On Thu, Jan 18, 2001 at 11:57:12PM +0100, Konrad Rieck wrote:
cu is only set setuid for the owner uucp and an attacker won't gain any
special privileges, but he would gain access to the files in /etc/uucp.
Michael H. Warfield:
Correction... He does gain special privileges. He gains
1. Abstract:
There is an overflowable buffer in the bing (throughput meassurement
tool) binary.
2. Details:
---
The bing tool comes with various Linux distributions. On SuSE (at least
6.0-6.4) bing isn't installed by default, but if installed it will be
suid root:
4556
Hello.
Correct me if I'm wrong, but the use of programs that utilize direct disk
access (such as DiskProbe) is restricted to the Local Administrator
account (as per
http://www.microsoft.com/windows2000/guide/professional/solutions/manageme
nt.asp). If an would be attacker has this kind of
Hello...
Here's a exploit for this...
[See attached...]
Regardz,
Lus Miguel Silva aka wC
Member of lonoss.org and unsecurity.org
http://www.lonoss.org/
http://www.unsecurity.org/
http://www.ispgaya.pt/ Student
Personal WebPage at:
http://paginas.ispgaya.pt/~lms/
http://www.unsecurity.org/wC/
---
Immunix OS Security Advisory
Packages updated: glibc
Effected products: Immunix OS 6.2
Bugs Fixed: immunix/1322
Date: January 19, 2001
Advisory ID:
On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote:
The buffer overflowed is a 80 byte static local buffer:
static char buf[80];
It is patched by default in FreeBSD's package collection. Here's
the patch below (author: [EMAIL PROTECTED]).
I have also issued a bugfix release
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 18 Jan 2001, Andy Polyakov wrote:
In my environment I can *never* see key_encryptsession returning the
success value in the lack of my secret key and I get "run keylogin" all
the time... So that it must be something specific to Richard
I have found that the embedded Linux-based Watchguard Firebox II
Firewall product range is vulnerable to read-write access using only a
read-only passphrase. This gives a read-only user the ability to make
changes to the firewall remotely without either authorization or a
read-write passphrase.
If i look at the output of find / -user uucp -xdev -ls on a freshly
installed and patched solaris7, this seems enough for me to r00t
the box.
# find / -user uucp -xdev -ls
188616 55 -rws--x--x 1 uucp bin 56240 Jan 9 06:39 /usr/bin/tip
1887418 -r-xr-xr-x 1 uucp uucp
To the best of my knowledge, Peter Guttman(sp?) has demonstrated for years
now that there is no form of over-writing which makes any substantial
difference to the ability to recover previously written data from a computer
hard disk.
My understanding of current "high security" standards wrt the
=-
Note: Be advised that below mentioned DoS can be traced back to
TFtpServer. This is a (beta-)component of the "Internet Component
Suite" for Delphi/C++ Builder, availble from http://www.overbyte.be.
Other products using this component could be vulnerable, its creator
has been notified. -- SNS
/* pkc004.txt */
-=[ SECURITY ADVISORY #004 ]=-
_ ___
| \ [www.pkcrew.org] / \
\ |
==
Defcom Labs Advisory def-2001-04
Netscape Enterprise Server Dot-DoS
Author: Peter Grndl [EMAIL PROTECTED]
Release Date: 2001-01-22
Strumpf Noir Society Advisories
! Public release !
--#
-= LocalWEB2000 Directory Traversal Vulnerability =-
Release date: Friday, January 19, 2001
Introduction:
LocalWEB2000 is a HTTP server for the MS Windows suite of operating
systems. It's intended for use as an intranet server by small
Hi there,
There exists a vulnerability that will cause the iris network traffic analyser to hang.
I have included an exploit, that will demonstrate the bug, the exploit will send a
packet to the remote host,
when the remote host opens the packet (to examine it) iris will quit, leaving an error
Hi
Trustix is, like many other linux distributions, based on Glibc 2.1.3
and is therefore open to the "preload hole" discussed in various
postings to bugtraq and other lists. This is a local security hole,
and all users of TSL should upgrade their boxes.
MD5sums:
1.2:
==
Defcom Labs Advisory def-2001-05
Netscape Fasttrack Server Caching DoS
Author: Peter Grndl [EMAIL PROTECTED]
Release Date: 2001-01-22
Sorry, here's the REAL exploit =)
Regardz, wC [Luis Miguel Silva]
/*
Linux MySQL Exploit by Luis Miguel Silva [aka wC]
[EMAIL PROTECTED]
19/01/y2k+1
Compile:
gcc MySQLXploit.c -o MySQLX
Run with:
You can specify the offset for the exploit passing it as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
Caldera Systems, Inc. Security Advisory
Subject:security problems in webmin
Advisory number:CSSA-2001-004.0
Issue date:
19 matches
Mail list logo