|
ru.nethack
- RU.NETHACK -------------------------------------------------------------------
From : Alex Kise 2:5020/400 07 Jan 2002 18:33:45
To : AlfaX
Subject : Re: Re:Есликомунелень.
--------------------------------------------------------------------------------
Для тех кто в танке.
CGI Scripts:CGI - directorymanager bug
Port: 80
Description So we can put an "evil code" into $userfile_name variable for
example $userfile_name=;ls;after it the second path transfer to
/usr/bin/convert will look like this :/tmp/;ls;.jpg
Risk Level: High
How To Fix: Upgrading to the most recent version of directorymanager.
Related Links: directorymanager Homepage
Script
http://socalcoeds.com/edit_image.php?dn=1&userfile=/etc/passwd&userfile_name
=%20;ls;%20
FTP Servers:ProFTPD 1.2.0 Dos attack
Port: 21
Description Proftpd built-in 'ls' command has a globbing bug that allows
remote denial-of-service.Command ls
*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* takes 100% CPU
time on the server
Risk Level: High
How To Fix: Try another FTP Server or wait new version of ProFTP Server.
Related Links: ProFTPD Homepage.
FTP Servers:ProFTPD 1.2.0rc2 shutdown format bug
Port: 21
Description Format string vulnerability in ProFTPD 1.2.0rc2 may allow
attackers to execute arbitrary commands by shutting down the FTP server
while using a malformed working directory.
Risk Level: High
How To Fix: Upgrade to the current version of ProFTPD Server.
Related Links: ProFTPD Homepage.
CVE CVE-2001-0318
FTP Servers:ProFTPD File Globbing Problems
Port: 21
Description The ftpd-child dies with signal 11 (SEGV), but the server stays
up.A segmentation fault occurs when the server tries to free a unallocated
memory with a free()-function and it could be a heap corruption
vulnerability. It is in the file lib/glibc-glob.c in function void globfree
(pglob) the SEGV occurs.
Risk Level: High
How To Fix: Update to the latest version of ProFTPD.
Related Links: ProFTPD Homepage.
Mail Servers:Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
Port: 25
Description The problem is the result of the use of signed integers in the
program's tTflag() function, which is responsible for processing arguments
supplied from the command line with the '-d' switch and writing the values
to it's internal "trace vector." The vulnerability exists because it is
possible to cause a signed integer overflow by supplying a large numeric
value for the 'category' part of the debugger arguments. The numeric value
is used as an index for the trace vector.
Risk Level: High
How To Fix: Upgrade to the current version of Sendmail.
Related Links: Sendmail Homepage.
CVE GENERIC-MAP-NOMATCH
Mail Servers:Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
Port: 587
Description The problem is the result of the use of signed integers in the
program's tTflag() function, which is responsible for processing arguments
supplied from the command line with the '-d' switch and writing the values
to it's internal "trace vector." The vulnerability exists because it is
possible to cause a signed integer overflow by supplying a large numeric
value for the 'category' part of the debugger arguments. The numeric value
is used as an index for the trace vector.
Risk Level: High
How To Fix: Upgrade to the current version of Sendmail.
Related Links: Sendmail Homepage.
CVE GENERIC-MAP-NOMATCH
Web Servers:PHP-Nuke 4.4 modify banner url
Port: 80
Description PHP-Nuke 4.4 and prior versions allow remote attackers to modify
banner ad URLs by directly calling the Change operation, which does not
require authentication. This allows an attacker to redirect all users, that
click a banner, to another site.
Risk Level: High
How To Fix: Upgrading to the most recent version of PHP-NUKE will eliminate
this issue..
Related Links: PHP-Nuke HomePage
Script http://socalcoeds.com/banners.php
CGI Scripts:CGI - Network Query Tool remote command execution
Port: 80
Description Network Query tool does not check for special meta-characters
like &;`'\"|*?~<>^()[]{}$\n\r. This allow any user to execute UNIX commands
on web server.
Risk Level: Medium
How To Fix: Upgrade to the current version of Network Query Tool.
Related Links: Network Query Tool Homepage
Script http://socalcoeds.com/network_query.php?
CVE GENERIC-MAP-NOMATCH
CGI Scripts:PHPNuke Remote File Copy Vulnerability
Port: 80
Description PHP Nuke contains a vulnerability in 'admin.php' that may allow
for remote attackers to overwrite files with custom data on target
webservers. May allow for an attacker to gain access to the host, cause
denial of service or deface the target website.
Risk Level: Medium
How To Fix: If you are not using PHP Nuke then we suggest removing if from
your system. Otherwise consult the workaround url found below.
Related Links: Workaround Fix Homepage
Script http://socalcoeds.com/admin.php
CVE GENERIC-MAP-NOMATCH
BugtraqID: 3361
FTP Servers:ProFTPd 1.2.0rc2 USER DoS
Port: 21
Description Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause
a denial of service via a series of USER commands, and possibly SIZE
commands if the server has been improperly installed.
Risk Level: Medium
How To Fix: Upgrade to the current version of ProFTPD Server.
Related Links: ProFTPD Homepage.
Mail Servers:Sendmail Debug Mode Leaks Information
Port: 587
Description This is a fairly low-risk vulnerability related to user-driven
queue processing abilities. Debugging flags can be used to obtain the
complete mail system configuration, gather potentially interesting
information about the mail queue (full message path, subject, mail software,
etc.) even if local users (and the attacker) are not allowed to read the
configuration or mail queue directly. This can be achieved by issuing the
following command:sendmail -q -d0-nnnn.xxx
Risk Level: Medium
How To Fix: Upgrade to the current version of Sendmail.
Related Links: Sendmail Homepage.
Mail Servers:Sendmail Debug Mode Leaks Information
Port: 25
Description This is a fairly low-risk vulnerability related to user-driven
queue processing abilities. Debugging flags can be used to obtain the
complete mail system configuration, gather potentially interesting
information about the mail queue (full message path, subject, mail software,
etc.) even if local users (and the attacker) are not allowed to read the
configuration or mail queue directly. This can be achieved by issuing the
following command:sendmail -q -d0-nnnn.xxx
Risk Level: Medium
How To Fix: Upgrade to the current version of Sendmail.
Related Links: Sendmail Homepage.
Mail Servers:Sendmail Queue Manipulation and Destruction
Port: 587
Description All versions of Sendmail allow any user to process the whole
mail queue, unless this feature is administratively disabled. This feature
itself is not dangerous. Due to a programming bug, specific
attacker-specified mail delivery options will be honored. It is possible to,
for example, force Sendmail to drop queue contents by setting initial
message hop count above the limit:sendmail -q -h1000
Risk Level: Medium
How To Fix: Upgrade to the current version of Sendmail.
Related Links: Sendmail Homepage.
Mail Servers:Sendmail Queue Manipulation and Destruction
Port: 25
Description All versions of Sendmail allow any user to process the whole
mail queue, unless this feature is administratively disabled. This feature
itself is not dangerous. Due to a programming bug, specific
attacker-specified mail delivery options will be honored. It is possible to,
for example, force Sendmail to drop queue contents by setting initial
message hop count above the limit:sendmail -q -h1000
Risk Level: Medium
How To Fix: Upgrade to the current version of Sendmail.
Related Links: Sendmail Homepage.
Web Servers:Apache mod_usertrack Predictable ID Generation Vulnerability
Port: 80
Description Apache ships with a module called 'mod_usertrack'. This module
contains code to generate unique identifiers for individual web sessions and
requests.The session IDs that are generated are not not random. They are
generated using the IP address of the client, the system time and the server
process ID. These IDs are not meant to be used for authentication
purposes.Any applications that rely on these IDs for authentication may be
vulnerable to ID prediction attacks.It should be noted that this is not a
vulnerability in Apache. This is only a vulnerability when an application
uses these IDs to track authenticated users.
Risk Level: Medium
How To Fix: Upgrading to the most recent version of Apache.
Related Links: Apache Web Server
BugtraqID: 3521
Web Servers:Apache Possible Directory Index Disclosure Vulnerability
Port: 80
Description A possible vulnerability exists in Apache that could cause
directory contents to be disclosed when directory indexing is enabled,
despite the presence of an 'index.html' file. The problem is likely the
result of an error in "multiview" functionality provided as part of Apache's
content negotiation support. Exploitation of this problem may lead to the
dislosure of sensitive information to attackers.
Risk Level: Medium
How To Fix: Upgrading to the most recent version of Apache.
Related Links: Apache Web Server
CVE GENERIC-MAP-NOMATCH
BugtraqID: 2503
FTP Servers:ProFTPD 1.2
Port: 21
Description Переполнение в команде quote.
Пример
ftp> quote %99s
процесс рушиться.
Risk Level: Low
Mail Servers:SMTP without AuthLogin
Port: 25
Description All people can use this SMTP server for send mail without
password
Risk Level: Low
How To Fix: Follow your SMTP server's manual on how to install authlogin.
Mail Servers:SMTP without AuthLogin
Port: 587
Description All people can use this SMTP server for send mail without
password
Risk Level: Low
How To Fix: Follow your SMTP server's manual on how to install authlogin.
"AlfaX" <kewworld@online.ru> сообщил/сообщила в новостях следующее:
news:a18uh4$3p2$1@news.sovam.com...
> > Вот сайт (легкое эро), 64.157.92.77 и его порты с багами 21 25 80 587 .
> Кто тебе сказал что там порты с багами ? ;)
> > Остальные вроде без дырок.
> > Если кому не лень - проанализируйте. У меня кончается инет.
> Возникает вопрос резонный - а зачем оно кому надо ?
--- ifmail v.2.15dev5
* Origin: ReIS Ltd. (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
