OpenBSD

PHP-CGI Argument Injection Exploit Update

This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. This update adds support for FreeBSD, OpenBSD, RedHat and Windows platforms.

Apache Chunked Encoding Exploit Update

This package fixes a bug in the Apache chunked encoding exploit.

PHP-CGI Argument Injection Exploit

This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

OpenBSD PF IP Fragment Remote DoS

This module exploits a OpenBSD's PF remote denial-of-service vulnerability. This issue is due to a flaw in affected kernels that results in a kernel crash when attempting to normalize IP fragments.

PHP Hash Table Collisions DoS Update

This module sends HTTP requests with specially crafted data making the PHP interpreter to consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. This is update fixes an issue when launching the module from an agent running in a linux system.

PHP Hash Table Collisions DoS

This module sends HTTP requests with specially crafted data making the PHP interpreter to consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations.

OpenBSD PF IP ICMPV6 Remote DoS

OpenBSD's PF is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause a kernel panic on affected computers, denying further service to legitimate users.

Sudoedit Privilege Escalation Exploit Update

This module exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to execute any command as root including a shell, allowing an unprivileged process to elevate its privileges to root. This update adds OSX 10.6 (Snow Leopard) as supported target.

OpenSSH Channel Exploit Update

Exploits an off-by-one bug in channel management code in OpenSSH. This update excludes the module from automated attacks launched by the "Network Attack and Penetration" feature, since the module requires credentials of a known account on the vulnerable system, and hence won't work with default parameters.

OpenBSD PF IP ICMPV6 Remote DoS Update

OpenBSD's PF is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause a kernel panic on affected computers, denying further service to legitimate users. This update improves reliability in Impact 10.