Section: .. / 0008-exploits /
/// File Name: |
irix.telnetd.txt |
Description:
|
A serious vulnerability has been found in IRIX telnetd which can give remote root access to any IRIX 6.2-6.5.8[m,f] system. The vulnerability occurrs when one of the environment variables contains a format string which is passed on to the syslog() function. Proof of concept exploit included (updated version - compiler and little endian fixes). Fix available here.
| Author: | LSD | Homepage: | http://lsd-pl.net | File Size: | 21301 | Last Modified: | Sep 13 21:11:15 2000 |
MD5 Checksum: | 22385913d3970f9f00addf76aa299fee |
|
/// File Name: |
A090800-1 |
Description:
|
[at]stake Advisory A090800-1 - Application: Mobius DocumentDirect for the Internet 1.2, Platform: Windows NT 4.0, Severity: There are several buffer overflow conditions that could result in execution of arbitrary code or a denial of service.
| Homepage: | http://www.atstake.com/research/advisories/2000/ | File Size: | 5930 | Last Modified: | Sep 11 19:17:57 2000 |
MD5 Checksum: | b27171849ec91d61d3294a6e2267d4c0 |
|
/// File Name: |
horde.txt |
Description:
|
The $from-bug is in the horde library file 'horde.lib', (on debian systems installed in /usr/share/horde/lib/horde.lib) in line 1108 belonging to function "mailfrom". In this file there is a call to "popen" with an unchecked "from:"-line as argument. Bug found and exploited by Jens "atomi" Steube, Fixed and documentated by Christian "thepoet" Winter
| File Size: | 3312 | Last Modified: | Sep 11 19:09:56 2000 |
MD5 Checksum: | 7ee65a0d5d1fa264e6a56df32877bea2 |
|
/// File Name: |
websitepro.txt |
Description:
|
WebSite Pro is a Web Server for Win95/98/NT platforms. The vulnerability (or bad server administration) allows any user to create arbitrary files with arbitrary text on the victim machine, from the Internet web browser.
| Author: | a default installation, any user can create or uploads files to the victim machine running a vulnerable version of WebSite Pro. The problem is a bad "protection access" of the main directories on the machine. | File Size: | 3528 | Last Modified: | Sep 11 18:58:50 2000 |
MD5 Checksum: | 923f9c6216a742ebff00f589bf593f03 |
|
/// File Name: |
0008-exploits.tgz |
Description:
|
Packet Storm new exploits for August, 2000.
| File Size: | 1090974 | Last Modified: | Sep 9 00:50:47 2000 |
MD5 Checksum: | 3d58f82c7badff1819cdd9e0aebfdbe6 |
|
/// File Name: |
dmplay.c |
Description:
|
/usr/sbin/dmplay local exploit for Irix 6.2 and 6.3.
| Homepage: | http://lsd-pl.net | File Size: | 2352 | Last Modified: | Sep 8 00:40:01 2000 |
MD5 Checksum: | ac9e33b42c4a60714cc75052c38c0cd9 |
|
/// File Name: |
trans.pl |
Description:
|
Win2k IIS remote exploit - Retrieves files using the Translate: f bug.
| Author: | Roelof Temmingh | File Size: | 1154 | Last Modified: | Sep 8 00:34:23 2000 |
MD5 Checksum: | ca39fae3ccf6cef0b09f5c8b1e171366 |
|
/// File Name: |
outlookmailxploit.zip |
Description:
|
Microsoft Outlook remote exploit coded in delphi. Includes source code.
| Author: | Fbyte | File Size: | 190823 | Last Modified: | Sep 8 00:32:37 2000 |
MD5 Checksum: | 609d7f1261dc06565e9076ce17f1b7c7 |
|
/// File Name: |
inpview.c |
Description:
|
/usr/lib/InPerson/inpview local exploit for irix 6.5 and 6.5.8.
| Homepage: | http://lsd-pl.net | File Size: | 1265 | Last Modified: | Sep 8 00:30:59 2000 |
MD5 Checksum: | e451bb3c91d58f58a0be7cf74296cba9 |
|
/// File Name: |
eject3.c |
Description:
|
/usr/sbin/eject local exploit for Irix 6.2.
| Homepage: | http://lsd-pl.net | File Size: | 1692 | Last Modified: | Sep 8 00:30:10 2000 |
MD5 Checksum: | b4d3a80494b3fd6e91498e0cc48548be |
|
/// File Name: |
libxt2.c |
Description:
|
libxt.so HOME environment variable local buffer overflow exploit for Irix 6.2 and 6.3.
| Homepage: | http://lsd-pl.net | File Size: | 2471 | Last Modified: | Sep 8 00:29:14 2000 |
MD5 Checksum: | 7f9f46d42599b7d53ae329ac72d78ee1 |
|
/// File Name: |
pset2.c |
Description:
|
/sbin/pset local exploit for Irix 6.2 and 6.3.
| Homepage: | http://lsd-pl.net | File Size: | 2295 | Last Modified: | Sep 8 00:28:02 2000 |
MD5 Checksum: | 248262637213c4375240580b19979b36 |
|
/// File Name: |
gr_osview.c |
Description:
|
/usr/sbin/gr_osview local exploit for Irix 6.2 and 6.3.
| Homepage: | http://lsd-pl.net | File Size: | 1758 | Last Modified: | Sep 8 00:27:15 2000 |
MD5 Checksum: | 5e2840ed7076d1cb5b71eb61c4225231 |
|
/// File Name: |
irix-libc.c |
Description:
|
libc.so NLSPATH local exploit for Irix 6.2.
| Homepage: | http://lsd-pl.net | File Size: | 3111 | Last Modified: | Sep 8 00:26:12 2000 |
MD5 Checksum: | 2b1f37157932fbf6eba526123da8636f |
|
/// File Name: |
libgl.c |
Description:
|
libgl.so HOME environment variable local exploit for irix 6.2.
| Homepage: | http://lsd-pl.net | File Size: | 2287 | Last Modified: | Sep 8 00:25:04 2000 |
MD5 Checksum: | 7d324da5715b5fe5187746417eff352c |
|
/// File Name: |
login2.c |
Description:
|
/usr/lib/iaf/scheme (login) local exploit for Irix 5.3.
| Homepage: | http://lsd-pl.net | File Size: | 1594 | Last Modified: | Sep 8 00:24:02 2000 |
MD5 Checksum: | ccb17fe3c022a4e18e6bdbfe5af14102 |
|
/// File Name: |
libxaw.c |
Description:
|
libxaw.so inputmethod local exploit for irix 6.2.
| Homepage: | http://lsd-pl.net | File Size: | 2109 | Last Modified: | Sep 8 00:23:14 2000 |
MD5 Checksum: | f021df30c7f4708c805d9116ac2dc5f9 |
|
/// File Name: |
mail.c |
Description:
|
/usr/bin/mail local exploit for Irix 6.2 and 6.3.
| Homepage: | http://lsd-pl.net | File Size: | 2616 | Last Modified: | Sep 8 00:22:04 2000 |
MD5 Checksum: | 7ebdbdd3a3ce3f6fb2be68925c40d8ff |
|
/// File Name: |
irix-xlock.c |
Description:
|
Irix 6.3/6.2 /usr/bin/X11/xlock local buffer overflow exploit.
| Homepage: | http://lsd-pl.net | File Size: | 1744 | Last Modified: | Sep 8 00:21:02 2000 |
MD5 Checksum: | 19d26832ec333919d795f33bfc09de1f |
|
/// File Name: |
named2.c |
Description:
|
Irix 6.2/5.3 named iquery remote root buffer overflow exploit. Spawns a bindshell.
| Homepage: | http://lsd-pl.net | File Size: | 10303 | Last Modified: | Sep 8 00:19:49 2000 |
MD5 Checksum: | ae79a7e9edab60e1b0a4d70a00b1c04b |
|
/// File Name: |
autofsd.c |
Description:
|
Autofsd remote buffer overflow exploit for Irix 6.4 and 6.5.
| Homepage: | http://lsd-pl.net | File Size: | 2254 | Last Modified: | Sep 8 00:17:52 2000 |
MD5 Checksum: | 01378a7a7c5f88bb5c1927e293890131 |
|
/// File Name: |
arrayd.c |
Description:
|
Irix 6.5/6.4/6.3/6.2 arrayd remote buffer overflow exploit as described in CA-99-09-arrayd.txt.
| Homepage: | http://lsd-pl.net | File Size: | 4658 | Last Modified: | Sep 8 00:17:00 2000 |
MD5 Checksum: | e14c5e74a826f15f48e76a155fec4eb9 |
|
/// File Name: |
objectserver2.c |
Description:
|
SGI objectserver "export" exploit - Remotely adds new entry to the export list on the IRIX system. See our SGI objectserver "account" exploit for more information. Only directories that aren't supersets of already exported ones can be added to the export list.
| Homepage: | http://lsd-pl.net | File Size: | 6357 | Last Modified: | Sep 7 23:04:56 2000 |
MD5 Checksum: | 7819f36ebeb0df0e7d844ea40bc548a4 |
|
/// File Name: |
irix_rpc_ttdbserverd.c |
Description:
|
rpc.ttdbserverd remote root exploit for irix 5.2 5.3 6.2 6.3 6.4 6.5 6.5.2.
| Homepage: | http://lsd-pl.net | File Size: | 7902 | Last Modified: | Sep 7 23:00:57 2000 |
MD5 Checksum: | 983cc713413d355851a1143d56d1b1e5 |
|
/// File Name: |
lp.c |
Description:
|
/usr/bin/lp local root exploit for solaris 2.7 x86.
| Homepage: | http://lsd-pl.net | File Size: | 2321 | Last Modified: | Sep 7 22:59:48 2000 |
MD5 Checksum: | 706bd11fe7e7a238911ed863d11ec443 |
|
|
|
|
|