Re: Solaris /usr/bin/cu Vulnerability

On Thu, Jan 18, 2001 at 11:57:12PM +0100, Konrad Rieck wrote: cu is only set setuid for the owner uucp and an attacker won't gain any special privileges, but he would gain access to the files in /etc/uucp. Michael H. Warfield: Correction... He does gain special privileges. He gains

Buffer overflow in bing

1. Abstract: There is an overflowable buffer in the bing (throughput meassurement tool) binary. 2. Details: --- The bing tool comes with various Linux distributions. On SuSE (at least 6.0-6.4) bing isn't installed by default, but if installed it will be suid root: 4556

Re: BugTraq: EFS Win 2000 flaw

Hello. Correct me if I'm wrong, but the use of programs that utilize direct disk access (such as DiskProbe) is restricted to the Local Administrator account (as per http://www.microsoft.com/windows2000/guide/professional/solutions/manageme nt.asp). If an would be attacker has this kind of

Re: MySQL 3.23.31 Overflow [exploit]

Hello... Here's a exploit for this... [See attached...] Regardz, Lus Miguel Silva aka wC Member of lonoss.org and unsecurity.org http://www.lonoss.org/ http://www.unsecurity.org/ http://www.ispgaya.pt/ Student Personal WebPage at: http://paginas.ispgaya.pt/~lms/ http://www.unsecurity.org/wC/

Immunix 6.2 OS Security update for glibc

--- Immunix OS Security Advisory Packages updated: glibc Effected products: Immunix OS 6.2 Bugs Fixed: immunix/1322 Date: January 19, 2001 Advisory ID:

Re: Buffer overflow in bing

On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote: The buffer overflowed is a 80 byte static local buffer: static char buf[80]; It is patched by default in FreeBSD's package collection. Here's the patch below (author: [EMAIL PROTECTED]). I have also issued a bugfix release

Re: Bug in SSH1 secure-RPC support can expose users' private keys

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 18 Jan 2001, Andy Polyakov wrote: In my environment I can *never* see key_encryptsession returning the success value in the lack of my secret key and I get "run keylogin" all the time... So that it must be something specific to Richard

Watchguard Firewall Elevated Privilege Vulnerability

I have found that the embedded Linux-based Watchguard Firebox II Firewall product range is vulnerable to read-write access using only a read-only passphrase. This gives a read-only user the ability to make changes to the firewall remotely without either authorization or a read-write passphrase.

Re: Solaris /usr/bin/cu Vulnerability

If i look at the output of find / -user uucp -xdev -ls on a freshly installed and patched solaris7, this seems enough for me to r00t the box. # find / -user uucp -xdev -ls 188616 55 -rws--x--x 1 uucp bin 56240 Jan 9 06:39 /usr/bin/tip 1887418 -r-xr-xr-x 1 uucp uucp

Re: BugTraq: EFS Win 2000 flaw

To the best of my knowledge, Peter Guttman(sp?) has demonstrated for years now that there is no form of over-writing which makes any substantial difference to the ability to recover previously written data from a computer hard disk. My understanding of current "high security" standards wrt the

Multiple Vulnerabilities In FaSTream FTP++ (+ ICS Tftpserver DoS)

=- Note: Be advised that below mentioned DoS can be traced back to TFtpServer. This is a (beta-)component of the "Internet Component Suite" for Delphi/C++ Builder, availble from http://www.overbyte.be. Other products using this component could be vulnerable, its creator has been notified. -- SNS

[pkc] format bugs in icecast 1.3.8b2 and prior

/* pkc004.txt */ -=[ SECURITY ADVISORY #004 ]=- _ ___ | \ [www.pkcrew.org] / \ \ |

def-2001-04: Netscape Enterprise Server Dot-DoS

== Defcom Labs Advisory def-2001-04 Netscape Enterprise Server Dot-DoS Author: Peter Grndl [EMAIL PROTECTED] Release Date: 2001-01-22

LocalWEB2000 Directory Traversal Vulnerability

Strumpf Noir Society Advisories ! Public release ! --# -= LocalWEB2000 Directory Traversal Vulnerability =- Release date: Friday, January 19, 2001 Introduction: LocalWEB2000 is a HTTP server for the MS Windows suite of operating systems. It's intended for use as an intranet server by small

eEye Iris the Network traffic analyser DoS

Hi there, There exists a vulnerability that will cause the iris network traffic analyser to hang. I have included an exploit, that will demonstrate the bug, the exploit will send a packet to the remote host, when the remote host opens the packet (to examine it) iris will quit, leaving an error

Trustix Security Advisory - glibc

Hi Trustix is, like many other linux distributions, based on Glibc 2.1.3 and is therefore open to the "preload hole" discussed in various postings to bugtraq and other lists. This is a local security hole, and all users of TSL should upgrade their boxes. MD5sums: 1.2:

def-2001-05: Netscape Fasttrack Server Caching DoS

== Defcom Labs Advisory def-2001-05 Netscape Fasttrack Server Caching DoS Author: Peter Grndl [EMAIL PROTECTED] Release Date: 2001-01-22

Re: MySQL Overflow + exploit [ops..sent a broken exploit :P]

Sorry, here's the REAL exploit =) Regardz, wC [Luis Miguel Silva] /* Linux MySQL Exploit by Luis Miguel Silva [aka wC] [EMAIL PROTECTED] 19/01/y2k+1 Compile: gcc MySQLXploit.c -o MySQLX Run with: You can specify the offset for the exploit passing it as

Security Update: security problems in webmin CSSA-2001-004.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ Caldera Systems, Inc. Security Advisory Subject:security problems in webmin Advisory number:CSSA-2001-004.0 Issue date: