Books & Papers Security Vulnerabilities

Unsafe Signal Handling in Sendmail

RAZOR advisory: Unsafe Signal Handling in Sendmail Issue Date: May 28, 2001 Contact: Michal Zalewski <[email protected]> Topic: Sendmail signal handlers used for dealing with specific signals are vulnerable to numerous race conditions. Affected Systems: Any systems running sendmail.....

Advisory CA-2001-09

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-09 Statistical Weaknesses in TCP/IP Initial Sequence Numbers Original release date: May 01, 2001 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected * Systems using TCP...

CFINGERD remote vulnerability

Hi Following the recent habits, I break the advisory into 4 parts: OVERVIEW: There is a critical bug in cfingerd daemon <= 1.4.3, (a classic format bug) that makes possible to acquire full control over the remote machine if it runs the cfingerd program, the configurable and secure finger daemon....

Multiple TCP/IP implementations may use statistically predictable initial sequence numbers

Overview Attacks against TCP initial sequence number generation have been discussed for some time now. It has long been recognized that the ability to know or predict ISNs can lead to TCP connection hijacking or spoofing. What was not previously illustrated was just how predictable one...

SSH authentication agent follows symlinks via a UNIX domain socket

Overview Older versions of SSH allow local attackers to to establish ssh sessions as the victim user without authentication. Description The text of this document was originally released on January 20, 1998, as SNI-23, developed by Secure Networks, Inc. (SNI). To more widely broadcast this...

bindview.naptha.txt

...

IIS HACKING

Hi Folks, i have just compiled the well-known IIS tricks. I hope it will be helpful for securing your server. any comment,suggestion or insult...? wellcome MAB- SECURING IIS by BREAKING ===================================================== by...

Linux news 3.07.00

WU-FTPD 2.6.1 Вышла новая версия популярного FTP сервера WU-FTPD - WU-FTPD 2.6.1. В данной версии появилась поддержка virtual passwd/virtual shadow как в BeroFTPD. Кроме того пофиксен серьезный security баг, благодаря которому пользователь мог получить права root-а. Также пофиксен баг с возможной.....

Linux news 07.05.00

Linux kernel 2.2.15aa1 Вышла новая и первая версия ядра из серии Linux kernel 2.2.15aaxx. Это ядро предназначено, прежде всего, для больших и мощных серверов с большим объемом RAM. Подробнее: http://linuxtoday.com/stories/21325.html The Real Microsoft Killer: Open File Formats Cтатья обращает...

glFTPd 1.17.2 - Code Execution

...

glFTPd 1.17.2 - Code Execution

glFTPd 1.17.2 - Code...

cybercash.cc.txt

...

fwtk.gauntlet.random.seed.txt

...

iishack.asm

...

ssh-insertion-attack.txt

...

eEye.retina.vs.iis4.txt

...

wingate.3.0.txt

...

ms.office.ole.samples.txt

...

tmp-advisory.txt

...

process.table.attacks.txt

...