|
ru.nethack
- RU.NETHACK -------------------------------------------------------------------
From : Nikita Melikhov 2:5030/1081.63 10 Jul 2003 06:04:14
To : All
Subject : Взлом [2]
--------------------------------------------------------------------------------
Расскажите про дыры(как воспользоваться, что это даст и т.д.). Есть эксплойты?
ЪДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДД Report.txt ДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДД
www.**********.com
IP адрес компьютера "www.**********.com" : ***.***.***.***
Обратный DNS по этому адресу "**********.com"
Компьютер находится в сети (TTL = 239)
Cеть класса C (максимальное число компьютеров 254)
TCP порты
- открытые : 15
- закрытые : 2914
- недоступные : 11
- порт 80/tcp
сервер HTTP : Apache/1.3.9 (Unix)
состояние : 200 (OK)
текущие дата и время : (Thu, 10 Jul 2003 03:58:09 GMT)
формат содержимого : (text/html)
соединение : (close)
определение следующей информации находится пока в тестовом режиме
реальное имя http-сервера совпадает с указанным в его ответе
сервер HTTP : Apache HTTP Server (1.3.X)
_*подозрение на существование уязвимости*_
*просмотр файлов на диске (ошибка в модуле mod_rewrite) и листинг директорий*
описание уязвимости:
Apache Rewrite Module Arbitrary File Disclosure Vulnerability:
mod_rewrite is a module shipped with Apache 1.2 and later.
It is used to map special URLS to absolute files on the
web server's filesystem. If a RewriteRule directive is
expressed whose result maps to a filename containing
regular expression references, the result may provide an
attacker with the ability to view arbitrary files on the host.
Apache Artificially Long Slash Path Directory Listing Vulnerability:
In a default configuration, Apache enables mod_dir, mod_autoindex,
and mod_negotiation. However, by placing a custom crafted request
to the Apache server consisting of a long path name created
artificially by using numerous slashes, this can cause these modules
to misbehave, making it possible to escape the error page, and gain
a listing of the directory contents.
This vulnerability makes it possible for a malicious remote user
to launch an information gathering attack, which could potentially
result in compromise of the system.
Additionally, this vulnerability affects all releases
of Apache previous to 1.3.19.
Solution: Upgrade.
Patch: http://httpd.apache.org/dist/
Urls:
http://www.securityfocus.com/bid/1728
http://www.securityfocus.com/bid/2503
- порт 23/tcp
_сервер TELNET - терминал удаленного доступа_
BSDI BSD/OS 4.1 (bus3.lacompworks.com) (ttyp0)
login:
------------------------------------------
- порт 53/tcp
сервер DNS (TCP)
рекурсия не поддерживается сервером
возможен трансфер зоны "lacompworks.com"
/_версия BIND : 8.2.2-P7+tsig+infoleak_/
_*подозрение на существование уязвимости*_
*командная строка*
описание уязвимости:
Возможно удаленное выполнение команд при включенной рекурсии сервера.
The vulnerabilities described in this advisory affect nearly all currently
deployed recursive DNS servers on the Internet. The DNS network is
considered
a critical component of Internet infrastructure. There is no information
implying that these exploits are known to the computer underground, and
there
are no reports of active attacks. If exploits for these vulnerabilities
are
developed and made public, they may lead to compromise and DoS attacks
against
vulnerable DNS servers. Since the vulnerability is widespread, an Internet
worm may be developed to propagate by exploiting the flaws in BIND.
Widespread
attacks against the DNS system may lead to general instability and
inaccuracy
of DNS data.
Solution: Upgrade to bind 8.2.7, 8.3.4 or 4.9.11
URLs:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
_*подозрение на существование уязвимости*_
*командная строка и/или DOS-атака*
описание уязвимости:
A buffer overflow vulnerability exists in multiple implementations of
DNS resolver libraries. Operating systems and applications that
utilize vulnerable DNS resolver libraries may be affected. A remote
attacker who is able to send malicious DNS responses could potentially
exploit this vulnerability to execute arbitrary code or cause a denial
of service on a vulnerable system.
Solution : Upgrade to a corrected version of the DNS resolver libraries.
Url:
http://www.cert.org/advisories/CA-2002-19.html
_*подозрение на существование уязвимости*_
*переполнение буфера (shell code)*
описание уязвимости:
Multiple vulnerabilities in various versions
of BIND.
Version 8 of BIND contains a overflow that may be exploitable
to remote attackers. Due to a bug that is present when handling
invalid transaction signatures, it is possible to overwrite some
memory locations with a known value. If the request came in via
the UDP transport then the area partially overwriten is a stack
frame in named. If the request came in via the TCP transport then
the area partically overwriten is in the heap and overwrites
malloc's internal variables. This can be exploited to execute
shellcode with the privileges of named (typically root).
It is believed that most (if not all) versions of BIND in use
contain a vulnerability that may allow an attacker to view
named's memory. This may aid an attacker in further attacks.
The problem occurs in the Compressed Zone Transfer (ZXFR)
functionality of BIND. A default installation of BIND does not
support the transfer of compressed zone files. However, daemon
that allows zone transfers and recursive queries will crash if
queried for a compressed zone transfer that is not in the nameserver
cache. This could result in a name resolution Denial of Service for
all users and systems depending upon
nameservers using the affected software.
Solution: Upgrade.
Patch: Get it from Your vendor
Url:
http://www.securityfocus.com/bid/2302
http://www.securityfocus.com/bid/2321
http://www.securityfocus.com/bid/1923
- порт 111/tcp
сервис RPC Port Mapper (карта портов)
список портов:
100000 - vers=2 (tcp : 111) - Port Mapper
100000 - vers=2 (udp : 111) - Port Mapper
- порт 515/tcp
ответ сервиса:
/_lpd: Malformed from address #10_/
_*подозрение на существование уязвимости*_
*возможно переполнение буфера в ОС Solaris и BSD*
описание уязвимости:
Buffer overflow in lpd daemon in BSD and Solaris.
It has been reported that it is possible to execute
commands on target hosts through lpd by manipulating
the use of sendmail by the daemon. If this
vulnerability is successfully exploited, remote
attackers can execute any command on the target host
with superuser privileges.
Solution: Upgrade.
Patch:
http://www.BSDI.COM/services/support/patches/patches-4.1/M410-044
http://sunsolve.sun.com
Urls:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?id=advise94
http://www.securityfocus.com/bid/3274
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?id=advise80
- порт 1109/tcp
ответ сервиса на http запрос:
/_ERR Kerberos authentication failure: Generic kerberos error (KFAILURE) #13_/
#10
ответ на Ms SQL запрос:
/_ERR Kerberos authentication failure: Generic kerberos error (KFAILURE) #13_/
#10
- порт 53/udp
сервер DNS (UDP)
сервер поддерживает рекурсию
_версия BIND : 8.2.2-P7+tsig+infoleak_
_*подозрение на существование уязвимости*_
*командная строка*
описание уязвимости:
Возможно удаленное выполнение команд при включенной рекурсии сервера.
The vulnerabilities described in this advisory affect nearly all currently
deployed recursive DNS servers on the Internet. The DNS network is
considered
a critical component of Internet infrastructure. There is no information
implying that these exploits are known to the computer underground, and
there
are no reports of active attacks. If exploits for these vulnerabilities
are
developed and made public, they may lead to compromise and DoS attacks
against
vulnerable DNS servers. Since the vulnerability is widespread, an Internet
worm may be developed to propagate by exploiting the flaws in BIND.
Widespread
attacks against the DNS system may lead to general instability and
inaccuracy
of DNS data.
Solution: Upgrade to bind 8.2.7, 8.3.4 or 4.9.11
URLs:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
_*подозрение на существование уязвимости*_
*командная строка и/или DOS-атака*
описание уязвимости:
A buffer overflow vulnerability exists in multiple implementations of
DNS resolver libraries. Operating systems and applications that
utilize vulnerable DNS resolver libraries may be affected. A remote
attacker who is able to send malicious DNS responses could potentially
exploit this vulnerability to execute arbitrary code or cause a denial
of service on a vulnerable system.
Solution : Upgrade to a corrected version of the DNS resolver libraries.
Url:
http://www.cert.org/advisories/CA-2002-19.html
_*подозрение на существование уязвимости*_
*переполнение буфера (shell code)*
описание уязвимости:
Multiple vulnerabilities in various versions
of BIND.
Version 8 of BIND contains a overflow that may be exploitable
to remote attackers. Due to a bug that is present when handling
invalid transaction signatures, it is possible to overwrite some
memory locations with a known value. If the request came in via
the UDP transport then the area partially overwriten is a stack
frame in named. If the request came in via the TCP transport then
the area partically overwriten is in the heap and overwrites
malloc's internal variables. This can be exploited to execute
shellcode with the privileges of named (typically root).
It is believed that most (if not all) versions of BIND in use
contain a vulnerability that may allow an attacker to view
named's memory. This may aid an attacker in further attacks.
The problem occurs in the Compressed Zone Transfer (ZXFR)
functionality of BIND. A default installation of BIND does not
support the transfer of compressed zone files. However, daemon
that allows zone transfers and recursive queries will crash if
queried for a compressed zone transfer that is not in the nameserver
cache. This could result in a name resolution Denial of Service for
all users and systems depending upon
nameservers using the affected software.
Solution: Upgrade.
Patch: Get it from Your vendor
Url:
http://www.securityfocus.com/bid/2302
http://www.securityfocus.com/bid/2321
http://www.securityfocus.com/bid/1923
Hайдено:
- замечаний : /_14_/
- возможных предупреждений : 1
- предупреждений : 6
- потенциальных опасностей : *7*
Затраченное время = 00:37:08
Generated by XSpider 6.50 Christmas Edition (http://www.ptsecurity.ru)
10.07.2003 - 5:17:05
АДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДД Report.txt ДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДДД
Пока, All, счастливого тебе коннекта на 115200!
[VAUT Group] [K-PAX] [LOVE] [MOD] [GTA] [?] [ASM] [PASCAL] [RU.ONANIZM] [RAP]
Winamp Die
--- _VAUT_ _/Station/_
* Origin: CONNECT здесь больше не живет! (2:5030/1081.63)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
Взлом [2] |
Nikita Melikhov |
10 Jul 2003 06:04:14 |
 Взлом [2] |
Maksim Rusakevich |
11 Jul 2003 15:12:56 |
 Взлом [2] |
Nikita Melikhov |
14 Jul 2003 21:25:18 |
|
Взлом [2] |
Alexandr Oskolkov |
17 Jul 2003 15:06:35 |
|
|
