Multiple CGI Flat File Database Manipulation Vulnerability
qDefense Advisory Number QDAV-2001-7-1
Product: Numerous CGI's
Vendor: Numerous Vendors
Severity: Remote; Severity varies, but can often be used to attain CGI
administrator status, which can result in read/write/execute privileges.
C
On Tue, Jul 10, 2001 at 08:12:30PM +0200, Przemyslaw Frasunek wrote:
> > FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows
>
> This problem was already reported to FreeBSD Security Officer about two
> months ago, but it was totally ignored.
Sorry about that: checking my mail fo
On Wed, Jul 11, 2001 at 08:19:19PM +0200, teleh0r wrote:
> This is another exploit for the flaw found by Steven Van Acker.
> http://www.securityfocus.com/archive/1/192844
> Tested against cfingerd 1.4.3-8.
Does anyone know whether cfingerd is actually being maintained any more,
or whether it
Dear bugtraq readers,
This is another exploit for the flaw found by Steven Van Acker.
http://www.securityfocus.com/archive/1/192844
In order to allow for more nops, I have constructed the payload
like this:
<82 nops>
[teleh0r@localhost teleh0r]$ ./cfingerd-exploit.pl -s 1
Address: 0xb46c
E
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-066-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
July 11, 2001
- ---
Remotish / localish exploit.
I wrote this last night, unaware someone else was going to post something
today.
Here is another exploit for the format string problem in cfingerd<=1.4.3,
using a slightly different method for exploiting it. Anti script-kiddied
by me being lazy.
Exploit redirects f
-BEGIN PGP SIGNED MESSAGE-
Cisco Security Advisory: Vulnerabilities in Cisco SN 5420 Storage Routers
Revision 1.0
For Public Release 2001 July 11 08:00 (UTC -0800)
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| EnGarde Secure Linux Security Advisory July 11, 2001 |
| http://www.engardelinux.org/ ESA-20010711-02
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| EnGarde Secure Linux Security Advisory July 11, 2001 |
| http://www.engardelinux.org/ ESA-20010711-01
Not sure what the exploit is, but there is a patch for it.
_
Macromedia Product Security Bulletin (MPSB01-07)
Macromedia releases patch that addresses ColdFusion Server secur
- Begin Hush Signed Message from [EMAIL PROTECTED] -
-=[ SECURITY ADVISORY ]=-
McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal
Vulnerabilty
Date:28 June 2001
Impact: HIGH
Affect
On Wed, Jul 11, 2001 at 11:41:23AM +0200, Johan Lindqvist wrote:
> The original advisory
> (http://www.inside-security.de/advisories/fw1_rdp.html) says that a
> workaround is to "Deactivate implied rules in the Check Point policy editor
> (and build your own rules for management connections).".
> This problem has fixed and the exploit didn't work for last
> 4.3-RELEASE FreeBSD.
Exploit *works* even for 4.3-STABLE, before correction date (2 Jul 2001):
riget:venglin:~> ./v
vvfreebsd. Written by Georgi Guninski
shall jump to bfbffe72
child=57660
Password:done
# id
uid=0(root) gid=1001(use
Hi everybody.
IBM DB2 for Windows (98/NT/2000) run 2 services : db2ccs.exe (listening on
port 6790) and db2jds.exe (port 6789).
I may be wrong but these services are used to access data remotely and to
remotely manage the database.
Both can be crashed remotely: just telnet on their port, send o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2001-0012
Package name: OpenSSL
Date: 2001-07-11
Affected versions: TSL 1.01, 1.1, 1.2
--
> Well, after a bunch of tests I've found only two suids which gave me
> suid shell:
> /usr/bin/passwd
> /usr/local/bin/ssh1
/usr/bin/su also works for me:
riget:venglin:~> egrep -e execl vvfreebsd.c
if(!execl("/usr/bin/su","su","szymon",0))
riget:venglin:~> ./v
vvfreebsd. Written by Georgi G
The original advisory
(http://www.inside-security.de/advisories/fw1_rdp.html) says that a
workaround is to "Deactivate implied rules in the Check Point policy editor
(and build your own rules for management connections).". I've not been able
to find any changes in the INSPECT code generated to
Przemyslaw Frasunek wrote:
>
> > FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows
>
> This problem was already reported to FreeBSD Security Officer about two
> months ago, but it was totally ignored.
>
If this is the case I don't understand why you did not go public then -
2
Çäðàâñòâóéòå, Przemyslaw.
Âû ïèñàëè âòîðíèê, 10 èþëÿ 2001 ã., 21:12:30:
>> FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows
PF> This problem was already reported to FreeBSD Security Officer about two
PF> months ago, but it was totally ignored.
This problem has fixed and the
hi,
this is a simple code for exploiting the cfingerd 1.4.3 and prior vuln
recently posted by Steven Van Acker <[EMAIL PROTECTED]>,
which may lead to a local root compromise. Read the comments in the code
for more detailed info.
bye
--
/* qitest1 http://qitest1.cjb.net *
*
20 matches
Mail list logo