-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-01:26 Security Advisory
FreeBSD, Inc.
Topic: interbase co
On Mon, 12 Mar 2001, hhoogend wrote:
> Tested here on a netware 4.11 sp 8a network and yes you can login and got
> all inherited container rights. I think it
> works only on quebased printing systems and not on NDPS printing systems.
>
Verified it on 5.1. Also, we noticed that print servers crea
Dirk Bhagat <[EMAIL PROTECTED]> writes:
> > It is not well known, but Microsoft has given the source to universities
> > and research labs for some years now. There has been a web page at
> > research.microsoft.com concerning this matter and describing the
> > procedure to get the code. However, I
On Mon, Mar 12, 2001 at 09:50:08AM -0500, Steven M. Bellovin wrote on NANOG
> >Any details? Any incidents using the exploit guardent has
> >identified?
>
> Not to my knowledge...
>
> The folks at Guardent are talking to CERT and to various vendors about
> the problem before releasing any details.
Attached is a working exploit program for Linux-ix86.
You may or may not be vulnerable to this exploit
depending on a number of factors.
Better safe than sorry, remove post-query if you have it.
It is an example program designed to demonstrate how posting
to CGI works and as such isnt useful for
At 07:32 PM 3/9/2001 +0100, Fabio Pietrosanti (naif) wrote:
>Working with Cisco PIX Firewall i wrote some note about possible security
>problem of Cisco PIX .
>
>Attached the paper Cisco_PIX_Notes.txt :)
>
I also noticed the "received packet is not an IPSec packet" logging issue
when attacking th
On Sun, Mar 11, 2001 at 10:36:32PM +0100, Palmans Pepijn wrote:
> The problem is in the sub check_url:
> It sets $check_referer = 1 if there is no $ENV{'HTTP_REFERER'}
> Under normal conditions your server will always be able to get the HTTP_REFERER.
Not true. Many firewalls block Referer header
> I tried it on Netware 4.11 SP9. Logged in as the print server , but with
> limited access to resources. I didn't fully test after logged in, but it's
> possible.
> Brad B
NW4 was usually happy to let you log in as anything that had a valid
public/private keypair - print servers being a good exam
Yeah, i know it's foolish, but if someone needs it...
check out the attachment :) (no viruses/trojans inside)
but if i were you i'd check it anyway, :)
On Fri, Mar 09, 2001 at 06:58:32PM +0100, Kim Vanvaeck wrote:
> Lots of people have requested the SUQ.DIQ package since the closing of the
> SUQ
On Sat, Mar 10, 2001 at 05:43:43PM +, Michael Rawls wrote:
>I did a little playing with FormMail.pl after a run in with a spammer
> abusing our webserver. Apparently ALL FormMail.pl cgi-bin scripts can be
> used to spam anonymously. I found another server with FormMail.pl and
> tried the
Tested here on a netware 4.11 sp 8a network and yes you can login and got
all inherited container rights. I think it
works only on quebased printing systems and not on NDPS printing systems.
Regards,
Bert Hoogendoorn
[EMAIL PROTECTED]
On Fri, 9 Mar 2001, Derek Wilson wrote:
> Tested the Exploi
* Joel Sing wrote on Mon, Mar 12, 2001 at 15:05 +1100:
> In any case it wouldn't be difficult to send a fake referer as
> it's only a HTTP request header and the server is only
> believing what the client is telling it. Write a simple Perl
> script that sends a manipulated GET request with a fake
On Thu, Mar 08, 2001 at 01:36:23PM -0700, Vulnerability Help wrote:
> The information in this advisory was supplied by Chris Hughes
> <[EMAIL PROTECTED]>. This security advisory is not endorsed by
> Security-Focus.com.
>
> Vulnerability in Novell Netware
> Date Published: 03/08/01
> Advisory ID:
Version 2.16b is vulnerable to this attack as well.
My fix for this was to simply insert as line 45:
if($inhelpon =~ /\.\./) { &hackdetected; }
then at the bottome append:
sub hackdetected {
print "Content-type: text/plain\n\n";
print "sorry, this hole was patched :)\n";
print "you have been l
I don't believe this will work with NDPS printing - you'll need to create an old
fashioned queue-based setup.
A colleague showed this 'vulnerability' to me a little over 3 years ago on a
4.11 network. However, he was using his own software that was authenticating
via API calls, rather than via c
We've tested this exploit with NW 5.1 SP2a using a
queue based Print Server object.
We could login as the object with no password, but
the object only had public rights (ie, browse, compare
and read).
No volume scan, read or write rights.
Though it must have read rights to the print spool
lo
I tried it on Netware 4.11 SP9. Logged in as the print server , but with
limited access to resources. I didn't fully test after logged in, but it's
possible.
Brad B
On Fri, 9 Mar 2001, Derek Wilson wrote:
> Tested the Exploit on Netware 5.1 SP2 with the context and username set to the print
>se
Yeah, we actually had an incident of that long ago on our webservers, seems
a few people know about it. The problem is two-fold -
1) The FormMail program uses a referrer array as the ONLY security check
for calls to the program (which can be REALLY easily faked).
2) It allows the recipient em
Hi,
>I did a little playing with FormMail.pl after a run in with a spammer
>abusing our webserver. Apparently ALL FormMail.pl cgi-bin scripts can be
>used to spam anonymously. I found another server with FormMail.pl and
>tried the same exploit to send myself an email and it worked.
This app
Only with Public Access non-NDPS printers as far as I have been able to
determine.
Mike
> -Original Message-
> From: Derek Wilson [SMTP:[EMAIL PROTECTED]]
> Sent: å îøõ 09 2001 18:49
> To: [EMAIL PROTECTED]
> Subject: Re: [BUGTRAQ] Vulnerability in Novell Netware
>
> Tested the E
-[ Product: Ikonboard
-[ Version: 2.1.7b
-[ OS: Unix, NT
-[ Vendor: Notified, http://www.ikonboard.com
-=[ Summary ]=-
This is another bug in the Ikonboard.
Anyone can read any file on the remote system with
the privileges of the web server.
-=[ Problem ]=-
File: help.cgi
---[L.44]---
$inhelp
We have found numerous remotely exploitable buffer overflows in both
Icecast and Libshout, two popular packages for streaming audio. All
users of these packages are urged to upgrade immediately.
Patched versions of these packages are available as of March 11, 2001
from www.icecast.org. All vers
On Thu, 8 Mar 2001, Derek Kwan wrote:
> Dumb question... How's a FW going to prevent people connect to the web
> port and issue this kind of Infinite HTTP request?
>
> Unless the FW also have some kind of realtime IDS build into it to block
> traffic in realtime... Am I correct?
Depends on the f
The problem is in the sub check_url:
It sets $check_referer = 1 if there is no $ENV{'HTTP_REFERER'}
Under normal conditions your server will always be able to get the HTTP_REFERER.
simple solution is: change the 1 into a 0 after the else {
---snip---
sub check_url {
# Localize the check_ref
Title: An informal analysis of vendor acknowledgement of vulnerabilities
Authors: Steve Christey ([EMAIL PROTECTED])
Barbara Pease ([EMAIL PROTECTED])
Date: March 11, 2001
Many disclosure debates focus on researchers who discover
vulnerabilities. Little attention is given to the impact
25 matches
Mail list logo
