Bugtraq mailing list archives
Various Lame Stuff
From: wizdumb () LEET ORG (wizdumb () LEET ORG)
Date: Tue May 16 15:04:28 2000
Hi all, Just a summary of some vulnerabilities that have been covered in the Forbidden Knowledge e-zine lately, which some people on the list may need to know... Covered in Issue Eight --- Proxy Plus <www.proxyplus.cz> has various insecure default settings. NiteServer FTPd is vulnerable to several Denial of Service attacks. ISpy Webcam <www.ispy.nl> stores the password for the FTP server it uploads images to in the registry with a simple substitution cipher. The XiRCON IRC client <www.xircon.com> dies when recieving long CTCP messages. E-Serv directory climbing vulnerability. Turns out this was mentioned on BugTraq the month before release, but it's worth mentioning anyway, because the BugTraq post didn't mention that the FTPd is also vulnerable. --- Covered in Issue Nine --- All versions of Offline Explorer <www.metaproducts.com> prior to version 1.3 beta allow any file on the hard-drive to be remotely read. The Argosoft FTP Server <www.argosoft.com> is affected by various overflows AND allows directory climbing. We haven't checked if everything has been fixed yet, but the author has been informed. --- Covered in Issue Eleven --- Spoon Proxy <www.pi-soft.com> is vulnerable to a nasty Denial of service. Cisco's PIX Firewall <www.cisco.com> (and others) can be DoS'd Killmod.php3 <packetstorm> (lame hax0r kiddie script) is exploitable E-Serv <www.eserv.ru> is vulnerable to a DoS attack Browsegate <www.netcplus.com> has a remotely exploitable buffer overflow GateKeeper <www.infopulse.net> has a remotely exploitable buffer overflow AllegroSurf <www.allegrosurf.com> is DoS'able iCal <www.brownbearsw.com> has multiple vulnerabilties Users with UID 1000 or higher can reboot RedHat 6.0 systems --- Should any of these bugs affect you and/or should you like more details - check out the e-zine at www.mdma.za.net/fk. It's distasteful, perverse, and will probably be offensive to 99.9% of the people who read it. That's why it's so damned cool, heh. ;) Apologies for not posting earlier, and from now on, I will release a post to BugTraq at the same time as (or in some cases, before) the e-zine. Cheers, Drew Lewis --==--==--==--==-->> wizdumb () leet org +27 (82) 976-7246
Current thread:
- I think, (continued)
- I think Jay Mobley (May 23)
- Re: kscd vulnerability Katherine M. Moussouris (May 25)
- Cisco Bug Esteve Espuna (May 16)
- Re: Cisco Bug James Sneeringer (May 16)
- Security Bulletins Digest (fwd) Mike Bush (May 17)
- Cisco Bug Error Log Esteve Espuna (May 16)
- CProxy v3.3 SP 2 DoS |[TDP]| (May 16)
- Banner Rotation 01 zillion (May 16)
- Re: Banner Rotation 01 Joao Pedro Gonçalves (May 17)
- Vuln in calender.pl (Matt Kruse calender script) suid () SUID KG (May 16)
- Various Lame Stuff wizdumb () LEET ORG (May 16)
- You can now track Bugtraq 24/7 with Software. Alfred Huger (May 15)
- Allmanage.pl Vulnerabilities bighawk (May 15)