Various Lame Stuff

2000-05-17T00:00:00
ID SECURITYVULNS:DOC:201
Type securityvulns
Reporter Securityvulns
Modified 2000-05-17T00:00:00

Description

Hi all,

Just a summary of some vulnerabilities that have been covered in the Forbidden Knowledge e-zine lately, which some people on the list may need to know...

Covered in Issue Eight

Proxy Plus <www.proxyplus.cz> has various insecure default settings.

NiteServer FTPd is vulnerable to several Denial of Service attacks.

ISpy Webcam <www.ispy.nl> stores the password for the FTP server it uploads images to in the registry with a simple substitution cipher.

The XiRCON IRC client <www.xircon.com> dies when recieving long CTCP messages.

E-Serv directory climbing vulnerability. Turns out this was mentioned on BugTraq the month before release, but it's worth mentioning anyway, because the BugTraq post didn't mention that the FTPd is also vulnerable.


Covered in Issue Nine

All versions of Offline Explorer <www.metaproducts.com> prior to version 1.3 beta allow any file on the hard-drive to be remotely read.

The Argosoft FTP Server <www.argosoft.com> is affected by various overflows AND allows directory climbing. We haven't checked if everything has been fixed yet, but the author has been informed.


Covered in Issue Eleven

Spoon Proxy <www.pi-soft.com> is vulnerable to a nasty Denial of service.

Cisco's PIX Firewall <www.cisco.com> (and others) can be DoS'd

Killmod.php3 <packetstorm> (lame hax0r kiddie script) is exploitable

E-Serv <www.eserv.ru> is vulnerable to a DoS attack

Browsegate <www.netcplus.com> has a remotely exploitable buffer overflow

GateKeeper <www.infopulse.net> has a remotely exploitable buffer overflow

AllegroSurf <www.allegrosurf.com> is DoS'able

iCal <www.brownbearsw.com> has multiple vulnerabilties

Users with UID 1000 or higher can reboot RedHat 6.0 systems

Should any of these bugs affect you and/or should you like more details - check out the e-zine at www.mdma.za.net/fk. It's distasteful, perverse, and will probably be offensive to 99.9% of the people who read it. That's why it's so damned cool, heh. ;)

Apologies for not posting earlier, and from now on, I will release a post to BugTraq at the same time as (or in some cases, before) the e-zine.

Cheers, Drew Lewis

--==--==--==--==-->> wizdumb@leet.org +27 (82) 976-7246