Greetings,
OVERVIEW:
The Amanda backup package has a several vulnerabilities which
will allow any user to gain root privs.
BACKGROUND:
My tests were done ONLY on FreeBSD 3.3-RELEASE, though this is almost
certainly not the only vulnerable OS. A search for "amanda-2 and not
freebsd" on
--- Advisory RFP9906 - rfp.labs ---
Windows NT remote denial of service and compromise
(RFPoison)
-- rain forest puppy / [EMAIL PROTECTED] ---
Table of contents:
- 1. Problem
A new version of Stack Shield has been relased. It includes
the new protection for "function pointer" attacks and some
minor bug fixes.
http://www.angelfire.com/sk/stackshield
Vendicator
P.S. Finaly the "Detailed info" page on the site has been
added.
Avirt Mail Server 3.3a or 3.5 remotely exploitable buffer overflow
vulnerability
Problem:
We found a remotely exploitable buffer overflow in the Avirt Mail Server
3.3a and a D.o.S
in the version 3.5, (long USER / PASS:) that may allow an attacker to
execute arbitrary code on the target server.
Approved-By: [EMAIL PROTECTED]
X-Mailer: Internet Mail Service (5.5.2650.21)
Date: Sun, 31 Oct 1999 17:00:43 -0500
Reply-To: Technical discussions regarding security bugs that pertain
to Microsoft networks [EMAIL PROTECTED]
From: "Noël, Richard" [EMAIL PROTECTED]
I know the chatter on Bugtraq is usually reserved for UNIX and NT
issues, however I found a bug in the Mac OS 9 idle locking function
that's built-in to the operating system. It's possible to set up the
Finder so that, if the current user goes idle, the screen will be
locked. A simple
[...]
DETAILS:
Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls
/usr/bin/tar and passes all args given to runtar to this program. Tar is
thus run with root permissions and is vulnerable to all of the same
attacks on suid programs that it would have if it were suid
[EMAIL PROTECTED] wrote:
A new version of Stack Shield has been relased. It includes
the new protection for "function pointer" attacks and some
minor bug fixes.
http://www.angelfire.com/sk/stackshield
I'm intrigued by the claim to protect against function pointer attacks.
I read the
On Mon, 1 Nov 1999, Mike Eldridge wrote:
So, the current solution is to close all applications when locking your
session so that it is not possible to circumvent the logout process.
If you save all documents before locking the computer, that should work
also. Most apps will quit without a
[EMAIL PROTECTED] wrote:
This is almost true. This exploit can only be performed as the user amanda
is installed under (generally amanda, operator, or bin), because by
default the file has the following permissions:
$ ls -l /usr/local/libexec/runtar
-rwsr-x--- 1 root amanda 46568 Oct
Hey,
Is Bugtraq the right forum to report stupid
overflows in yet another shareware win95 mail/ftp
server, fetched from huge commercial crapware
repositories like download.com / shareware.com / others?
Everyone can download the newest software, connect
and look what happens when you send 7321
hi,
I confirmed a few exploitable buffer overflows in multiple suid's on an
earlier version of amanda on BSDI as well a while back. As I recollect
'runtar' was one of them.
I apologize that I cant provide anything more specific than this, but it
was some time ago and I misplace my notes on it.
PFPoison.exe will not affect your server if you unbind TCP/IP from the
NetBIOS interface. This is a basic NT security precaution and is even
recommended by Microsoft
(http://www.microsoft.com/security/products/iis/CheckList.asp). If you
really feel the need to implement windows file sharing or
As we've seen in the past couple of days, there has been a
number of defacments, including a microsoft support site,
and the ncsc. This advisory is rather old, but is worth
taking notice.
more and accurate information can be found at:
Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls
/usr/bin/tar and passes all args given to runtar to this program. Tar is
FWIW, runtar does not need to be suid root if the amanda user (defaults to
user "amanda") has read access to the raw disks. This is typically
I don't know is this tecnique is already known but since I
added a protection for it in Stack Shield I decided to post
it.
This is a "stack smashing" technique that allows to beat
StackGuard and Stack Shield (before the version 0.6).
It is simple: if a function with an overflowable buffer
16 matches
Mail list logo
