Mandrake Linux Security Advisory : openssh (MDKSA-2000:068-1)

A vulnerability exists with all versions of OpenSSH prior to 2.3.0 with regards to the X11 forwarding and ssh-agent. If agent or X11 forwarding is disabled in the ssh client configuration, the client does not request these features during session setup. However, when the ssh client receives an...

Microsoft - SMB Server Trans2 Zero Size Pool Alloc (MS10-054)

!/usr/bin/env python import sys,struct,socket from socket import if lensys.argv=2: print '' print ' MS10-054 Proof Of Concept by Laurent Gaffie' print ' Usage: python '+sys.argv0+' TARGET SHARE-NAME No backslash' print ' Example: python '+sys.argv0+' 192.168.8.101 users' print '...

CVE-2010-1642

The replysesssetupandXspnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service process crash, via a \xff\xff security blob length in a Session Setup AndX request...

DEBIAN-CVE-2010-1635

The chainreply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service NULL pointer dereference and process crash via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request wit...

DEBIAN-CVE-2010-1642

The replysesssetupandXspnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service process crash, via a \xff\xff security blob length in a Session Setup AndX request...

Null pointer dereference

The chainreply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service NULL pointer dereference and process crash via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request wit...

CVE-2010-1635

The chainreply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service NULL pointer dereference and process crash via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request wit...

CVE-2010-1642

The replysesssetupandXspnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service process crash, via a \xff\xff security blob length in a Session Setup AndX request...

CVE-2010-1635

The chainreply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service NULL pointer dereference and process crash via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request wit...

CVE-2010-1642

The replysesssetupandXspnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service process crash, via a \xff\xff security blob length in a Session Setup AndX request...

Samba 3.4.73.5.1 - Denial of Service

Samba 3.4.73.5.1 - Denial of Service =============================================================================== stratsec Security Advisory: SS-2010-005 =============================================================================== Title: Samba Multiple DoS Vulnerabilities Version: 1.0 Issue...

SMB NativeLanMan

It is possible to extract OS, domain and SMB server information from the Session Setup AndX Response packet which is generated during NTLM authentication. SPDX-FileCopyrightText: 2009 LSS SPDX-FileCopyrightText: New detection methods / pattern / code since 2009 Greenbone AG Some text descriptions...

Microsoft Windows - DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption

!/usr/bin/python MS Windows DCE-RPC svcctl ChangeServiceConfig2A 0day Memory Corruption PoC Exploit Bug discovered by Krystian Kloskowski h07 Tested on Windows 2000 SP4 Polish all patches Requires.. - Impacket : http://oss.coresecurity.com/projects/impacket.html - PyCrypto :...

Microsoft Windows - Wkssvc NetrJoinDomain2 Stack Overflow (MS06-070)

/ Microsoft Windows Wkssvc NetrJoinDomain2 Stack OverflowMS06-070 Exploit by cocoruderfrankruderathotmail.com,2006.11.15 page:http://ruder.cdut.net/default.asp Code fixed by S A Stevens - 17.11.2006 - changed shellcode, Changed code to correct jmp EBX address and fixed exploit output status. Gree...

Multiple game servers DDoS attacks

Large UDP response is sent in reply to short request withous session setup...

IBM AIX FC contains buffer overflow exploitable during session setup

Overview The FC client in IBM's AIX contains a buffer overflow that may cause a core dump in the client. Description The IBM AIX FC client allows a buffer overflow of a few bytes in the client process, which could cause intermittent core dumps during session setup. Overflowing the buffer is...