NETWORK ATTACKS
FILE TRANSFER PROTOCOL
1990 HACK: Use tftp to obtain password files
1990 HACK: How to exploit a writable FTP directory
1990 HACK: Very old "quote" bug
04/06/94 ADVISORY: wu.ftpd 2.1F & wu.ftpd 2.2 source code may contain backdoors
06/10/95 HACK: Exploiting "wu.ftpd" 2.2 with the SITE EXEC backdoor
07/12/95 HACK: Use "wu.ftpd" 2.4 or 2.4.2 beta to read or append restricted files
07/12/95 HACK: Bounce FTP connections to spoof as a different IP address
INFORMATION SYSTEMS
02/12/92 HACK: gopherd exploit to obtain a root shell [8lgm]
03/11/94 ADVISORY: "gopherd" allows unauthorized file access, CA 93:11
06/15/94 ADVISORY: Remote users may gain access to the Majordomo account, CA 94:11
02/02/95 HACK: Evil httpd servers can issue commands to WWW clients with telnet urls
02/14/95 HACK: NCSA "httpd" 1.3 can be tricked into executing shell commands, CA 95:04
07/31/95 HACK: The CGI program "AnyForm" can be fed commands to execute
08/22/95 ADVISORY: "ghostscript" is not completely safe with the flag -dSAFER, CA 95:10
09/19/95 HACK: Break netscape's shoddy implementation of SSL
IP ATTACKS
1985 ADVISORY: UDP packets should be filtered from the Internet
1995 ADVISORY: TCP packet fragment attacks against firewalls and filters
01/06/95 HACK: 'IP WATCHER', an IP hijacking program from EnGard Systems
01/25/95 HACK: An IP spoofing and sequence number exploiting program
05/08/95 HACK: How Mitnick hacked Tsutomu Shimomura with an IP sequence attack
SENDMAIL
1990 INFO: Use sendmail vrfy and expn commands to gather information
1993 HACK: Sendmail 4.1: remote access as bin
**/**/** HACK: Sendmail 4.1: Can send mail to programs
1994 HACK: Sendmail 5.55: Issue commands
1993 HACK: Append to .rhosts files with pre Sendmail 5.59
08/06/94 HACK: Sendmail 5.61: Method to obtain a non-root shell
1992 HACK: Sendmail 5.64, /etc/aliases sometimes contains: decode: |/usr/bin/uudecode
10/10/94 HACK: Sendmail 5.65: Backdoors in "sendmail" ('wiz' and 'debug' commands)
10/08/93 HACK: Sendmail 5.65: Method to create a SUID root shell
1994 HACK: Sendmail 8.6.4: Program and script to obtain a root shell
03/14/94 HACK: Sendmail 8.6.6/7: Use the -d flag to get a root shell
03/14/94 HACK: Sendmail 8.6.7: Read any file with the -oE flag
02/27/95 HACK: Sendmail 8.6.9: Obtain a bin shell
08/**/95 HACK: Sendmail(8): Race condition runs programs as any non root user [8lgm]
08/24/95 HACK: Sendmail(8): Create suid root shells [8lgm]
1993 HACK: Sendmail 8.6.?: Read any file
MAIL HOLES
1990 HACK: Exploiting the "decode" daemon
1990 INFO: More decode tests and attacks ala Dan Farmer
1991 HACK: How to send fake mail
07/12/91 HACK: elm: The autoreply utility can create root owned files [8lgm]
1994 HACK: smail 3.1.28: Create and append any file on system
1994 HACK: smail 3.1.28: use .forward and debug to read any file
1994 HACK: smail 3.1.28: Files specified in ~/.forward can be created in any directory
03/12/94 HACK: elm: Read any file with autoreply
06/06/94 HACK: Shell access users can use "popper" to create root owned files
09/01/95 HACK: elm: Create an .rhosts file for someone who doesn't have one
NETWORK SERVICES
1993 INFO: Ways to obtain the NIS domain name
1993 HACK: Use 'NFS', a program to exploit the portmapper NFS bug
12/19/94 ADVISORY: Four techniques to prevent unauthorized NFS access
1993 HACK: Use NIS and domain name to obtain passwd file
1993 HACK: Use
1995 HACK: Exploit "+" in hosts.equiv file
REMOTE
04/23/91 HACK: Use an IFS attack against "rdist" to obtain a root shell [8lgm]
09/14/91 HACK: Script to exploit "rdist" and access any file (Tsutomu Shimomura)
**/**/** HACK: rexd can be exploited by rewriting the "on" program
X WINDOWS
1993 INFO: X Window security and testing techniques
1993 TIP: X-Windows -display options with various "x" commands
09/12/93 TIP: "lock" password has 'hasta la vista' backdoor
11/16/93 HACK: "xterm" may be called with a fake passwd file
1994 TIP: Anyone can read tty devices attached to other "xterm" sessions
MISCELLANEOUS
1991 HACK: There is an old IFS hole in "vi"
1991 HACK: Interupt a "mkdir" call to access protected files
08/19/91 HACK: Overwrite or create any file with 1000 attempts to "lpr" [8lgm]
10/21/93 ADVISORY: /dev/audio ships as 666, CA 93:15
02/10/95 HACK: Execute any command with TERM and suid csh scripts