Section: .. / advisories / bindview /
| /// File Name: |
acltools-1.0.zip |
Description:
|
ACL tools contains two tools: lsaacl and samacl. lsaacl allows allows you to display and edit security descriptors for LSA objects. samacl allows you to display and edit security descriptors for SAM objects.
| | Homepage: | http://razor.bindview.com/tools | | File Size: | 120090 | | Last Modified: | Oct 21 05:09:32 2003 |
| MD5 Checksum: | 0edcb88053e9854406383872242571e8 |
|
| /// File Name: |
adv_DCE-RPC_DoS.txt |
Description:
|
Bindview Advisory - Many DCE/RPC servers don't do proper parameter validation, and can be crashed by sending an improperly formatted request. Affected systems include W2K SCM, NT4 LSA, NT4 Endpoint mapper, W2K Endpoint mapper, SQL Server 7, W2K's DHCP Server, W2K's IIS Server, Exchange 5.5 SP3, Exchange 5.5 SP3, NT4 Spooler, W2K License Srv, and NT4 License Srv. Microsoft bulletin on this issue available here.
| | Homepage: | http://razor.bindview.com | | File Size: | 3159 | | Last Modified: | Aug 5 11:17:40 2001 |
| MD5 Checksum: | 4a14c5755a8272d507093367d2092c1e |
|
| /// File Name: |
adv_LkIPmasq.txt |
Description:
|
Bindview Advisory - A remotely exploitable IP masquerading vulnerability in the Linux kernel can be used to penetrate protected private networks which have loaded the IRC masquerading module. There was a discussion last year that detailed exploiting NAT packet inspection mechanisms on Linux and other operating systems by forcing a client's browser or MUA software to send specific data patterns without the user's knowledge (see http://www.securityfocus.com/archive/82/50226) in order to open an inbound TCP port on the firewall. Appropriate but not sufficient workarounds were incorporated in Linux kernels released after the original advisory. Unfortunately, protocols other than those mentioned in the original discussions seem to be vulnerable as well. We found that IRC DCC helper (the Linux 2.2 ip_masq_irc module, and modules shipped with some other operating systems / firewalling software) can be exploited.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com | | File Size: | 7423 | | Last Modified: | Aug 5 11:08:09 2001 |
| MD5 Checksum: | 9d276686b2da12b3bba7b179f1acb6ee |
|
| /// File Name: |
adv_mstelnet.txt |
Description:
|
Razor / Bindview Advisory - There is a buffer size checking related fault condition in Microsoft Windows 2000 telnet server. This vulnerability is present only if telnet service is running and plain-text logins are allowed. If there are already 4300 characters in the buffer, username length range checking does not work. Perl exploit included.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com | | File Size: | 1782 | | Last Modified: | Jun 8 23:19:55 2001 |
| MD5 Checksum: | 6ee028c03f526273bad46c971bb256b8 |
|
| /// File Name: |
adv_novellleak.txt |
Description:
|
Object Enumeration in Novell Environments - Due to a combination of legacy support and default settings, Novell Netware servers using native IP will leak system information via TCP port 524 when properly queried. In mixed Novell/Microsoft environments, information regarding Microsoft devices is leaked via the Service Advertising Protocol (SAP) table. Third party products, such as those used to synchronize directory services between environments can further the problem. Essentially, a remote attacker can gather the equivalent information provided by the console command "display servers" and the DOS client command "cx /t /a /r" without authentication.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com/publish/index.shtml | | File Size: | 14327 | | Last Modified: | Nov 14 01:57:36 2000 |
| MD5 Checksum: | ed52bf34d17e54095f1b53202c9dea03 |
|
| /// File Name: |
adv_sendmail.txt |
Description:
|
RAZOR Advisory: Multiple Local Sendmail Vulnerabilities. Sendmail v8.12.0 and below contains multiple local root vulnerabilities. This is fixed in v8.12.1.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com | | File Size: | 9362 | | Last Modified: | Oct 3 18:15:35 2001 |
| MD5 Checksum: | 108765b10a32bb3a0bfaa117b367b6ce |
|
| /// File Name: |
adv_smbd_log.txt |
Description:
|
Bindview Advisory - SMBD remote file creation vulnerability. Insufficient parameter validation and unsafe default configuration on popular Linux platforms make systems running samba SMB file sharing daemon vulnerable to remote attacks. Tested on SMBD 2.0.7 and 2.0.8. Samba daemon allows remote attackers to create SMB session log files (*.log) with highly attacker-dependent contents outside outside logs directory. This vulnerability itself can be used to perform DoS attacks, or, if combined with unprivileged local access, can be used to gain superuser privileges.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com | | File Size: | 3514 | | Last Modified: | Aug 5 10:57:53 2001 |
| MD5 Checksum: | 2b1032b27041ccb6933652ca97925691 |
|
| /// File Name: |
adv_ssh1crc.txt |
Description:
|
Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com | | File Size: | 8228 | | Last Modified: | Feb 9 20:26:40 2001 |
| MD5 Checksum: | c54b7076bfc79421c5985ff3b7b65cb7 |
|
| /// File Name: |
bindview.lpc.txt |
Description:
|
BindView Security Advisory - Windows NT 4.0 and 2000 contain multiple vulnerabilities in the LPC ports, as described in ms00-070. Implications range from denial of service to local promotion.
| | Author: | Todd Sabin | | Homepage: | http://razor.bindview.com | | File Size: | 13765 | | Last Modified: | Oct 5 00:26:47 2000 |
| MD5 Checksum: | 96b9f202345b5e62a8cbdbc525678bd5 |
|
| /// File Name: |
bindview.naptha.txt |
Description:
|
The NAPTHA dos vulnerabilities (Revised Edition - Dec 18) - The naptha vulnerabilities are weaknesses in the way that TCP/IP stacks and network applications handle the state of a TCP connection.
| | Homepage: | http://razor.bindview.com | | File Size: | 23509 | | Last Modified: | Dec 22 07:32:04 2000 |
| MD5 Checksum: | 24fd66bf696abe31348a262c6e2961dc |
|
| /// File Name: |
bindview.nt-local.txt |
Description:
|
Due to a flaw in the NtImpersonateClientOfPort Windows NT 4 system call, any local user on a machine is able to impersonate any other user on the machine, including LocalSystem. We have written a demonstration exploit which allows any user to spawn a cmd.exe window as LocalSystem. All Windows NT 4.0 systems up to and including SP6a are vulnerable.
| | Homepage: | http://www.bindview.com | | File Size: | 5485 | | Last Modified: | Jan 15 00:49:01 2000 |
| MD5 Checksum: | ea1afdbd6104fc8294fe6acb53e6831f |
|
| /// File Name: |
bindview.syskey.txt |
Description:
|
BindView Security Advisory - Windows NT's SYSKEY feature. SYSKEY does not fully protect the SAM from off-line attacks. Specifically, dictionary and brute-force password cracking are still possible, even when SYSKEY is enabled and the attacker is not in possession of the SystemKey.
| | Author: | Todd Sabin | | File Size: | 10278 | | Last Modified: | Dec 17 02:36:07 1999 |
| MD5 Checksum: | 29da6f33c029b31c2d5e79af460b92a5 |
|
| /// File Name: |
cabletron.ssr.dos.txt |
Description:
|
Bindview Security Advisory: Denial of Service Vulnerability in Cabletron's SmartSwitch Router (SSR). Remote users can flood the ARP table and stop the processing of packets.
| | Homepage: | http://www.bindview.com | | File Size: | 1641 | | Last Modified: | Nov 25 05:58:23 1999 |
| MD5 Checksum: | 072c470a7177a9f055cb67eba1a91abd |
|
| /// File Name: |
DDSA_Defense.htm |
Description:
|
Distributed Denial of Service Defense Tactics - This paper details some practical strategies that can be used by system administrators to help protect themselves from distributed denial of service attacks as well as protect themselves from becoming unwitting attack nodes against other companies.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 16369 | | Last Modified: | Feb 16 23:57:36 2000 |
| MD5 Checksum: | e1f0aceb853031be5bb2d08b3d12c772 |
|
| /// File Name: |
despoof-0.9.tgz |
Description:
|
Despoof is a utility that tries to determine if a received packet is in fact spoofed by checking the TTL. This command-line utility is intended for near real-time responding (such as being triggered from an IDS). The README explains it all. This utility is based on an idea by Donald McLachlan [don[at]mainframe.dgrc.crc.ca] (thanks Don!). Despoof runs on most Unix systems (tested on Linux, *BSDs), and requires libnet 1.0 and libpcap 0.4.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com/tools | | File Size: | 8792 | | Last Modified: | Jul 26 00:01:23 2000 |
| MD5 Checksum: | 07f2ba923e414e86b0a7dd6aee21d5b6 |
|
| /// File Name: |
enum.tar.gz |
Description:
|
Enum is a console-based Win32 information enumeration utility. Using null sessions, enum can retrieve userlists, machine lists, sharelists, namelists, group and member lists, password and LSA policy information. enum is also capable of a rudimentary brute force dictionary attack on individual accounts. &nbs;
| | Homepage: | http://razor.bindview.com/tools | | File Size: | 30659 | | Last Modified: | Oct 21 05:12:59 2003 |
| MD5 Checksum: | d794d231882d077051110e0da3f321c9 |
|
| /// File Name: |
fenris-0.03.tgz |
Description:
|
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com/tools/fenris/ | | Changes: | Includes a new utility called dress which reconstructs symtabs in ELF static stripped binaries, and write new ELFs suitable for use with gdb, objdump, nm, etc, and other minor improvements. | | File Size: | 724138 | | Last Modified: | May 19 09:03:00 2002 |
| MD5 Checksum: | 5dd6c9697781870e900251e84aa8ef27 |
|
| /// File Name: |
fenris-0.05.tgz |
Description:
|
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com/tools/fenris/ | | Changes: | Interactive debugging capabilities introduced and added burneye tracing. | | File Size: | 764826 | | Last Modified: | May 25 20:03:34 2002 |
| MD5 Checksum: | 0b76e98eddacbfae87f9c708e87671a2 |
|
| /// File Name: |
fenris-0.06.tgz |
Description:
|
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com/tools/fenris/ | | Changes: | GUI is now stable. There are several bugfixes, efficiency improvements, anti-debugging trap detection, better blocking syscall handling, and many more features. | | File Size: | 1052284 | | Last Modified: | Jun 3 07:02:13 2002 |
| MD5 Checksum: | ab497d7ebddf114494111e46554adb7c |
|
| /// File Name: |
fenris-0.2.tgz |
Description:
|
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com/tools/fenris/ | | Changes: | Many fixes, new fingerprints, op5ionw and several optimizations. | | File Size: | 627018 | | Last Modified: | May 15 07:06:56 2002 |
| MD5 Checksum: | 24ee1e381afc257d01778820be79d88d |
|
| /// File Name: |
fenris-0.7-m.tgz |
Description:
|
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com/tools/fenris/ | | Changes: | maintenance release: new fingerprints, bug-fixes. | | File Size: | 1122934 | | Last Modified: | Oct 21 04:49:08 2003 |
| MD5 Checksum: | 14c1fe47e00fd5fc1f7e72f12c056334 |
|
| /// File Name: |
fenris-0.7.tgz |
Description:
|
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com/tools/fenris/ | | Changes: | Includes some fixes and enhancements, including bugfixes to the build process and companion tools. | | File Size: | 1084157 | | Last Modified: | Sep 5 23:39:23 2002 |
| MD5 Checksum: | c5d8079bd95aaf61fb13a5a4e4ac8d82 |
|
| /// File Name: |
fenris-0.7b.tgz |
Description:
|
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com/tools/fenris/ | | Changes: | Repaired syscall breakpoint functionality in Aegir, problems on RedHat 7.3, and made some minor fixes. | | File Size: | 1119026 | | Last Modified: | Jun 13 05:05:02 2002 |
| MD5 Checksum: | 78bd4aef0e9f06942f65ee30fe961b0e |
|
| /// File Name: |
icmpenum-1.1.tgz |
Description:
|
This is a proof-of-concept tool to demonstrate possible distributed attacking concepts, such as sending packets from one workstation and sniffing the reply packets on another.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 8613 | | Last Modified: | Feb 17 00:37:04 2000 |
| MD5 Checksum: | 887a4b39a441342a46a392bddced1aaa |
|
| /// File Name: |
md5-tool.tgz |
Description:
|
If you have an md5 checksumming utility on your system, you can use these scripts for a "poor man's tripwire". These do several quick checks for archiving and security purposes.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 4738 | | Last Modified: | Feb 17 20:19:59 2000 |
| MD5 Checksum: | 41f0416f00dfa37b2e904ad115bee208 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
