EUVD-2003-1053

Malware in sbrugna...

BSDI <= 4.0 tcpmux / inetd crash Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/66/info A vulnerability exists in inetd which allows a remote user to crash inetd if the tcpmux service is not commented out of /etc/inetd.conf. The tcpmux service is defined in RFC1078 $ nmap -p 1-64000 -i target host It...

Another Solaris 10 Patch Cluster Symlink Attack

Larry W. Cashdollar 8/6/2012 Here is another symlink attack with temp file creation using process id in Solaris 10 patch cluster. You can over write the contents of root owned files with the contents of inetd.conf. In patches/137097-01/SUNWcsr/reloc/lib/svc/method/inetd-upgrade lines : 72...

Solaris 10 Patch Cluster Symlink Attack

Larry W. Cashdollar 8/6/2012 Here is another symlink attack with temp file creation using process id in Solaris 10 patch cluster. You can over write the contents of root owned files with the contents of inetd.conf. In patches/137097-01/SUNWcsr/reloc/lib/svc/method/inetd-upgrade lines : 72...

Check for rlogin, rsh, rcp tools and configuration

Check for rlogin, rsh, rcp tools and configuration Lists /etc/inetd.conf, /etc/hosts.equiv, /etc/ftpusers, searches for .rhost, .netrc, rlogind and rshd SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Check for rlogin, rsh, rcp tools and configuration

Check for rlogin, rsh, rcp tools and configuration Lists /etc/inetd.conf, /etc/hosts.equiv, /etc/ftpusers, searchs for .rhost, .netrc, rlogind and rshd OpenVAS Vulnerability Test $Id: GSHBSSHr-tools.nasl 7052 2017-09-04 11:50:51Z teissa $ Check for rlogin, rsh, rcp tools and configuration Authors...

IBM AIX rpc.ttdbserver远程溢出漏洞

BUGTRAQ ID: 35419 IBM AIX是一款商业性质的UNIX操作系统。 AIX的ToolTalk库libtt.a中存在缓冲区溢出漏洞。如果/etc/inetd.conf中启用了rpc.ttdbserver的话，远程攻击者就可以通过提交恶意RPC请求触发这个溢出，导致以root用户权限执行任意指令。 IBM AIX 6.1 IBM AIX 5.3 IBM AIX 5.2 临时解决方法： 从/etc/inetd.conf中删除rpc.ttdbserver项并刷新inetd： chsubserver -r inetd -C /etc/inetd.conf -d -v...

Sun Solaris sadmind守护程序多个远程溢出漏洞

BUGTRAQ ID: 35083 CVECAN ID: CVE-2008-3869,CVE-2008-3870 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris的sadmind守护程序在为入站的sadmind请求分配内存时存在整数溢出，在解码某些请求参数时存在堆溢出。如果远程攻击者提交了畸形的RPC请求的话，就可以触发这些溢出，导致以root用户权限执行任意代码。 Sun Solaris 9.0x86 Sun Solaris 9.0 Sun Solaris 8.0x86 Sun Solaris 8.0 临时解决方法： 如下禁用sadmind1M： 1...

Detect talkd server port and protocol version

The remote host is running a 'talkd' daemon. talkd is the server that notifies a user that someone else wants to initiate a conversation with him. OpenVAS Vulnerability Test $Id: ntalkdetect.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Detect talkd server port and protocol version Authors...

CVE-2003-1063

The patches 1 105693-13, 2 108800-02, 3 105694-13, and 4 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy...

CVE-2003-1063

The patches 1 105693-13, 2 108800-02, 3 105694-13, and 4 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy...

Possible DoS to hosts running Veritas Netbackup

Possible DoS for hosts running Veritas Netbackup Client Tested OS: solaris 7 Netbackup Version: NetBackup-Solaris2.6 3.2GA Cause a remote host running Veritas Netbackup client to fully utilize it's cpus. Here's the DoS. Run multiple nc netcat commands using a full range of ports from some remote...

portmap.txt

Subject: portmap.c Trojan To: [email protected] Trojan being spread to clueless kiddies, claims to exploit portmap on Redhat boxes, really adds a rootshell to your inetd.conf file and sends other info like your ip address by executing ifconfig, it sends this mail to [email protected] Co...

solaris-2.7-finger-bounce.txt

Date: Sat, 26 Dec 1998 20:08:38 -0500 From: spoon To: [email protected] Subject: lame old finger bounce bug still exists in sparc 2.7 Hi, while beating on solaris today i found this... Yeah and finger is still enabled in inetd.conf by default in solaris 2.7. suprised this still exists... shrug...