S.A.F.E.R. Security Bulletin 010125.DOS.1.5 - Remote users can crash Netscape Enterprise Server by sending "REVLOG / HTTP/1.0".
bcbac6b73e719d6616d1e1851da6d457f568a7ce545c3c6e33a6048ce1c0acee
Naptha v1.1 is a denial of service attack against many OS's which uses established TCP connections to create a resource starvation attack. Includes three tools - bogusarp makes a bogus entry in the router's arp cache so it actually puts packets with our faked source address on the Ethernet, synsend, and srvr which replaces ackfin from Naptha 1.0. Tested against Windows 95, 98 and NT4 and more. Compiles on Linux 2.2.x, OpenBSD 2.7, FreeBSD 4.0.
5e9a1ecb83ce88598a70eb891593de41f1d521c357bb903418539c2af1203ad1
Glibc prior to v2.1.9x allows local users to read any file. This shell script exploits this bug using the Openssh-2.3.0p1 binary. Tested against Debian 2.3 and Redhat 7.0.
2d457aea08bb212a673eba42f38cd71b80a69cfa337478e974be158a3d4ea4f9
/usr/bin/write overflow proof of concept exploit - Tested against Solaris 7 x86.
c16ac5bdc4e051947b73224fd9ce4ee3520b8642faad979a56aa2d408efed275
Due to a various race conditions in the init level editing script /sbin/rctab it is possible for any local user to overwrite any system's file with arbitrary data. This may result in denial of service attack, local or even remote root compromise, if root runs the /sbin/rctab script. Tested against SuSE 7.0.
fc19e225e62f6f5c2e025ec29e9a8a3f1627d65e3092f30765ef013a8834d294
SCO OpenServer v5.0.5 /usr/bin/mscreen local exploit.
46e2112f1ac589a1dd162f6987291786829b758ff1f0dcfb9a92ed98a4c809ba
Tru64 (OSF/1) /usr/bin/su local exploit - Works if executable stack is on.
f67306c7d5e8a80b0d9dd9ec31f5862dc99315e27b96ffd753df2a04197de25e
Microsoft Security Advisory MS01-003 - Users who have interactive logon access to a Microsoft Windows NT 4.0 server can deny network access by running a program which monopolizes the Winsock mutex, which has its permissions set too weak. The machines most likely to be affected would be terminal servers. Microsoft FAQ on this issue available here.
f835a158f02a1920755bb70d072f95e75099c6e1d36135452a20cc448b2b4cb7
FreeBSD ipfw+ECE proof of concept code - Using FreeBSD divert rule, all outgoing traffic will have the ECE flag added to it, bypassing ipfw if it passes established connections.
3b3c1522f51acfd836de24641b6920925238d5ad476f2116a2c8a01ab169e4e2
Netscape Enterprise Server 4.0 remote root exploit - Tested against Sparc SunOS 5.7.
5962857e51380ddd9c8779fffaabc0d7d0b7a29097786414f377c5d1d18e92db
Debian Security Advisory DSA-021-1 - The mod_rewrite module for Apache has a remote vulnerability which may allow a remote attacker to gain access to arbitrary files. Users of the mod_rewrite module are advised to upgrade. In addition, htdigest and htpasswd use tempfiles insecurely. Since they are not setuid, impact is minimal.
88043368fb96878494320a4cb29b4290b5feb054f3162285d350b690c3d9ea00
Ipaudit records and displays network activity. It is useful for identifying high bandwidth users, intrusive telnet sessions, denial of service attacks, and scans. Ipaudit stores counts of bytes and packets for every combination of host/port pairs and protocol. It also includes scripts which automatically generate webified reports, CGI scripts which organize web presentation, and the utilities "total" and "ipstrings" which can be used to investigate network traffic records from the command line.
82c47fba296e93ee50b0a033e0689d4c3fbc08ebd6e1026dcd7f069a05d0e872