Metasploit mailing list archives
Version 2.3 Updates - March 3, 2005
From: hdm at metasploit.com (H D Moore)
Date: Thu, 3 Mar 2005 05:45:25 -0600
Hello everyone, On February 20th, we published the first research article on the metasploit.com web site. This article investigates the default security settings of the Arkeia Network Backup Client and leads up to the new arkia_agent_access.pm exploit module. In addition, we released two reliable exploits for Arkeia "Type 77" buffer overflow. These modules include a "check" command that will identify vulnerable Arkeia systems and display a ton of useful information about the remote system. - http://metasploit.com/research/arkeia_agent/ A few hours ago, three new exploits were added to the msfupdate system, framework snapshot, and web archive. Two of these exploits are for the recently published Computer Associates License Client/Server vulnerabilities. The CA License Client listens on TCP port 10203 and is enabled by default on every single product sold by CA. If you are using eTrust, Unicenter, BrightStor, or anything else with the CA name on it, you should really start patching: - http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp The third exploit is for a trivial stack overflow bug in the TrackerCam webcam software. Luigi published a massive pile of bugs in this product on February 18th and the vendor has yet to provide a fixed version. The www.trackercam.com web site shows over one hundred "Live Cams" that are running this software (and nearly 2500 "offline" cams)... - http://www.osvdb.org/13953 - http://aluigi.altervista.org/adv/tcambof-adv.txt I would like to thank everyone who has donated cash, code, hardware, or time to the project over the last couple weeks -- there is nothing like community support to motivate an open-source development team :-) -HD
Current thread:
- Version 2.3 Updates - March 3, 2005 H D Moore (Mar 03)