Section: .. / advisories / atstake /
| /// File Name: |
a010603-1.txt |
Description:
|
Atstake Security Advisory A010603-1 - Multiple platform ethernet Network Interface Card (NIC) device drivers incorrectly handle frame padding, allowing an attacker to view slices of previously transmitted packets or portions of kernel memory. This vulnerability is the result of incorrect implementations of RFC requirements and poor programming practices, the combination of which results in several variations of this information leakage vulnerability. The simplest method to implement this attack is to send ICMP packets and watch for kernel memory in the replies. PDF report on this issue available here.
| | Author: | Ofir Arkin | | Homepage: | http://www.atstake.com/research/advisories/ | | File Size: | 3407 | | Last Modified: | Jan 6 19:05:19 2003 |
| MD5 Checksum: | 77a6e132bfbb80d08c1dc2b84f9b7d0f |
|
| /// File Name: |
a021403-1.txt |
Description:
|
Atstake Security Advisory A021403-1 - Mac OS X v10.2.3 contains a local root vulnerability in the TruBlueEnvironment portion of the MacOS Classic Emulator, which is suid root and installed by default.
| | Author: | Dave G. | | Homepage: | http://www.atstake.com/research/advisories/ | | File Size: | 3570 | | Related CVE(s): | CAN-2003-0088 | | Last Modified: | Feb 19 06:44:32 2003 |
| MD5 Checksum: | 03fd6ebae2a65a1b65ef812e828ad599 |
|
| /// File Name: |
a031303-1.txt |
Description:
|
Atstake Security Advisory A031303-1 - A stack buffer overflow exists in the Connector Module that ships with the Sun ONE Application Server. The module is an NSAPI plugin that integrates the Sun ONE Web Server (formerly iPlanet Enterprise Server) with the Application Server. Incoming HTTP request URLs are handled by the module and an unbounded string operation causes the overflow.
| | Author: | Kevin Dunn, Chris Eng | | Homepage: | http://www.atstake.com/research/advisories/ | | File Size: | 5610 | | Last Modified: | Mar 14 20:09:24 2003 |
| MD5 Checksum: | 77c32a91e9be968cc1e789bf727e589f |
|
| /// File Name: |
a031303-2.txt |
Description:
|
Atstake Security Advisory A031303-2 - Nokia SGSN (DX200 Based Network Element) is a platform that exists between legacy GSM networks and the new IP core of the GPRS network. The SGSN, or Serving GPRS Support Node, is vulnerable in that it allows any attackers to read the SNMP options with any community string.
| | Author: | Ollie Whitehouse | | Homepage: | http://www.atstake.com/research/advisories | | File Size: | 5128 | | Last Modified: | Mar 14 20:16:27 2003 |
| MD5 Checksum: | 17b96914b2b0ed0fe6762d00554f6ef6 |
|
| /// File Name: |
a031703-1.txt |
Description:
|
Atstake Security Advisory A031703-1 - McAfee ePolicy Orchestrater v2.5.1, an enterprise antivirus management tool for Windows 2000, contains a remote format string vulnerability which allows code execution as SYSTEM if tcp port 8081 is accessible.
| | Author: | Ollie Whitehouse | | Homepage: | http://www.atstake.com/research/advisories | | File Size: | 4540 | | Related CVE(s): | CAN-2002-0690 | | Last Modified: | Mar 18 13:49:21 2003 |
| MD5 Checksum: | 83113362ffe42403459772d7b8127fa9 |
|
| /// File Name: |
a041002-1.txt |
Description:
|
Atstake Security Advisory A041002 - IIS for Windows NT 4.0 and 2000 contains a heap overflow in .htr files which results in remote code execution in the IUSR_machine security context. This vulnerability has been verified on IIS 4.0 and 5.0 with SP2 and the latest security patches as of April 1, 2002.
| | Author: | Dave Aitel | | Homepage: | http://www.atstake.com/research/advisories | | File Size: | 4811 | | Last Modified: | Apr 11 13:27:04 2002 |
| MD5 Checksum: | 26351148114738a6cf7321e2e6251ad8 |
|
| /// File Name: |
a060502-1.txt |
Description:
|
Atstake Security Advisory A060502-1 - Red-M's 1050AP Bluetooth Access Point contains a number of vulnerabilities which are outlined below that enable an attacker on the wired/wireless side of the device to mount an attack against the device in an attempt to locate the device, cause loss of administration functionality or compromise the administration interface.
| | Author: | Ollie Whitehouse | | Homepage: | http://www.atstake.com | | File Size: | 13450 | | Last Modified: | Jun 5 18:33:53 2002 |
| MD5 Checksum: | 93e0a0bb3304a943dca559475b045269 |
|
| /// File Name: |
a071502-1.txt |
Description:
|
Atstake Advisory A071502-1 - Norton Personal Internet Firewall 2001 v3.0.4.91 for Windows NT and 2000 contains buffer overflows in the HTTP proxy which allows attackers to overwrite the first 3 bytes of the EDI register, which can lead to remote code execution.
| | Author: | Ollie Whitehouse | | Homepage: | http://www.atstake.com | | File Size: | 11051 | | Last Modified: | Jul 17 08:52:16 2002 |
| MD5 Checksum: | ac7d34c4766b3e7becec8c60afb25891 |
|
| /// File Name: |
a080802-1.txt |
Description:
|
Atstake Security Advisory A080802-1 - WS_FTP server v3.1.1 for Windows NT/2000/XP contains a buffer overflow that allows remote users to execute code when they change their password. Since the WS_FTP Server is running as a service, an attackers code will be executing as SYSTEM.
| | Author: | Andreas Junestam | | Homepage: | http://www.atstake.com/research/advisories | | File Size: | 2584 | | Last Modified: | Aug 9 02:57:27 2002 |
| MD5 Checksum: | 305ff1ef2bd047188e5966a0f5a349cd |
|
| /// File Name: |
a081602-1.txt |
Description:
|
Atstake Security Advisory A081602-1 - The auditing mechanism of Windows NT 4.0 and Windows 2000 SP2 does not understand hard links so it produces some erroneous results allowing an attacker to access files through hard links such that the name of the file being accessed does not appear in the security event log. Instead, the file name of the hard link appears in the event log. The hard link can be deleted after accessing the file thus eliminating any trace of the file I/O activity.
| | Homepage: | http://www.atstake.com/research/advisories | | File Size: | 8118 | | Last Modified: | Aug 21 08:31:32 2002 |
| MD5 Checksum: | 4624c1d7cc3f99be57cb7d7edd81f4bf |
|
| /// File Name: |
a082802-1.txt |
Description:
|
Atstake Security Advisory A082802-1 - The Microsoft Terminal Server ActiveX client contains a buffer overflow in one of the parameters used by the ActiveX component when it is embedded in a web page which an attacker can exploit to run malicious code on a target system. The user would need to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a link on a malicious web site.
| | Author: | Ollie Whitehouse | | Homepage: | http://www.atstake.com/research/advisories | | File Size: | 4671 | | Related CVE(s): | CAN-2002-0726 | | Last Modified: | Aug 29 07:03:35 2002 |
| MD5 Checksum: | aa29f9dd929358961c4cc95ce9050483 |
|
| /// File Name: |
A090800-1 |
Description:
|
[at]stake Advisory A090800-1 - Application: Mobius DocumentDirect for the Internet 1.2, Platform: Windows NT 4.0, Severity: There are several buffer overflow conditions that could result in execution of arbitrary code or a denial of service.
| | Homepage: | http://www.atstake.com/research/advisories/2000/ | | File Size: | 5930 | | Last Modified: | Sep 11 19:17:57 2000 |
| MD5 Checksum: | b27171849ec91d61d3294a6e2267d4c0 |
|
| /// File Name: |
a091002-1.txt |
Description:
|
Atstake Security Advisory A091002-1 - Apple QuickTime ActiveX v5.0.2 has a buffer overrun conditions that can result in execution of arbitrary code. To exploit this vulnerability an attacker would need to get his or her target to open a malicious HTML file as an attachment to an email message, as a file on the local or network file system, or as a file via HTTP.
| | Homepage: | http://www.atstake.com/research/advisories | | File Size: | 5231 | | Related CVE(s): | CAN-2002-0376 | | Last Modified: | Sep 11 06:44:11 2002 |
| MD5 Checksum: | 2035fdbc2b58bd5d2de0d23e0f70cc5b |
|
| /// File Name: |
A091100-1 |
Description:
|
Atstake Security Advisory - Netegrity's SiteMinder is a web access control product for Solaris and Windows NT that implements various authentication mechanisms to protect content on websites. Due to an error in SiteMinder's URL parsing, it is possible for an attacker to bypass the authentication phase and view protected web pages directly.
| | Homepage: | http://www.atstake.com/research/index.html | | File Size: | 4280 | | Last Modified: | Sep 13 21:20:14 2000 |
| MD5 Checksum: | 510cf4d3d8534014692f2aae39b78de6 |
|
| /// File Name: |
A091400-1 |
Description:
|
[at]Stake Advisory A091400-1 - The Windows 2000 telnet client, which relies upon NTLM authentication protocol, may be launched via email or a browser and automatically attempts to authenticate with any host it contacts without prompting the user for any information. A malicious user can crack the authentication to reveal passwords.
| | Homepage: | http://www.atstake.com | | File Size: | 8727 | | Last Modified: | Sep 15 03:28:16 2000 |
| MD5 Checksum: | 6450bf7d01648d500e1c689e465bc4dc |
|
| /// File Name: |
A092600-1 |
Description:
|
Atstake Security Advisory - PalmOS Password Retrieval and Decoding. Severity: Moderate. PalmOS offers a built-in Security application which is used for the legitimate user to protect and hide records from unauthorized users by means of a password. Passwords can easily be obtained and decoded allowing an attacker to access all private records on a Palm device.
| | Author: | Kingpin | | Homepage: | http://www.atstake.com/research/advisories/2000/ | | File Size: | 14389 | | Last Modified: | Sep 28 23:37:22 2000 |
| MD5 Checksum: | 697a82697d86f6b42f5b539d20b88918 |
|
| /// File Name: |
A100400-1 |
Description:
|
Atstake Security Advisory - Microsoft's Internet Information Server 5.0 is WebDAV (RFC 2518) enabled. As part of the extra functionality provided by the WebDAV components. Microsoft has introduced the SEARCH request method to enable searching for files based upon certain criteria. This functionality can be exploited to gain what are equivalent to directory listings. These directory listings can be used by an attacker to locate files in the web directories that are not normally exposed through links on the web site. .inc files and other components of ASP applications that potentially contain sensitive information can be viewed this way.
| | Author: | Mnemonix | | Homepage: | http://www.atstake.com | | File Size: | 3199 | | Last Modified: | Oct 5 03:38:29 2000 |
| MD5 Checksum: | 58071b7e5bee17ef6c7ced456689cebf |
|
| /// File Name: |
A100900-1 |
Description:
|
Atstake Security Advisory (updated) - iPlanet's iCal, a multiplatform calendaring server, introduces a number of vulnerabilities to the system in which it is installed on. These vulnerabilities, ranging from poor file permissions to insecure programming practices allow local attackers to obtain root access, and remote attackers to monitor keystrokes. Includes obtain-ics.sh, a simple proof of concept local exploit.
| | Author: | Silicosis | | Homepage: | http://www.atstake.com | | File Size: | 11165 | | Last Modified: | Oct 19 02:17:48 2000 |
| MD5 Checksum: | 60bb23df486299e0d93af96ee3eef323 |
|
| /// File Name: |
a102003-1.txt |
Description:
|
Atstake Security Advisory A102003-1 - Opera v7.20 and below contains a heap overflow when parsing HREFs with illegally escaped server names, allowing remote code execution via email or malicious web page. Fix available here. Tested against Windows XP and Linux.
| | Author: | Jesse Burns | | Homepage: | http://www.atstake.com/research/advisories | | File Size: | 3364 | | Related CVE(s): | CAN-2003-0870 | | Last Modified: | Oct 21 03:39:01 2003 |
| MD5 Checksum: | 5f1aead79ce8a8c78a4898084989e4aa |
|
| /// File Name: |
A102600-1.txt |
Description:
|
Atstake security advisory - This advisory describes a vulnerability that exists in Cisco Systems Virtual Central Office 4000 (VCO/4K). There is a vulnerability in the SNMP interface that allows an attacker to enumerate username and obfuscated password pairs for the Telnet interface. Since the obfuscation method used on the passwords is reversible, administrative access to the VCO/4K can be obtained. Perl proof of concept exploit included.
| | Author: | David Goldsmith, Brian Carrier, Rex Warren | | Homepage: | http://www.atstake.com | | File Size: | 4608 | | Last Modified: | Oct 31 02:20:11 2000 |
| MD5 Checksum: | 9d929ac325e18d64da5ced7de35202cb |
|
| /// File Name: |
a102802-1.txt |
Description:
|
Atstake Security Advisory a102802-1 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the service. Oracle released a security advisory for this vulnerability. This advisory can be found here.
| | Homepage: | http://www.atstake.com/research/advisories | | File Size: | 2971 | | Last Modified: | Oct 29 14:00:19 2002 |
| MD5 Checksum: | 89e8742a8f5ef59e9dd916b6987f7ad5 |
|
| /// File Name: |
a102803-1.txt |
Description:
|
Mac OS X prior to v10.3, if running with core files enabled, allows local attackers with shell access to overwrite any file and read core files created by root owned processes.
| | Author: | Dave G. | | Homepage: | http://www.atstake.com | | File Size: | 3356 | | Related CVE(s): | CAN-2003-0877 | | Last Modified: | Oct 30 07:08:00 2003 |
| MD5 Checksum: | ac6a7fa0e8348991b06323304526a603 |
|
| /// File Name: |
a102803-2.txt |
Description:
|
Atstake Security Advisory - Mac OS X 10.2.8 and below has insecure permissions on DMG files and other third party application files. This is fixed in Mac OS X 10.3 where Finder will preserve the permissions on copied folders.
| | Author: | Dave G. | | Homepage: | http://www.atstake.com | | File Size: | 3356 | | Related CVE(s): | CAN-2003-0876 | | Last Modified: | Oct 30 07:10:48 2003 |
| MD5 Checksum: | ac6a7fa0e8348991b06323304526a603 |
|
| /// File Name: |
a102803-3.txt |
Description:
|
Atstake Security Advisory A102803-3 - It is possible to cause the the Mac OS X kernel prior to v10.3 to crash by specifying a long command line argument. While this primarily affects local users there may be conditions where this situation is remotely exploitable if a program which receives network input spawns another process with user input. It is possible to use this condition to dump small portions of memory back to an attacker.
| | Author: | Dave G. | | Homepage: | http://www.atstake.com | | File Size: | 2968 | | Related CVE(s): | CAN-2003-0895 | | Last Modified: | Oct 30 07:12:39 2003 |
| MD5 Checksum: | bef10aee5d88035bc65507a618971cbb |
|
| /// File Name: |
a120100-1.txt |
Description:
|
Atstake Security Advisory A120100-1 - Microsoft's database server, known as SQL Server, contains several buffer overruns vulnerabilities that can be remotely exploited to execute arbitrary computer code on the affected system, thus allowing an attacker to gain complete control of the server. In situations where the SQL Server is protected by a firewall, it may still be possible to launch this attack through a connecting web server - though this depends on how secure the web server's application is. Proof of concept code available here.
| | Homepage: | http://www.atstake.com | | File Size: | 4228 | | Last Modified: | Dec 3 06:13:31 2000 |
| MD5 Checksum: | 712363e28a633c45f30f2d36b1f4920c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
