Packet Storm new exploits for April, 2003.
31c9e6c9d8582f6aca72f21d5e0406005516f63c17fe7cad6b90dc9ccac51305Remote root exploit for PoPToP, the PPTP server designed for Linux, versions 1.1.4-b3 and below. Fixed by blightninjas. Original code by einstein.
7b259fb68ba2f2394efa8a75f26c214b7561cd714f3e1726df283dfa4947ffe2Remote root exploit for Sendmail 8.12.8 and below that makes use of the vulnerability in prescan(). Note: This exploit is crippled and needs to be fixed.
b3c08d4687af2292f82e2d9dac63e977ef8497f5afbf665b31499dbc02ad22baRemote root exploit for Sendmail 8.12.8 and below that uses the vulnerability in crackaddr().
939cd7761692b6a6fdd91b9b6e74d8c5e902c6f7530d6acd1c651d71efcfc833Local root exploit for Qpopper v4.0.x poppassd that utilizes the ability to set the smbpasswd path.
ce5f5d341e016678062e1b6bd29ac00f6270e383375a46773cf0166a0247087fSamba 2.2.x Remote root exploit. Tested against RedHat 8.0.
13c39033253a9725ddb7ac8cf13eb639cca2208e1d16c19ff60bf316d0a4fbeeUpdated version of the remote root exploit for Realserver 8 on several Windows platforms.
faac60e3244b42b5c4ede35ae529a0d44f8df9e59b986f1e0455c38db816a155A problem exists in True Galerie v1.0 that allows a remote attacker to obtain administrative access to this utility due to misuse of cookies.
d60704ec2fd8a3caefc2462af52a5c5019ab052febae606e69424fa837d5ec1aLocal root exploit for a stack overflow discovered in the linux-atm binary /usr/local/sbin/les.
f1c32981886e6334e7424c657577e8ff9d0eb02412a12110472003cb93a561e8Snort 1.9.1 and below remote exploit. Related CERT Advisory is here. Tested on Slackware 8.0.
6fb5c8a0246dcb6a64973e1f4f80cc826590cb7b7f3484e6026b64722e722d57SAP DB is vulnerable to a race condition during installation. The installer creates a world writable file that gets compiled and then is setuid to root. If a local attacker can overwrite the file in the alloted time-frame they will be able to escalate their privileges.
133ef0c808730e0896b10d01e7b0daaaf775415dcf0f90ca80ffebe268a51845The Xeneo Web Server v2.2.9.0 is vulnerable to a Denial of Service attack when a GET request with 4096 ?'s are received. Tested against Windows XP Pro SP1 and Windows 2000 SP3.
da3a642b7f36b1639ffe07503652d7ffe8dcb8c31823a7b41ba1daffd75e0227AN HTTPd versions 1.42h and prior ships with a script called count.pl which allows remote attackers to use a directory traversal attack to overwrite the contents of files on the system.
a74b48909192b5c91b042611f88dcec0fb0d56626236be2a2851014e83d805c1PT News v1.7.7 allows access to administrator functionality without authentication via news.inc which is included in the index.php file.
19a14860edc87b027dcbf04677ec6da894af40a35495ef42885e005193b55ad5mod_ntlm is the Apache module for versions 1.3 and 2.0 which gives Apache the ability to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. The log() function contains two remotely exploitable vulnerabilities. Both a heap overflow and an incorrect call to ap_log_rerror() allow for arbitrary code execution.
802cd05c619e98126a7d5192a17c55f423eeb343fb55248fd94b28417e566c3dThe Monkey HTTPd v0.6.1 web server is vulnerable to a remote buffer overflow in the handling of forms submitted with the POST request method. The unchecked buffer lies in the PostMethod() procedure.
0301f75e2783269edb2b7a6fa9c640c16ea311a21771c827602cb320b112c4d0BadBlue web server versions 2.15 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The ext.dll that allows pages parsing with the LoadPage command attempts to prevent remote users from accessing .hts pages by checking the 'referer' HTTP header of requests, and also verifying that all requests for .hts pages originate from 127.0.0.1 (the loopback). By appending certain illegal characters to the requested filename, it is possible to cause BadBlue to interpret .hts files from a remote system, thereby yielding administrative control of the server to the attacker.
7c9fcc98b57a0be0b7411ecaa6864241a66336a2bf516c6147bd84a47cdcbafbRemote exploit written in Perl for the Twilight Utilities TW-WebServer that is vulnerable to a denial of service attack by a long HTTP GET request.
5b78819f77d10006a5044fc9c98d823f9fdea06bd35a18fb71f025f700d55c14Remote exploit written in C for the Twilight Utilities TW-WebServer that is vulnerable to a denial of service attack by a long HTTP GET request.
5af8bdb45687457c4bf9c6f394b6c9c89b07f12bfa6f277f4d309a52156f5f9fFreeBSD and OpenBSD remote Samba v2.2.x call_trans2open i386 buffer overflow exploit. Tested against OpenBSD 3.0 and FreeBSD 4.6.2-RELEASE with Samba v2.2.x. Includes support for target brute forcing. Information about the vulnerability is available here.
f677c9d6fb78104c365cb38722fea0540f263fc2adf56d38ded0fbb35c2f2573Local exploit for sendmail 8.11.6 which takes advantage of the vulnerable prescan() function which allows users to input 0xff to skip the length check of the buffer. Includes targets for Slackware 8.0, Redhat 7.2, and Redhat 7.3.
6c7b5fd249e10c235502380844b5482f60d098427bce8782f3b77db91c26779fThe iWeb Mini Web Server for Microsoft Windows NT/XP/9x fails to properly filter GET requests for ../ which inadvertently allows for directory traversal attacks.
6ce10e43f843cb8ad2a3305c6266bc89425c7dd960f8c920082e65b225e2d75dLocal root exploit for the Linux 2.2 and 2.4 kernels that have a flaw in ptrace where a kernel thread is created insecurely. This version escalates user privileges to root without the necessity of needing access to /proc.
b0e58bf1636e1ed7127ff9fe1fe6ab6fef49beedebacd19bbea33c9715f82bf3Remote root exploit for Samba 2.2.x and prior that works against Linux (all distributions), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x and 3.2 non-executable stack). It has a scanning abilities so a range of machines can be penetration tested at once on a network.
d6672353da22242d8fc89098e6e31eb2c358a76ff09164f2b7f0f5060a5f0c03A directory traversal bug exists in the QuickFront webserver that allows remote attackers to gain access to system files. Version affected: 1.0.0.189.
fd6ebb0828f5cb6e82c9eee40aa6c2ec59a5dc98c91a65464b19819116f6bf26
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed