| 
Exploit
for Firebird Database Remote Database Name Overflow
- 14/6/2004
Description :
Firebird is "a relational database
offering many ANSI SQL-92 features that runs on Linux, Windows,
and a variety of Unix platforms. Firebird offers excellent
concurrency, high performance, and powerful language support
for stored procedures and triggers. It has been used in
production systems, under a variety of names since 1981".
As we reported in our previous article Firebird Database
Remote Database Name Overflow, an exploitable buffer overflow
in Firebird Database (based on Borland Interbase's code)
allows a remote attacker to cause it to execute arbitrary
code. The following exploit code can be used to test your
system for the mentioned vulnerability.
Metamail Buffer Overflow Exploit (From Header)
- 3/6/2004
Description :
"Metamail
is an implementation of MIME,
the Multipurpose Internet Mail Extensions, a proposed standard
for multimedia mail on the Internet. Metamail implements
MIME, and also implements extensibility and configuration
via the "mailcap" mechanism described in an informational
RFC that is a companion to the MIME document".
Several vulnerabilities have been
found in the product that would allow a remote attacker
to cause the program to fail or execute arbitrary code (due
to format string and buffer overflow vulnerabilities).
Sasser Worm Remote FTPD Buffer Overflow Exploit Code
- 11/5/2004
Description :
A buffer overflow exists in Sasser
Worm's FTP server.
Attached is an exploit code that opens a shell on the target
system.
autoRST - Automated TCP RST Exploit
- 4/5/2004
Description :
autoRST is an automated TCP RST exploit.
It uses the Winpcap libraries to sniff for TCP packets on
a network and then sends out a forged RST packet after calculating
the appropriate sequence number and forging the MAC address.
Makes use of the recent vulnerable released by Paul
A. Watson.
FirstClass Local Code Execution |
French
Version
- April/07/2004
Description
:
FirstClass is a complete network service
software and is an attractive alternative to Microsoft
Exchange or Lotus Notes.
In order to use FirstClass, users
must have a client installed on its computer (or other devices
such as PDAs...)
which is downloadable at the following adress :
http://www.centrinity.com/ClientDownloads/
MyDoom
remote desinfection
- Feb/10/2004
Description :
In order to stop the MyDoom
propagation, I2S-LaB
is currently remotly desinfecting computers
all over France. For more informations, don't hesitate to
contact us. Your computer is infected ? Try out MdBlast,
available for download here.
Hwing
is a win32 version of the ever favorite utility hping.
- Dec/01/2003
Description :
Hwing is a command-line oriented TCP/IP
packet assembler/analyzer. The interface is inspired to
the ping(8) unix command, but hping isn't only able to send
ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP
protocols, has a traceroute mode, the ability to send files
between a covered channel, and many other features.
Symantec
pcAnywhere allow local users to become system
- Dec/01/2003
Description :
pcAnywhere is an industry-leading remote
control software that features remote management paired
with file transfer capabilities. pcAnywhere has the ability
to help quickly resolve helpdesk and server support issues.
Microsoft
SHELL32.DLL Denial of Service
- Dec/01/2003
Description
:
SHELL32.DLL is a library which
contains windows system functions used to open web pages,
documents and
obtain informations on file associations. That
library is used by most standard applications to browse
directories to search for a specific file (a perfect example
being the FILE->Open menu
command available in most applications).
By Aurélien
Boudoux & Fred
Chaverot.
Windows
Workstation Service Remote Buffer Overflow
- Nov/11/2003
Description :
eEye Digital Security has discovered
a remote buffer overflow in the Windows Workstation Service
(WKSSVC.DLL).
An unauthenticated attacker could
exploit this vulnerability
to execute arbitrary code with system-level privileges
on Windows 2000 and Windows
XP machines.
The susceptible Workstation functionality is accessible via
the WKSSVC named pipe (TCP ports 139
and 445).
ShatterCommCtrl -
Nov/03/2003
Description
:
Shatter attack exploit against
CommCtrl 6.0 Buttons. This write
up and exploit demonstrates that any privileged application,
which makes use of the Microsoft XP visual styles
and creates a window on the interactive desktop, can be used
by an attacker to gain elevated privileges
Microsoft Messenger service buffer overflow -
10/20/2003
Description
:
Remote denial of service exploit for the Microsoft
Messenger service buffer overflow described
in ms03-043 which causes the target
machine to reboot. Includes the ability to send the packet
from a spoofed source address and requires the remote netbios
name. Tested against Windows 2000 SP4.
Exchange Server - Arbitrary Code Execution -
10/19/2003
Description :
In Exchange Server 5.5, a security
vulnerability exists in the Internet Mail Service that could
allow an unauthenticated attacker to connect to the SMTP port
on an Exchange server and issue a specially-crafted extended
verb request that could allocate a large amount of memory.
This could shut down the Internet Mail Service or could cause
the server to stop responding because of a low memory condition.
ListBox
and ComboBox Control Buffer Overflow -
10/19/2003
Description :
As we reported in our previous article Buffer
Overrun in the ListBox and in the ComboBox Control Could Allow
Code Execution (MS03-045), a vulnerability
in the ListBox and in the ComboBox
allows local attackers to gain elevated privileges.
Xprobe
version 2.02 - 10/14/2003
Description :
Xprobe2 is an active operating
system fingerprinting tool with
a different approach to operating system fingerprinting.
Xprobe2 rely on fuzzy signature matching, probabilistic guesses,
multiple matches simultaneously, and a signature database.
Shattering
SEH III (Progress Bars) -
09/30/2003
Description :
Following
is a sample program that demonstrates the "shatter
attack" techniques been used against
the progress bar control. Although this method does work,
Brett Moore was unable to find any 'system level'
programs that had progress bars
to be exploited. Brett Moore is however releasing this so
that developers of such programs are aware that even non-interactive
controls may be vulnerable to shatter type attacks.
FirstClass remote DoS on Internet Services - 09/25/2003
Description :
FirstClass is a combination of
solutions that allows a company to set up a reliable intranet
by integrating powerful internet services and including most
common communication protocols
(SMTP/ HTTP/ FTP /...)
By Aurélien
Boudoux & Fred
Chaverot.
Mplayer
Buffer Overflow (asf_streaming) -
09/29/2003
Description :
A remotely exploitable buffer overflow
vulnerability was found in MPlayer.
A malicious host can craft a harmful ASX header,
and trick MPlayer into executing arbitrary code upon parsing
that header.
Buffer
Overrun In RPCSS Service -
09/11/2003
Description :
Remote Procedure Call (RPC) is a protocol
used by the Windows operating system.
RPC provides an inter-process communication mechanism that
allows a program running on one computer to seamlessly access
services on another computer.
The protocol itself is derived from the Open Software Foundation
(OSF) RPC protocol, but with the addition of some Microsoft
specific extensions. There
are three newly identified vulnerabilities in the part of
RPCSS Service that deals with
RPC messages for DCOM activation-
two that could allow arbitrary code execution and one that
could result in a denial of service.
The flaws result from incorrect handling of malformed
messages. These particular vulnerabilities
affect the Distributed Component Object Model (DCOM) interface
within the RPCSS Service.
This interface handles DCOM object activation requests that
are sent from one machine to another.
Microsoft
RPCSS DCOM Interface Long FileName Heap Correuption Vulnerability
- 09/10/2003
Description :
Microsoft has reported a remotely exploitable
heap corruption vulnerability in RPC.
This issue exists in the RPCSS
Service and is related to code that handles RPC messages for
DCOM activation, specifically
in the filename parameter. This issue could be exploited by
a remote attacker to execute arbitrary code with SYSTEM
privileges.
|
