4ea0d26f2e39fd6253fdaeb6ec98bcc198aec4914a379e204b8f61execve-shell.tar.gz allows you to easily create linux x86 shellcode that execs any command you supply.
0cc554a1bcbc9a9ef9026428188060ef14886a2ba40aad275be5201d08d7fe39The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off online and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.
b54064449b6376c3b81a85031039ae49f5858dfc74fa9ca581700b1b8d7ed257Ippl is a configurable IP protocols logger. It currently logs incoming ICMP messages, TCP connections and UDP datagrams. It is configured with Apache-like rules and has a built-in DNS cache. It is aimed to replace iplogger.
80af6f04b5e510e4fdc8b8bea354f898bf66e3f14b61c8f0c232304dcbd0309fIppl is a configurable IP protocols logger. It currently logs incoming ICMP messages, TCP connections and UDP datagrams. It is configured with Apache-like rules and has a built-in DNS cache. It is aimed to replace iplogger.
49c7a697c6c9e1cd92d7935bb8702b9c0fdcbb4f6e7ddea60ce52f00e85b8bc0Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), and TCP/IP fingerprinting (remote host operating system identification). Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence predictability characteristics, sunRPC scanning, reverse-identd scanning, and more.
97ccdbe36d2b7fd01c3a0e0f067f07649d00ff8b154d81e289bb06293aa4dbf6Sniffit 0.3.7 beta for Windows NT/2000. This package requires winpcap, available here.
5dc0e9d0adc84ccbf869ea5f754045ebeeed46d2098aaf33f29da5f15c585098jolt2.c exploits the recent "IP Fragment Reassembly" Windows remote denial of service vulnerability described in here.
9c74ccde3ad936b28eeb3cbda652ab7c06bff0cb11932e31ee5ca38d6e17d3c6Elm 2.5 PL3 exploit tested under linux Slackware 3.6, 4.0, 7.0.
b1de465cf7dc580d8cf33db3c0c853843c58120a663d26845e8f21b66cc0db145niffi7.c - Remote root exploit for sniffit (-L mail) 0.3.7.beta on Debian 2.2. Includes a detailed explanation of how the exploit works.
024ddcc5e92f17b5a21a0b1e29b8e09fbda58d5ab78d29e5646d0557c2a197ffGauntlet firewall remote proof of concept code, tested against BSDI.
e083c880ad28d303ffd72c300afb16fe308a4792b9bb9ff3042cfa2e79c3b4d2/usr/bin/xaos local root buffer overflow exploit. Works on suse 6.1, and could be modified for 6.2.
41063c66d14d76b252432334dc2031dd8d874cf94f253caf555c2a55974289a0The thttpd web server comes with a CGI script called /cgi-bin/ssi which allows any file on the system to be read. Exploit URL included.
25679f8183d70073b7bf52ab21666b2b31569ed14056ca67fae4e26e726dd272elm_again.c exploits another buffer overflow in elm v2.5 giving a gid=12 shell if /usr/bin/elm is SGID. Tested on Slackware 3.6 and RedHat on elm2.5PL3.
a63af30bfc97eb80e07b9f38915a5c778463721196ce3c7f4a6bf9172b6729c7Cerberus Information Security Advisory (CISADV000524a) - The Cerberus Security Team has discovered a serious security flaw with Rockliffe's MailSite Management Agent for Windows (version 4.2.1.0). This server allows remote users to access their POP3 accounts and read their mail over HTTP. The service usually listens on TCP port 90. Unfortunately there exists a buffer overrun vulnerability that allows attackers to execute arbitrary code. As this service runs as system, by default, any code executed will run with system privileges - meaning any server running this agent could be fully compromised.
201140e806c2e3d3ec0bd2fb4cfda30b1743e7b0fd7054bcce93c848c6ca1a7aA popular CGI web page acess counter, version 4.0.7 by George Burgyan permits execution of arbitrary commands as a result of unchecked user input. Commands are executed as the same permission of the webserver.
94ace7ee3453cc97474d0f764a764949d5e6287f3e4ff04fcae1b290ca7c34b5oot-Tail v0.0.6 is a program which tails a text file and displays the information directly to the root window of your desktop transparently, which means without window frames or windows. It is an extremely handy program for monitoring /var/log/secure and /var/log/messages while you run X. This program will even trail different files and display them in different colors.
2478abda73cd314182f5e2d0083718db379b0f9ae53ceb39004d4adc2287b22dKSnuffle is a network packet sniffer for KDE. It supports multiple concurrent sniffers, packet filtering (aka tcpdump), event triggers and commands, text and binary logging (and replay), remote sniffing (via a demon process), and dynamically loadable plugins. Network traffic is displayed graphically and in detail; supplied plugins summarise traffic by direction (incoming, outgoing), source, and destination.
a9033b5c56e9381653e48ca7618a3f9b81550031dff190ee10fa20f83f6488df
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed