Anomalous Payloadbased Worm Detection and Signature Generation.

Technical Cyber Security Alert TA07-059A - A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on unpatched Sun Solaris systems. The vulnerability allows the worm (or any attacker) to log in via telnet (23/tcp) with elevated privileges.

Technical Cyber Security Alert TA09-088A - US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067.

Whitepaper called How Conficker makes use of MS08-067.

This Metasploit module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten.

This Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".

Linksys E-Series unauthenticated remote command execution exploit that leverages the same vulnerability as used in the "Moon" worm.

Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so called "TheMoon" worm. There are many Linksys systems that might be vulnerable including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This Metasploit module was tested successfully against an E1500 v1.0.5.

This Metasploit module exploits sendmail's well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. Currently only cmd/unix/reverse and cmd/unix/generic are supported.

Linux Security Checklist is a perl script that audits a given Linux host and provides recommendations for security enhancements.

HP Security Bulletin - A potential security vulnerability has been identified in the Aries PA-RISC emulation software running on HP-UX IA-64 platforms only. This vulnerability may allow local unauthorized access.

Ubuntu Security Notice USN-715-1 - Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. It was discovered that the inotify subsystem contained watch removal race conditions. Dann Frazier discovered that in certain situations sendmsg did not correctly release allocated memory. Helge Deller discovered that PA-RISC stack unwinding was not handled correctly. It was discovered that the ATA subsystem did not correctly set timeouts. It was discovered that the ib700 watchdog timer did not correctly check buffer sizes.