OpenSSH Security Advisory (adv.token)

2002-04-22 Thread Niels Provos
A buffer overflow exists in OpenSSH's sshd if sshd has been compiled with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH compiled

FreeBSD Security Advisory FreeBSD-SA-02:23.stdio

2002-04-22 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- = FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure

STANFORD CONFERENCE ON VULNERABILITY DISCLOSURE: Early Reg to Close Soon! (fwd)

2002-04-22 Thread Adam Shostack
- Forwarded message from Jennifer S. Granick [EMAIL PROTECTED] - X-Sender: [EMAIL PROTECTED] Date: Wed, 17 Apr 2002 10:05:27 -0800 To: [EMAIL PROTECTED] From: Jennifer S. Granick [EMAIL PROTECTED] Subject: STANFORD CONFERENCE ON VULNERABILITY DISCLOSURE: Early Reg to Close Soon! The

Redux: NIDS, fragrouter, and off-topic sanity [WAS: Snort exploit]

2002-04-22 Thread Greg Shipley
I was browsing last week's BUGTRAQ posts and found the thread on Snort, fragrouter, and the supposed perils of NIDS evasion interesting. Not because these were necessarily ground-breaking topics, but more because I'm amazed that people consider NIDS evasion, well, news. Marty's comment about

Slrnpull Buffer Overflow (-d parameter)

2002-04-22 Thread Alex Hernandez
Slrnpull Buffer Overflow (-d parameter) === Author: ** Alex Hernandez [EMAIL PROTECTED] ** Thanks all the people from Spain and Argentina. ** Special Greets: White-B, Paco Spain, Gabriel M. Thanks friends for all the research: + Solar Eclipse

psyBNC 2.3 DoS / bug

2002-04-22 Thread nawok
psyBNC 2.3 DoS / bug :: Description psyBNC (http://www.psychoid.lam3rz.de/psybnc.html) has a problem dealing with oversized passwords, making it possible to tie up all the connection slots and consume alot of CPU on the server. :: Exploit Create a program to do the

Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio

2002-04-22 Thread Theo de Raadt
Topic: insecure handling of stdio file descriptors They didn't say so, but this work was obviously based on: RCS file: /cvs/src/sys/kern/kern_exec.c,v ... revision 1.20 date: 1998/07/02 08:53:04; author: deraadt; state: Exp; lines: +38 -1 for sugid procs ensure that fd 0-2 are

Pine Internet Advisory: Setuid application execution may give local root in FreeBSD

2002-04-22 Thread Patrick Oonk
-BEGIN PGP SIGNED MESSAGE- - Pine Internet Security Advisory - Advisory ID : PINE-CERT-20020401 Authors : Joost Pol

Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio

2002-04-22 Thread bert hubert
Credits:Joost Pol [EMAIL PROTECTED] Joost rules. And my apologies to Pine for always being late paying my bills. Sorry :-) This is a simple test, executing a setuid process with filedescriptor 2 closed, and then opening a file and seeing what fd it gets. Linux 2.2.16RedHat AXP

ALERT! ALERT! ALERT! ALERT! ALERT! hehehehe ;Pppppp

2002-04-22 Thread gobbles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Attached is advisory + local root exploit for screen 3.9.11. Save yourself! Love, GOBBLES Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/

AIM Remote File Transfer/Direct Connection Vulnerability

2002-04-22 Thread Sil
AIM Remote File Transfer/Direct Connection Vulnerability I Discovered this vulnerability while I was port scanning my brother(April 15th, 2002), he just happened to send me a file and the port scan connected and received the file instead of me... The next day(April 16th, 2002) I

Philip Chinery's Guestbook 1.1 fails to filter out js/html

2002-04-22 Thread Markus Arndt
Target: Philip Chinery's Guestbook 1.1 (maybee older versions?) Vendor: http://www.sector7g.de.vu Notified Vendor: Sure Affected Systems: Webservers that run Philip Chinery's Guestbook 1.1 Found by: Markus Arndt[EMAIL PROTECTED] Short Description: Philip Chinery's Guestbook 1.1 fails

Matu FTP remote buffer overflow vulnerability

2002-04-22 Thread Kanatoko
Matu FTP remote buffer overflow vulnerability /*--- Description ---*/ Matu FTP is a Japanese FTP client software for Win32 Platform. We found an exploitable buffer overflow problem in Matu FTP Version 1.74. The buffer overflow occurs when a long

arp problem

2002-04-22 Thread BartĀ³omiej
Hi, I have a small problem. Situation: We have linux box running kernel 2.4 with 2 NICs. Let`s assume that eth0 IP 10.1.1.1/8 MAC 11:11:11:11:11:11, eth1 IP 192.168.0.1/24 MAC 22:22:22:22:22:22 We can even safely set the eth1 interface down, remove a patchcord from this

vqServer Demo Files Cross-Site Scripting

2002-04-22 Thread Matthew Murphy
vqServer is a Windows web server written in Java. It is an innovative product, with support internally for Servlets, and external support for many kinds of CGI, (EXE, Perl, ...) However, some of the examples shipped in a default configuration of vqServer contain multiple cross-site

Re: Cross site scripting in almost every mayor website

2002-04-22 Thread Berend-Jan Wever
Been there, done that. I have successfully created a worm and tested it before trying to report this to McAfee, they do the vrus scanning for hotmail. I got a you are not a registered user auto-reply and they ignored my messages because I wasn't in their files ;( too bad for them.

Lil' HTTP Server Directory Traversal Vulnerability

2002-04-22 Thread Matthew Murphy
Lil' HTTP Server is a Windows HTTP server that supports several features in a relatively compact application. It is vulnerable to a classic (stupid) attack: http://[target]/../../windows/win.ini This link will read WIN.INI on Windows 95/98/Me, and with a slight modification (winnt instead of