OpenBSD ftpd unofficial patch - The patch released to remedy the problem with the 1 byte overflow problem was junk, to remedy i recoded the original ftpd.c file with the fix. This takes the bite out of fixing this problem. Replace the original ftpd.c with this and recompile.
f19e7b22d424c83f3307f0c01b0a5fb8088df00d3f3e6247a3a9fa902f059d43Microsoft Security Bulletin (MS00-098) - Microsoft has released a patch that eliminates a security vulnerability in Windows 2000 which allows malicious web site operators to learn the names and properties of files and folders on the machine of a visiting user. An ActiveX control that ships as part of Indexing Service is incorrectly marked as safe for scripting, thereby enabling it to be executed by web site applications. Microsoft FAQ on this issue available here.
dea039b3a54461433703185993d68742ed9c4f44655892b6dc44d7ef1927f45bThe ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicking browser behavior almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool. As a result, one can hijack heavily protected HTML forms, perform dictionary attacks on login forms, and do sophisticated CGI scanning.
368dd7c59b8d936b9255f164b4c02a0d05b0c90083e4be01c3d66ae90fdd80dcAchilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP sessions data in either direction and give the user the ability to alter the data before transmission. When in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
8d37fae5ec3403f353e17f27ec4f0ec69532b5c9cee582430c45452c1abbe21dMicrosoft Security Bulletin (MS00-099) - Microsoft has released a patch that eliminates a security vulnerability affecting Windows 2000 domain controllers. If the Configure Your Server tool was used when the machine was originally promoted to domain controller, the Directory Service Restore Mode would be left blank, allowing malicious users to log onto the machine in Directory Service Restore Mode. Once logged on, the malicious user could alter system components or install bogus ones that would execute when a bona fide administrator subsequently logged onto the machine. Microsoft FAQ on this issue available here.
097a2291b5054d4ff9e849dfa437e881e60c5ee292001b490388bc935ad40744FreeBSD Security Advisory - The ethereal port, versions prior to 0.8.14, contains buffer overflows which allow a remote attacker to crash ethereal or execute arbitrary code on the local system as the user running ethereal, typically the root user. These vulnerabilities are identical to those described in advisory 00:61 relating to tcpdump.
828d9cfad5c76c7fc333df6b49ded0d2f3b1ea88ab3e81fd1bddf8577f739383FreeBSD Security Advisory - The halflifeserver port, versions prior to 3.1.0.4, contains local and remote vulnerabilities through buffer overflows and format string vulnerabilities which allow remote users to execute arbitrary code as the user running halflifeserver.
27876be2ead88fd843b314f7f73a541d4c1743b24d63ebd0aa8adc22052508b3FreeBSD Security Advisory - The oops port, versions prior to 1.5.2, contains remote vulnerabilities through buffer and stack overflows in the HTML parsing code. These vulnerabilities may allow remote users to execute arbitrary code as the user running oops.
6b5297110c94a870cd6dd4a7328fcc42fc3c830171f96973fba0b7a54701dd6aStunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
5e30575cc63be30df6b4b637dd5e05ab0836a7fa95e367d067e9467d7e46bca6nscache is a simple program to browse the Netscape cache directory with a GTK UI. It shows the contents of the browser cache in a three level hierarchy of files: protocols, servers and documents or in sorted list. nscache permits you to view files from the cache, remove files, or gather various information about specific files.
df651862c22c4c0976cf3c5ee5ae6b2034297d5b5d99e50765a28d834f4c4ad9Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity.
265ef6d504ae0845cc74ac8071dd13d2d566681f45a60cdcf482172aaee828e5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed