Solar Eclipse 2006-12-12T08:47:33Z Solar Eclipse solareclipse@phreedom.org tag:phreedom.org,2006-12-12:/solar/ OpenLDAP kbind authentication vulnerability and remote exploit

The Kerberos KBIND authentication code in the OpenLDAP slapd server contains a remotely exploitable stack buffer overflow. The vulnerable code is enabled only when OpenLDAP is compiled with the --enable-kbind option, which has been disabled by default since version 2.0.2 and was removed from the configure script in the 2.1 release. However, the vulnerable code is still present even in the latest 2.4.3 version of OpenLDAP and can be enabled manually.

This vulnerability was found using grep and its presence indicates that the OpenLDAP code has not been audited thoroughtly enough in the past.

 tag:phreedom.org,2006-12-12:/solar/exploits/openldap-kbind/ 2006-12-12T08:47:33Z 2006-12-12T08:47:33Z Tiny PE tutorial and source code

This is a tutorial on creating really small PE executables. It describes the techniques used to create a 97 byte PE file that is successfully loaded by Windows and a 133 byte file that downloads and runs another program from the Internet. This work was was inspired by the Tiny PE challenge.

 tag:phreedom.org,2006-11-07:/solar/code/tinype/ 2006-11-07T08:13:04Z 2006-11-07T08:13:04Z Atom feed for website updates

All updates to this site are now available in an Atom feed. Subscribing to it is not going to overwhelm your RSS reader, because the website is updated only a few times per year.

 tag:phreedom.org,2006-11-05:/solar/atom.xml 2006-11-05T02:35:53Z 2006-11-05T02:35:53Z Operator Shell (osh) 1.7 vulnerabilities

The Operator Shell is a setuid root, security enhanced, restricted shell for providing fine-grain discribution of system privileges for a wide range of usages and requirements. Contrary to its stated design goals however, this programs seems to be designed to subvert security and provide unrestricted root access to any unprivileged user. During the course of a few hours, I discovered eleven vulnerabilities, ranging from vanilla strcpy overflows to format string bugs and more esoteric environment variable issues.

 tag:phreedom.org,2005-12-17:/solar/vuln/osh/ 2005-12-17T20:25:10Z 2005-12-17T20:25:10Z Microsoft ASN.1 remote exploit

This is an exploit for a previously undisclosed vulnerability in the bit string decoding routine in the Microsoft ASN.1 library (CVE-2005-1935). This vulnerability is different from the bit string vulnerability described in the eEye advisory AD20040210-2. It was silently fixed in the MS04-007 patch along with the publicly disclosed ASN.1 vulnerabilities.

 tag:phreedom.org,2005-04-19:/solar/exploits/msasn1-bitstring/ 2005-04-19T01:49:56Z 2005-04-19T01:49:56Z onesixtyone-0.3.2 SNMP scanner

onesixtyone is an efficient SNMP scanner which utilizes a sweep technique to achieve extreme performance. It is possible to scan a class B network (65536 ip addresses) in under 13 minutes with a very high degree of accuracy. onesixtyone can be used to scan a network for devices responding to well-known community names or to mount a dictionary attack against one or more SNMP devices.

 tag:phreedom.org,2004-01-05:/solar/onesixtyone/ 2004-01-05T04:06:32Z 2004-01-05T04:06:32Z