SuSE Linux 6.2 sscw - HOME Environment Variable Buffer Overflow

SuSE Linux 6.2 sscw - HOME Environment Variable Buffer Overflow source: https://www.securityfocus.com/bid/656/info A buffer overflow vulnerability in sscw's handling of the HOME environment variable allows local users to gain root privileges. !/bin/bash Linux x86 exploit for /usr/bin/sccw on SuSE...

iis4_remote_DoS.txt

Subject: IIS 4.0 remote DoS MS99-029 To: [email protected] Hi, I found a kind of DoS attack against IIS 4.0 on NT SP4 & SP5. I reported it to MS and they've provided HotFix for this. Problem Description ------------------- Simple play. I sent lots of "Host:aaaaa...aa" to IIS like... GET /...

netscape_ssl_bug.txt

Subject: Netscape Enterprise Server SSL Handshake Bug To: [email protected] Hi everybody, There exists a SSL handshake bug in Netscape Enterprise Server that can be exploited to crash the server. Netscape has confirmed this, and they also told me that another person reported this to them...

linux.2.x.ipc.DoS.txt

Date: Sun, 7 Mar 1999 01:41:25 +0100 From: Michal Zalewski Linux 2.x IPC vunerability Linux IPC implementation seems to be broken. I noticed Alan about one/two months ago, so I believe it has been fixed in recent 2.2.x Linuxes. In fact, any luser may consume whole memory available on system using...

ipop3d.4.xx.bof.txt

Date: Sun, 7 Mar 1999 01:41:25 +0100 From: Michal Zalewski Overflow in CAC.Washington.EDU ipop3d 4.xx CAC.Washington.EDU ipop3d 4.xx, at least on Linux platform, has serious security hole. When data is read from so-called mailbox lock created in /tmp directory this happens under certain condition...

iis4.htr.pl

Re: Retina vs. IIS4, Round 2, KO Ryan R Permeh [email protected] Tue, 15 Jun 1999 17:01:23 -0500 tested, this works for me... scripting was turned on... perl exploit code follows: !/usr/bin/perl props to the absu crew use Net::Telnet; for $i=2500;$inew Host = "$ARGV0",Port = 80; my $cmd = "GE...

ms.winhelp.exploit.txt

Date: Mon, 24 May 1999 07:18:23 +0100 From: Mnemonix To: [email protected] Subject: Exploit and Analysis of the Winhlp32.exe buffer overrun. Analysis of the winhlp32.exe buffer overrun. The buffer overrun in winhlp32.exe occurs when it attempts to read a cnt file with an overly lon...

solaris-lpstat-bof.txt

Date: Wed, 27 Jan 1999 16:53:51 +0100 From: Anthony C . Zboralski To: [email protected] Subject: HERT Advisory 001 Buffer overflow in Solaris /usr/bin/lpstat -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------- HERT - Hacker Emergency Response Team...

iParty.daemon.DoS.txt

Date: Sat, 08 May 1999 13:11:34 EDT From: wh00t X To: [email protected] Cc: [email protected], [email protected] Subject: iParty Daemon Vulnerability w/ Exploit Code worse than thought? Hi, iParty, by Intel Experimental Technologies Department, unofficial information source a...

ipop2d.txt

Vulnerable Program: POP2 shipped with imap-4.4 package Platforms: Linux Impact: Remote users can spawn a shell with uid of user "nobody" Reported Initally: Chris Evans Exploit Code: bind Details: -------- POP-2 supports anonymous proxy service where remote users can connect to remote imap servers...

wingate-killer.pl

Date: Sat, 14 Nov 1998 13:51:30 -0500 From: G23 To: [email protected] Subject: crashing wingates Hello, The following one-liner will crash an open Wingate. perl -MIO::Socket -e \ 'IO::Socket::INET-newPeerAddr="wingate.to.hoze:23"\ -send"X" x 4400 . "\n",0' Unfortunately I don't have access to...

WebTrends Enterprise Reporting Server 1.5 - Negative Content Length Denial of Service

source: https://www.securityfocus.com/bid/569/info Specifying a negative content-length in a POST operation to the WebTrends Enterprise Reporting Server will crash the web server. !/usr/bin/perl -w Example DoS against WebTrends Enterprise Reporting Server 8/8/99 rpc use IO::Socket; die "usage: $0...

Fujitsu Chocoa 1.0 beta7R - 'Topic' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/573/info The Chocoa IRC client has an unchecked buffer in the code that processes channel topics. If the server returns a topic that overwrites the client's buffer and contains exploit code arbitrary commands can be run on the client system...

ToxSoft NextFTP 1.82 - Remote Buffer Overflow

ToxSoft NextFTP 1.82 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/572/info ToxSoft's shareware FTP client, NextFTP, contains an unchecked buffer in the code that parses CWD command replies. If the FTP server's reply contains the exploit code, arbitrary commands can be run...

Fujitsu Chocoa 1.0 beta7R - Topic Remote Buffer Overflow

Fujitsu Chocoa 1.0 beta7R - Topic Remote Buffer Overflow // source: https://www.securityfocus.com/bid/573/info The Chocoa IRC client has an unchecked buffer in the code that processes channel topics. If the server returns a topic that overwrites the client's buffer and contains exploit code...

IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (3)

/ source: https://www.securityfocus.com/bid/268/info A buffer overflow in libc's handling of the LCMESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's...

Sun Solaris 7.0 - '/usr/bin/lpset' Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/251/info A stack buffer overflow vulnerability in the handling of the "-a" command in the lpset program allows arbitrary execution of code with root privileges. The lpset utility sets printing configuration information in the system configuration...

Rational Software ClearCase for Unix 3.2 - ClearCase SUID

Rational Software ClearCase for Unix 3.2 - ClearCase SUID source: https://www.securityfocus.com/bid/538/info Rational Software's ClearCase product includes a vulnerability whereby an unprivileged user can have any readable executable set to SUID root.. A 1.5 meg file is copied and then chmod'ed t...

Rational Software ClearCase for Unix 3.2 - ClearCase SUID

source: https://www.securityfocus.com/bid/538/info Rational Software's ClearCase product includes a vulnerability whereby an unprivileged user can have any readable executable set to SUID root.. A 1.5 meg file is copied and then chmod'ed to SUID, and during the time this file is being copied it c...

Alt-N MDaemon Server 2.71 SP1 - SMTP HELO Argument Buffer Overflow

Alt-N MDaemon Server 2.71 SP1 - SMTP HELO Argument Buffer Overflow // source: https://www.securityfocus.com/bid/8622/info It has been reported that Alt-N MDaemon server is prone to an SMTP HELO command argument buffer overflow vulnerability. The issue presents itself likely due to insufficient...