SecurityFocus Linux Newsletter #149
------------------------------------
This Issue is Sponsored by: SecurityFocus
We are pleased to announce the launch of two new mailing lists for the
Security community:
1. Security Management (security-management-subscribe (at) securityfocus (dot) com [email concealed])
2. Bugtraq-French (bugtraq-french-subscribe (at) securityfocus (dot) com [email concealed])
To subscribe to either of these lists, send mail to the listserv at the
respective address indicated above; the subject and body of your message
do not matter. Or, you can visit our signup page at
http://www.securityfocus.com/archive
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Dynamic Honeypots
2. Demonstrating ROI for Penetration Testing (Part Three)
3. Hardening the TCP/IP stack to SYN attacks
4. SecurityFocus New Mailing List Announcement
II. LINUX VULNERABILITY SUMMARY
1. ISS RealSecure Server Sensor SSL Denial Of Service Vulnerabi...
2. Digital Scribe Error Function Cross-Site Scripting Vulnerabi...
3. Roger Wilco Remote Server Side Buffer Overrun Vulnerability
4. PHPBB URL BBCode HTML Injection Vulnerability
5. RealOne Player Insecure Configuration File Permission Local ...
6. WinRAR Compressed File Size Misrepresentation Weakness
7. Invision Power Board Index.php Showtopic Cross-Site Scriptin...
8. Gordano Messaging Suite WWW.exe Denial of Service Vulnerabil...
9. Gordano Messaging Suite Alertlist.mml Information Disclosure...
10. Net-SNMP Unauthorized MIB Object Access Vulnerability
11. KokeshCMS Unauthorized Content Editing Vulnerability
12. CmdFTP Store_Line() Heap Overflow Vulnerability
13. Pine Message/External-Body Type Attribute Buffer Overflow Vu...
14. Pine rfc2231_get_param() Remote Integer Overflow Vulnerabili...
15. MySQL Password Handler Buffer Overflow Vulnerability
16. Asterisk CallerID Call Detail Records SQL Injection Vulnerab...
III. LINUX FOCUS LIST SUMMARY
1. Accessing file server (Thread)
2. Voting on issues for this list and SecurityFocus (Fo... (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Sophos Anti-Virus
2. Zorp
3. F-Secure Policy Manager
4. Gordano Messaging Suite
5. LANDesk Management Suite 7
6. ActiveScout Enterprise
V. NEW TOOLS FOR LINUX PLATFORMS
1. Private v0.5b
2. LinuxMagic magic-smtpd v0.7.2rc3
3. GKrellM v2.1.18 (GTK 2.0)
4. Tiny SHell v0.6
5. iptables-control v1.0.6
6. SpamProbe v0.9e
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Dynamic Honeypots
By Lance Spitzner
The search for the dream honeypot: dynamic honeypots, an appliance-like
plug-and-play solution.
http://www.securityfocus.com/infocus/1731
2. Demonstrating ROI for Penetration Testing (Part Three)
By Marcia Wilson
The third article in this series focuses on defining terms related to the
Risk Analysis process and touches on Information Asset valuation methods
that are critical when justifying the necessity and expense of a Pen
Test.
http://www.securityfocus.com/infocus/1730
3. Hardening the TCP/IP stack to SYN attacks
By Mariusz Burdach
This article discusses methods of hardening the TCP/IP stack of various
operating systems to make servers more resistant to SYN flooding and SYN
spoofing Denial of Service (DOS) attacks.
http://www.securityfocus.com/infocus/1729
4. SecurityFocus New Mailing List Announcement
We are pleased to announce the launch of two new mailing lists for the
Security community:
1. Security Management (security-management-subscribe (at) securityfocus (dot) com [email concealed])
2. Bugtraq-French (bugtraq-french-subscribe (at) securityfocus (dot) com [email concealed])
To subscribe to either of these lists, send mail to the listserv at the
respective address indicated above; the subject and body of your message
do not matter. Or, you can visit our signup page at
http://www.securityfocus.com/archive
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. ISS RealSecure Server Sensor SSL Denial Of Service Vulnerabi...
BugTraq ID: 8550
Remote: Yes
Date Published: Sep 05 2003
Relevant URL: http://www.securityfocus.com/bid/8550
Summary:
ISS RealSecure Server Sensor is an intrusion detection technology that can
integrate with an underlying web server such as Microsoft IIS or Apache.
It supports a number of platforms including Microsoft Windows and
Unix/Linux variants.
ISS RealSecure Server Sensor is prone to a denial of service when handling
a malicious request over SSL. It is reportedly possible to reproduce this
condition by passing invalid unicode characters in a request over SSL.
This vulnerability could be exploited to crash the underlying Microsoft
IIS web server. It should be noted that the service may be automatically
restarted.
It is not known if this issue affects other platforms or can be exploited
to crash other underlying web server implementations.
The researchers who discovered this vulnerability are currently
investigating the possibility of exploiting this issue to execute
arbitrary code, though sufficient details are not available regarding this
at the time of writing. This BID will be updated and impacts adjusted
accordingly if more details become available.
2. Digital Scribe Error Function Cross-Site Scripting Vulnerabi...
BugTraq ID: 8551
Remote: Yes
Date Published: Sep 05 2003
Relevant URL: http://www.securityfocus.com/bid/8551
Summary:
Digital Scribe is a freely available, open source PHP publishing
application. It is available for the Linux platform.
A problem has been reported in the checking of input by Digital Scribe.
Because of this, it may be possible for an attacker to steal cookie
authentication credentials or launch other attacks.
The problem is in the handling of input by the register.php and login.php
scripts. In both scripts, the error URI parameter does not sufficiently
filter input before displaying it in web pages, making it possible for an
attacker to include HTML and script code in a malicious link to a site
running the software. If such a link is visited, then hostile code
included in the link may be rendered by the victim user's browser in the
context of the site.
3. Roger Wilco Remote Server Side Buffer Overrun Vulnerability
BugTraq ID: 8566
Remote: Yes
Date Published: Sep 08 2003
Relevant URL: http://www.securityfocus.com/bid/8566
Summary:
Roger Wilco is a net-based communication client designed to allow users to
speak in real-time. Multiple clients may connect to a single server
allowing remote users to interact. It is available for the Microsoft
Windows operating servers.
A remote buffer overrun has been reported for various Roger Wilco server
releases. The problem lies in the fact that the vulnerable servers rely on
client-side size values when copying data into internal memory buffers.
When a client attempts to connect to a server, it first transmits a packet
containing a variety of data, including the password and channel. The 3rd
and 4th bytes of this packet denote the size of this data. Upon receiving
this transmission, the server uses the client-supplied size value when
copying the data into an internal memory buffer. As the size value is two
bytes, an attacker could theoretically supply up to 65535 bytes of data to
be copied into the server. As the server has previously allocated a buffer
believed to be of sufficient size, this could result in a buffer overrun.
An attacker may be capable of exploiting this issue to overwrite sensitive
memory variables within the server process space. This could ultimately
allow for the execution flow of the server to be controlled, and may
result in the execution of attacker-supplied instructions.
4. PHPBB URL BBCode HTML Injection Vulnerability
BugTraq ID: 8570
Remote: Yes
Date Published: Sep 08 2003
Relevant URL: http://www.securityfocus.com/bid/8570
Summary:
phpBB is an open-source web forum application that is written in PHP and
supported by a number of database products. It will run on most Unix and
Linux variants, as well as Microsoft Windows operating systems.
BBCode is a basic restricted implementation of HTML that is used to
control the appearance of text in user-supplied phpBB entries.
phpBB BBCode has been reported prone to an HTML injection vulnerability.
It has been reported that an attacker may inject malicious script into
areas of phpBB where BBCode is rendered, for example bulletin board posts
or private messages. This issue is due to a lack of sufficient
sanitization performed on user supplied URL BBCode tags. The [url] BBCode
tag is reported vulnerable.
As a result of the lack of sanitization, injected code may be rendered in
the web browser of a user who views vulnerable areas of the site. This
would occur in the security context of the site hosting phpBB and its
related modules.
An attacker may exploit this issue to steal cookie-based authentication
credentials, other attacks may also be possible.
Although this vulnerability has been reported to affect phpBB version
2.0.6, other versions may also be vulnerable.
5. RealOne Player Insecure Configuration File Permission Local ...
BugTraq ID: 8571
Remote: No
Date Published: Sep 09 2003
Relevant URL: http://www.securityfocus.com/bid/8571
Summary:
RealOne Player is a media player that is available for a number of
platforms including Microsoft Windows and MacOS systems.
RealOne Player reported prone to a local privilege escalation
vulnerability.
The configuration files for the RealOne Player are installed in the
'.realnetworks' hidden folder in a users home directory. The issue
presents itself, because configuration files stored in this directory are
installed with 0660 permissions. This means that an attacker, who is in
the same group as a target user, may modify RealOne Player configuration
files and may thereby escalate privileges to that of the target user.
A local attacker may exploit this condition; by creating a Trojan shared
library and modifying the 'dt_codecs' variable in the 'RealShared_0_0'
configuration file, so that it points to the malicious shared library.
This may result in arbitrary code execution in the context of the target
user, when RealOne Player is executed. Other methods of exploitation are
also possible.
It should be noted, that this vulnerability has been reported to affect
X86 Linux variants of RealOne Player.
6. WinRAR Compressed File Size Misrepresentation Weakness
BugTraq ID: 8572
Remote: Yes
Date Published: Sep 09 2003
Relevant URL: http://www.securityfocus.com/bid/8572
Summary:
WinRAR is a compression utility capable of reading and writing files using
several different archival formats. It is available for the Microsoft
Windows Operating system.
WinRAR is prone to a weakness that may allow malicious parties to
misrepresent the size of compressed files. This issue occurs because
WinRAR trusts values in the .rar header without adequately verifying the
actual file size.
If the .rar header is otherwise correct and contains a valid CRC checksum,
then WinRAR will pre-allocate space to decompress the file based on file
size information provided in the header. During pre-allocation, WinRAR
will not verify that there is enough disk space to decompress files
included in the archive based on their actual size (since pre-allocation
is based on the size specified in the header). This presents a security
threat because a user may expect that a compressed file is a certain size
and decompress it based on this assumption. A deceptively large file
could be included in an archive that consumes all available disk space
when it is decompressed. Furthermore, under some circumstances, WinRAR
may attempt to extract a file based on the size specified in the header,
even if the actual file size is relatively small, filling any disk space
beyond the end of the decompressed file with zeroes.
UnRar, a Rar add-on distributed by RARLAB, is also prone to this issue.
The UnRar add-on is available for a number of operating systems, including
Unix/Linux derivatives and may be invoked automatically by various virus
scanners. This could pose an additional attack vector which does not
require user interaction to exploit.
There have been conflicting reports as to whether WinRar 3.20 is
vulnerable to this issue or not.
7. Invision Power Board Index.php Showtopic Cross-Site Scriptin...
BugTraq ID: 8575
Remote: Yes
Date Published: Sep 09 2003
Relevant URL: http://www.securityfocus.com/bid/8575
Summary:
Invision Board is web forum software. It is implemented in PHP and is
available for Unix and Linux variants and Microsoft Windows operating
systems.
Invision Power Board index.php script reported prone to a cross-site
scripting vulnerability.
The issue presents itself due to a lack of sufficient sanitization
performed by functions in the index.php script on user-influenced
'showtopic' URI parameter. It has been reported that a remote attacker may
construct a malicious link to the script and supply arbitrary HTML code as
a value for the 'showtopic' URI parameter. If this link is followed, the
content of the 'showtopic' parameter will be rendered in the browser of
the user who followed the link.
This could permit the theft of cookie authentication credentials; other
attacks may also be possible.
8. Gordano Messaging Suite WWW.exe Denial of Service Vulnerabil...
BugTraq ID: 8576
Remote: Yes
Date Published: Sep 10 2003
Relevant URL: http://www.securityfocus.com/bid/8576
Summary:
Gordano Messaging Suite is a messaging server that is compatible with
Windows, Linux, Sun Solaris and IBM AIX platforms. The suite provides
e-mail, instant messaging, SMS and antivirus services for its clients.
A vulnerability has been reported to be present in the WWW.exe process of
the software that may allow a remote attacker to cause the process to
crash on Windows systems.
WWW.exe process listens on TCP ports 80, 8000, 8025, 8081, 8888, and 9000
in order to provide services such as Administration, WebMail Professional,
WebMail Express, WebMail Mobile, Instant Messaging, and Web Server
services. The problem occurs when a remote attacker sends a malicious
HTTP GET request with the characters '/../..' to the web server. The
attack may cause WWW.exe process to crash resulting in the termination of
all services provided by the process. Restarting the process may resume
normal functionality.
It has been reported that the WWW.exe process does not crash when running
on Linux platforms however an attacker may send multiple HTTP GET requests
with the characters '/../..' to the server resulting the process to hang.
This would cause a denial of service to legitimate users.
Successful exploitation of this condition would effectively deny service
to legitimate users.
Gordano Messaging Suite version 9.0 has been reported to be prone to this
vulnerability, however other version may be affected as well.
9. Gordano Messaging Suite Alertlist.mml Information Disclosure...
BugTraq ID: 8579
Remote: Yes
Date Published: Sep 10 2003
Relevant URL: http://www.securityfocus.com/bid/8579
Summary:
Gordano Messaging Suite is a messaging server that is compatible with
Windows, Linux, Sun Solaris and IBM AIX platforms. The suite provides
e-mail, instant messaging, SMS and antivirus services for its clients.
A vulnerability has been reported to be present in the Alertlist.mml
module of the software that may allow a user to access sensitive data
reserved for administration.
Alertlist.mml provides an administrator with information about users that
have logged in to the server. This data includes information such as
usernames,
domains, and logged in time. It has been reported that a user without
administrative privileges may access Alertlist.mml as the software fails
to carry out proper authentication when accessing Alertlist.mml.
This problem may result in an attacker gaining access to sensitive data
that may be used to launch further attacks against vulnerable hosts.
Gordano Messaging Suite version 9.0 has been reported to be prone to this
vulnerability, however other version may be affected as well.
10. Net-SNMP Unauthorized MIB Object Access Vulnerability
BugTraq ID: 8582
Remote: Yes
Date Published: Sep 06 2003
Relevant URL: http://www.securityfocus.com/bid/8582
Summary:
Net-SNMP is a freely available, open source implementation of the SNMP
protocol. It was previously known as UCD-SNMP, and is available for the
Unix and Linux operating systems.
Net-SNMP is prone to a vulnerability that may permit an existing user or
community to gain unauthorized access to MIB objects. MIB objects that
are explicitly excluded from a user's or community's view may still be
accessed due to this vulnerability. This could potentially allow
malicious parties to gain read/write access to information contained in a
restricted MIB.
11. KokeshCMS Unauthorized Content Editing Vulnerability
BugTraq ID: 8585
Remote: Yes
Date Published: Sep 09 2003
Relevant URL: http://www.securityfocus.com/bid/8585
Summary:
KokeshCMS is a content management system that is implemented in PHP. It
is available for Microsoft Windows operating systems and Unix/Linux
variants.
KokeshCMS does not adequately secure access to the content editing script
(edit.php). The source of the problem is that KokeshCMS does not force
users to authenticate before granting access to the script. As a result,
remote users can access this script without needing to authenticate. A
remote attacker could exploit this issue to manipulate content on sites
managed by the software, for example, placing malicious or abusive content
on a site. This could pose an additional risk if users trust the site's
content.
12. CmdFTP Store_Line() Heap Overflow Vulnerability
BugTraq ID: 8587
Remote: Yes
Date Published: Sep 08 2003
Relevant URL: http://www.securityfocus.com/bid/8587
Summary:
cmdftp is a command line FTP client for Linux.
cmdftp has been reported prone to a remote heap overflow vulnerability.
The issue presents itself likely due to insufficient boundary checks
performed by store_line() when handling ftp server directory listings.
Excessive data returned by a malicious FTP server, when an 'ls' command is
invoked, may overflow the bounds of a buffer in heap memory and result in
the corruption of adjacent heap memory management structures. Ultimately a
remote attacker may leverage this corruption to have supplied arbitrary
instructions executed in the context of the user who is running the
vulnerable FTP client.
This vulnerability has been reported to affect all versions of cmdftp
prior to version 0.641.
13. Pine Message/External-Body Type Attribute Buffer Overflow Vu...
BugTraq ID: 8588
Remote: Yes
Date Published: Sep 10 2003
Relevant URL: http://www.securityfocus.com/bid/8588
Summary:
Pine is a freely available, open source Mail User Agent. It is
distributed by the University of Washington, and available for the Unix,
Linux, and Microsoft platforms.
A problem in Pine has been reported when handling "message/external body
type" attributes. Because of this, an attacker may be able to gain
unauthorized access to a host using the vulnerable software.
The problem is in the parsing of the name/value pairs. Due to improper
bounds checking, it is possible to supply a value in this field that
results in the overwriting of sensitive process memory. An attacker can
exploit this with a custom string to execute arbitrary code with the
privileges of the Pine user.
14. Pine rfc2231_get_param() Remote Integer Overflow Vulnerabili...
BugTraq ID: 8589
Remote: Yes
Date Published: Sep 10 2003
Relevant URL: http://www.securityfocus.com/bid/8589
Summary:
Pine is an e-mail client program used with Linux and Unix distributions.
It has been reported that Pine is prone to an integer overflow condition
resulting in possible memory corruption and leading to arbitrary code
execution.
The vulnerability exists in the rfc2231_get_param() function present in
the strings.c file. The condition is triggered when a vulnerable user
opens a maliciously crafted e-mail message sent by a remote attacker. The
vulnerability exists due to insufficient bounds checking by the software
when parsing e-mail message headers. Due to the possibility of memory
corruption, an attacker may be able to execute arbitrary code in the
security context of the vulnerable version of Pine.
Successful exploitation of this issue may allow an attacker to execute
arbitrary code in order to gain unauthorized access to a vulnerable host.
15. MySQL Password Handler Buffer Overflow Vulnerability
BugTraq ID: 8590
Remote: Yes
Date Published: Sep 10 2003
Relevant URL: http://www.securityfocus.com/bid/8590
Summary:
MySQL is an open source relational database project. It is available for
the Microsoft Windows, Linux, and Unix operating systems.
MySQL server has been reported prone to a buffer overflow vulnerability
when handling user passwords of excessive size.
The issue presents itself, due to a lack of sufficient bounds checking
performed on MySQL user passwords that are stored in the 'Password' field
of the 'User' table in a MySQL database. It has been reported that MySQL
fails to properly perform bounds checking when processing passwords. A
password greater that 16 characters may overrun the bounds of a reserved
buffer in memory and corrupt adjacent memory. The buffer overflow occurs
in an ACL_USER instance of acl_init(), and may ultimately result in the
corruption of a saved instruction pointer.
An attacker with global administrative privileges on an affected MySQL
server may potentially exploit this condition to have arbitrary supplied
instructions executed in the context of the MySQL server.
This vulnerability has been reported to affect all versions of MySQL up to
and including 4.0.14 and 3.0.57.
16. Asterisk CallerID Call Detail Records SQL Injection Vulnerab...
BugTraq ID: 8599
Remote: Yes
Date Published: Sep 11 2003
Relevant URL: http://www.securityfocus.com/bid/8599
Summary:
Asterisk is a software-based PBX system, which is available for Linux
operating systems. Asterisk includes support for various protocols
including SIP, IAX v1 and v2, and H323. It is back-ended by a relational
database.
Call Detail Records (CDR) are used by telephone systems to record various
user data. This includes a variety of information, such as the CallerID
data.
Asterisk is prone to SQL injection attacks via malformed CDR data. The
vulnerability occurs due to insufficient sanitization of user-supplied
CallerID data and could allow for the execution of SQL commands on the
system hosting Asterisk. This could potentially be exploited by an
attacker to influence the logic of SQL queries or to exploit
vulnerabilities in the underlying database. Other attacks may also be
possible.
For an attacker to exploit this issue, it would have to be possible for
them to modify the CallerID data sent out by their phone system.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Accessing file server (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/336910
2. Voting on issues for this list and SecurityFocus (Fo... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/336843
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Sophos Anti-Virus
By: Sophos
Platforms: AIX, DOS, FreeBSD, HP-UX, Linux, MacOS, Netware, OS/2, Solaris,
UNIX, VMS, Windows 3.x, Windows 95/98, Windows NT
Relevant URL: http://www.sophos.com/products/sav/
Summary:
Sophos Anti-Virus is a unique solution to the virus problem, providing
true cross-platform protection in a single, fully integrated product. The
network-centric design provides a host of benefits for the protection of
servers, workstations and portables. Sophos's ground-breaking architecture
maximises protection, while minimising performance and administrative
overheads.
2. Zorp
By: Balabit IT Security Ltd.
Platforms: Linux
Relevant URL: http://www.balabit.com/products/zorp/
Summary:
Zorp is a proxy firewall suite making it possible to finetune proxy
decisions (with its built in script language), to fully analyze complex
protocols (like SSH with several forwarded TCP connections), to use
outband authentication techniques (unlike common practices where proxy
authentication had to be hacked into the protocol). Combined the power
explained above, source code is provided under the GNU/GPL.
3. F-Secure Policy Manager
By: F-Secure Corporation
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.f-secure.com/products/policy-man/index.shtml
Summary:
With F-Secure Policy Manager, your system administrator can manage all the
critical security applications from antivirus protection to file and
network encryption from one single console. The administrator can
automatically and remotely install, configure and update the applications.
It is possible to manage the security applications on almost any device
and across the enterprise so that even the security of mobile workers'
laptops is guaranteed. In addition to all this, the administrator can
easily monitor the network by generating extensive reports on the security
status of the network.
4. Gordano Messaging Suite
By: Gordano
Platforms: AIX, Linux, Solaris, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.gordano.com/
Summary:
Gordano's Messaging Suite provides robust and secure email, instant and
SMS messaging for small, medium and large businesses.
5. LANDesk Management Suite 7
By: LANDesk Software
Platforms: AIX, HP-UX, Linux, MacOS, Solaris, Windows 2000, Windows 95/98,
Windows NT, Windows XP
Relevant URL: http://www.landesk.com/products/ilms/
Summary:
LANDesk Management Suite 7 is a comprehensive, integrated management
solution that's easy to use. Enabling proactive management of desktops,
server and mobile devices across heterogeneous IT environments.
- Keep up with security patches and virus updates
- Efficiently install and maintain software on the desktop
- Decrease software license costs and respond to audits
- Reduce the cost of helpdesk support
- Discover and manage hardware and software assets
- Migrate many users and their profiles to new operating systems
6. ActiveScout Enterprise
By: ForeScout Technologies
Platforms: Linux, Solaris, Windows 2000, Windows 95/98, Windows NT
Relevant URL: http://www.forescout.com/enterprise.html
Summary:
ActiveScout Enterprises actively protects a network with multiple access
points. In addition to the identification of attackers and automatic
action to stop them, this solution offers full management capabilities,
from configuration and reporting, to the sharing of threat information
between multiple deployed scouts.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Private v0.5b
By: drugphish
Relevant URL: http://www.drugphish.ch/~jonny/private.html
Platforms: Linux, POSIX
Summary:
Private is a kernel module which uses the LSM hooks to implement
configurable, 4.4BSD-like securelevels for Linux. It gives users control
over ptrace, module loading/ unloading, mounting filesystems, file
permissions, and changing system time much like the securelevels known on
BSD systems.
MAGIC-SMTPD is a drop-in replacement for Dan Bernstein's qmail-smtpd, and
was originally designed to be part of the LinuxMagic Magic Mail Server.
This opensource version has been released to allow others to benefit from
its anti-spam components, and valid user checking to reduce server loads
and spam volumes. It is designed to support stock qmail installations,
qmail/vpopmail installations, and database connectivity. Designed for ISP
service, this will work for all mail servers large and small.
3. GKrellM v2.1.18 (GTK 2.0)
By: Bill Wilson
Relevant URL: http://www.gkrellm.net/
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, Solaris, SunOS
Summary:
GKrellM is a GTK-based stacked monitor program that charts SMP CPUs,
disks, load, active net interfaces, and internet connections. There are
also builtin monitors for memory and swap, file systems with mount/umount
feature, mailbox checking including POP3 and IMAP, clock/calendar, laptop
battery, sensors (temperatures, voltages, and fans), and uptime. It has
LEDs for the net monitors and an on/off button and online timer for PPP.
There is a GUI popup for configuration, plugin extensions can be
installed, and many themes are available. It also features a client/server
monitoring capability.
Tiny SHell is a lightweight client/server clone of the standard remote
shell tools (rlogin, telnet, ssh, etc.). It provides remote shell
execution and file transfers. It is 8-bit clean, has full support for
pseudo-terminal pairs (pty/tty), and uses simple xor encryption. Most Unix
platforms are currently supported (Linux, BSD, OSF, SunOS, and IRIX).
5. iptables-control v1.0.6
By: Francesco 'StealthP' <NOSPAM (at) stealthp (dot) net [email concealed]>
Relevant URL: http://devzone.stealthp.org/iptables-control
Platforms: Linux, POSIX
Summary:
Iptables-Control is a fast and easy iptables filter configurator It
features a step-by-step interactive configurator script, a TCP/UDP ports
configurator, LAN settings for routing and masquerading, and ICMP
filtering.
SpamProbe is a spam detection program that uses a Bayesian analysis of the
frequencies of terms used in the email. Because it filters email based on
content rather than on general rules, it easily adapts itself to the types
of email that each individual user normally receives.
VI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: SecurityFocus
We are pleased to announce the launch of two new mailing lists for the
Security community:
1. Security Management (security-management-subscribe (at) securityfocus (dot) com [email concealed])
2. Bugtraq-French (bugtraq-french-subscribe (at) securityfocus (dot) com [email concealed])
To subscribe to either of these lists, send mail to the listserv at the
respective address indicated above; the subject and body of your message
do not matter. Or, you can visit our signup page at
http://www.securityfocus.com/archive
------------------------------------------------------------------------
SecurityFocus Linux Newsletter #149
------------------------------------
This Issue is Sponsored by: SecurityFocus
We are pleased to announce the launch of two new mailing lists for the
Security community:
1. Security Management (security-management-subscribe (at) securityfocus (dot) com [email concealed])
2. Bugtraq-French (bugtraq-french-subscribe (at) securityfocus (dot) com [email concealed])
To subscribe to either of these lists, send mail to the listserv at the
respective address indicated above; the subject and body of your message
do not matter. Or, you can visit our signup page at
http://www.securityfocus.com/archive
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Dynamic Honeypots
2. Demonstrating ROI for Penetration Testing (Part Three)
3. Hardening the TCP/IP stack to SYN attacks
4. SecurityFocus New Mailing List Announcement
II. LINUX VULNERABILITY SUMMARY
1. ISS RealSecure Server Sensor SSL Denial Of Service Vulnerabi...
2. Digital Scribe Error Function Cross-Site Scripting Vulnerabi...
3. Roger Wilco Remote Server Side Buffer Overrun Vulnerability
4. PHPBB URL BBCode HTML Injection Vulnerability
5. RealOne Player Insecure Configuration File Permission Local ...
6. WinRAR Compressed File Size Misrepresentation Weakness
7. Invision Power Board Index.php Showtopic Cross-Site Scriptin...
8. Gordano Messaging Suite WWW.exe Denial of Service Vulnerabil...
9. Gordano Messaging Suite Alertlist.mml Information Disclosure...
10. Net-SNMP Unauthorized MIB Object Access Vulnerability
11. KokeshCMS Unauthorized Content Editing Vulnerability
12. CmdFTP Store_Line() Heap Overflow Vulnerability
13. Pine Message/External-Body Type Attribute Buffer Overflow Vu...
14. Pine rfc2231_get_param() Remote Integer Overflow Vulnerabili...
15. MySQL Password Handler Buffer Overflow Vulnerability
16. Asterisk CallerID Call Detail Records SQL Injection Vulnerab...
III. LINUX FOCUS LIST SUMMARY
1. Accessing file server (Thread)
2. Voting on issues for this list and SecurityFocus (Fo... (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Sophos Anti-Virus
2. Zorp
3. F-Secure Policy Manager
4. Gordano Messaging Suite
5. LANDesk Management Suite 7
6. ActiveScout Enterprise
V. NEW TOOLS FOR LINUX PLATFORMS
1. Private v0.5b
2. LinuxMagic magic-smtpd v0.7.2rc3
3. GKrellM v2.1.18 (GTK 2.0)
4. Tiny SHell v0.6
5. iptables-control v1.0.6
6. SpamProbe v0.9e
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Dynamic Honeypots
By Lance Spitzner
The search for the dream honeypot: dynamic honeypots, an appliance-like
plug-and-play solution.
http://www.securityfocus.com/infocus/1731
2. Demonstrating ROI for Penetration Testing (Part Three)
By Marcia Wilson
The third article in this series focuses on defining terms related to the
Risk Analysis process and touches on Information Asset valuation methods
that are critical when justifying the necessity and expense of a Pen
Test.
http://www.securityfocus.com/infocus/1730
3. Hardening the TCP/IP stack to SYN attacks
By Mariusz Burdach
This article discusses methods of hardening the TCP/IP stack of various
operating systems to make servers more resistant to SYN flooding and SYN
spoofing Denial of Service (DOS) attacks.
http://www.securityfocus.com/infocus/1729
4. SecurityFocus New Mailing List Announcement
We are pleased to announce the launch of two new mailing lists for the
Security community:
1. Security Management (security-management-subscribe (at) securityfocus (dot) com [email concealed])
2. Bugtraq-French (bugtraq-french-subscribe (at) securityfocus (dot) com [email concealed])
To subscribe to either of these lists, send mail to the listserv at the
respective address indicated above; the subject and body of your message
do not matter. Or, you can visit our signup page at
http://www.securityfocus.com/archive
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. ISS RealSecure Server Sensor SSL Denial Of Service Vulnerabi...
BugTraq ID: 8550
Remote: Yes
Date Published: Sep 05 2003
Relevant URL: http://www.securityfocus.com/bid/8550
Summary:
ISS RealSecure Server Sensor is an intrusion detection technology that can
integrate with an underlying web server such as Microsoft IIS or Apache.
It supports a number of platforms including Microsoft Windows and
Unix/Linux variants.
ISS RealSecure Server Sensor is prone to a denial of service when handling
a malicious request over SSL. It is reportedly possible to reproduce this
condition by passing invalid unicode characters in a request over SSL.
This vulnerability could be exploited to crash the underlying Microsoft
IIS web server. It should be noted that the service may be automatically
restarted.
It is not known if this issue affects other platforms or can be exploited
to crash other underlying web server implementations.
The researchers who discovered this vulnerability are currently
investigating the possibility of exploiting this issue to execute
arbitrary code, though sufficient details are not available regarding this
at the time of writing. This BID will be updated and impacts adjusted
accordingly if more details become available.
2. Digital Scribe Error Function Cross-Site Scripting Vulnerabi...
BugTraq ID: 8551
Remote: Yes
Date Published: Sep 05 2003
Relevant URL: http://www.securityfocus.com/bid/8551
Summary:
Digital Scribe is a freely available, open source PHP publishing
application. It is available for the Linux platform.
A problem has been reported in the checking of input by Digital Scribe.
Because of this, it may be possible for an attacker to steal cookie
authentication credentials or launch other attacks.
The problem is in the handling of input by the register.php and login.php
scripts. In both scripts, the error URI parameter does not sufficiently
filter input before displaying it in web pages, making it possible for an
attacker to include HTML and script code in a malicious link to a site
running the software. If such a link is visited, then hostile code
included in the link may be rendered by the victim user's browser in the
context of the site.
3. Roger Wilco Remote Server Side Buffer Overrun Vulnerability
BugTraq ID: 8566
Remote: Yes
Date Published: Sep 08 2003
Relevant URL: http://www.securityfocus.com/bid/8566
Summary:
Roger Wilco is a net-based communication client designed to allow users to
speak in real-time. Multiple clients may connect to a single server
allowing remote users to interact. It is available for the Microsoft
Windows operating servers.
A remote buffer overrun has been reported for various Roger Wilco server
releases. The problem lies in the fact that the vulnerable servers rely on
client-side size values when copying data into internal memory buffers.
When a client attempts to connect to a server, it first transmits a packet
containing a variety of data, including the password and channel. The 3rd
and 4th bytes of this packet denote the size of this data. Upon receiving
this transmission, the server uses the client-supplied size value when
copying the data into an internal memory buffer. As the size value is two
bytes, an attacker could theoretically supply up to 65535 bytes of data to
be copied into the server. As the server has previously allocated a buffer
believed to be of sufficient size, this could result in a buffer overrun.
An attacker may be capable of exploiting this issue to overwrite sensitive
memory variables within the server process space. This could ultimately
allow for the execution flow of the server to be controlled, and may
result in the execution of attacker-supplied instructions.
4. PHPBB URL BBCode HTML Injection Vulnerability
BugTraq ID: 8570
Remote: Yes
Date Published: Sep 08 2003
Relevant URL: http://www.securityfocus.com/bid/8570
Summary:
phpBB is an open-source web forum application that is written in PHP and
supported by a number of database products. It will run on most Unix and
Linux variants, as well as Microsoft Windows operating systems.
BBCode is a basic restricted implementation of HTML that is used to
control the appearance of text in user-supplied phpBB entries.
phpBB BBCode has been reported prone to an HTML injection vulnerability.
It has been reported that an attacker may inject malicious script into
areas of phpBB where BBCode is rendered, for example bulletin board posts
or private messages. This issue is due to a lack of sufficient
sanitization performed on user supplied URL BBCode tags. The [url] BBCode
tag is reported vulnerable.
As a result of the lack of sanitization, injected code may be rendered in
the web browser of a user who views vulnerable areas of the site. This
would occur in the security context of the site hosting phpBB and its
related modules.
An attacker may exploit this issue to steal cookie-based authentication
credentials, other attacks may also be possible.
Although this vulnerability has been reported to affect phpBB version
2.0.6, other versions may also be vulnerable.
5. RealOne Player Insecure Configuration File Permission Local ...
BugTraq ID: 8571
Remote: No
Date Published: Sep 09 2003
Relevant URL: http://www.securityfocus.com/bid/8571
Summary:
RealOne Player is a media player that is available for a number of
platforms including Microsoft Windows and MacOS systems.
RealOne Player reported prone to a local privilege escalation
vulnerability.
The configuration files for the RealOne Player are installed in the
'.realnetworks' hidden folder in a users home directory. The issue
presents itself, because configuration files stored in this directory are
installed with 0660 permissions. This means that an attacker, who is in
the same group as a target user, may modify RealOne Player configuration
files and may thereby escalate privileges to that of the target user.
A local attacker may exploit this condition; by creating a Trojan shared
library and modifying the 'dt_codecs' variable in the 'RealShared_0_0'
configuration file, so that it points to the malicious shared library.
This may result in arbitrary code execution in the context of the target
user, when RealOne Player is executed. Other methods of exploitation are
also possible.
It should be noted, that this vulnerability has been reported to affect
X86 Linux variants of RealOne Player.
6. WinRAR Compressed File Size Misrepresentation Weakness
BugTraq ID: 8572
Remote: Yes
Date Published: Sep 09 2003
Relevant URL: http://www.securityfocus.com/bid/8572
Summary:
WinRAR is a compression utility capable of reading and writing files using
several different archival formats. It is available for the Microsoft
Windows Operating system.
WinRAR is prone to a weakness that may allow malicious parties to
misrepresent the size of compressed files. This issue occurs because
WinRAR trusts values in the .rar header without adequately verifying the
actual file size.
If the .rar header is otherwise correct and contains a valid CRC checksum,
then WinRAR will pre-allocate space to decompress the file based on file
size information provided in the header. During pre-allocation, WinRAR
will not verify that there is enough disk space to decompress files
included in the archive based on their actual size (since pre-allocation
is based on the size specified in the header). This presents a security
threat because a user may expect that a compressed file is a certain size
and decompress it based on this assumption. A deceptively large file
could be included in an archive that consumes all available disk space
when it is decompressed. Furthermore, under some circumstances, WinRAR
may attempt to extract a file based on the size specified in the header,
even if the actual file size is relatively small, filling any disk space
beyond the end of the decompressed file with zeroes.
UnRar, a Rar add-on distributed by RARLAB, is also prone to this issue.
The UnRar add-on is available for a number of operating systems, including
Unix/Linux derivatives and may be invoked automatically by various virus
scanners. This could pose an additional attack vector which does not
require user interaction to exploit.
There have been conflicting reports as to whether WinRar 3.20 is
vulnerable to this issue or not.
7. Invision Power Board Index.php Showtopic Cross-Site Scriptin...
BugTraq ID: 8575
Remote: Yes
Date Published: Sep 09 2003
Relevant URL: http://www.securityfocus.com/bid/8575
Summary:
Invision Board is web forum software. It is implemented in PHP and is
available for Unix and Linux variants and Microsoft Windows operating
systems.
Invision Power Board index.php script reported prone to a cross-site
scripting vulnerability.
The issue presents itself due to a lack of sufficient sanitization
performed by functions in the index.php script on user-influenced
'showtopic' URI parameter. It has been reported that a remote attacker may
construct a malicious link to the script and supply arbitrary HTML code as
a value for the 'showtopic' URI parameter. If this link is followed, the
content of the 'showtopic' parameter will be rendered in the browser of
the user who followed the link.
This could permit the theft of cookie authentication credentials; other
attacks may also be possible.
8. Gordano Messaging Suite WWW.exe Denial of Service Vulnerabil...
BugTraq ID: 8576
Remote: Yes
Date Published: Sep 10 2003
Relevant URL: http://www.securityfocus.com/bid/8576
Summary:
Gordano Messaging Suite is a messaging server that is compatible with
Windows, Linux, Sun Solaris and IBM AIX platforms. The suite provides
e-mail, instant messaging, SMS and antivirus services for its clients.
A vulnerability has been reported to be present in the WWW.exe process of
the software that may allow a remote attacker to cause the process to
crash on Windows systems.
WWW.exe process listens on TCP ports 80, 8000, 8025, 8081, 8888, and 9000
in order to provide services such as Administration, WebMail Professional,
WebMail Express, WebMail Mobile, Instant Messaging, and Web Server
services. The problem occurs when a remote attacker sends a malicious
HTTP GET request with the characters '/../..' to the web server. The
attack may cause WWW.exe process to crash resulting in the termination of
all services provided by the process. Restarting the process may resume
normal functionality.
It has been reported that the WWW.exe process does not crash when running
on Linux platforms however an attacker may send multiple HTTP GET requests
with the characters '/../..' to the server resulting the process to hang.
This would cause a denial of service to legitimate users.
Successful exploitation of this condition would effectively deny service
to legitimate users.
Gordano Messaging Suite version 9.0 has been reported to be prone to this
vulnerability, however other version may be affected as well.
9. Gordano Messaging Suite Alertlist.mml Information Disclosure...
BugTraq ID: 8579
Remote: Yes
Date Published: Sep 10 2003
Relevant URL: http://www.securityfocus.com/bid/8579
Summary:
Gordano Messaging Suite is a messaging server that is compatible with
Windows, Linux, Sun Solaris and IBM AIX platforms. The suite provides
e-mail, instant messaging, SMS and antivirus services for its clients.
A vulnerability has been reported to be present in the Alertlist.mml
module of the software that may allow a user to access sensitive data
reserved for administration.
Alertlist.mml provides an administrator with information about users that
have logged in to the server. This data includes information such as
usernames,
domains, and logged in time. It has been reported that a user without
administrative privileges may access Alertlist.mml as the software fails
to carry out proper authentication when accessing Alertlist.mml.
This problem may result in an attacker gaining access to sensitive data
that may be used to launch further attacks against vulnerable hosts.
Gordano Messaging Suite version 9.0 has been reported to be prone to this
vulnerability, however other version may be affected as well.
10. Net-SNMP Unauthorized MIB Object Access Vulnerability
BugTraq ID: 8582
Remote: Yes
Date Published: Sep 06 2003
Relevant URL: http://www.securityfocus.com/bid/8582
Summary:
Net-SNMP is a freely available, open source implementation of the SNMP
protocol. It was previously known as UCD-SNMP, and is available for the
Unix and Linux operating systems.
Net-SNMP is prone to a vulnerability that may permit an existing user or
community to gain unauthorized access to MIB objects. MIB objects that
are explicitly excluded from a user's or community's view may still be
accessed due to this vulnerability. This could potentially allow
malicious parties to gain read/write access to information contained in a
restricted MIB.
11. KokeshCMS Unauthorized Content Editing Vulnerability
BugTraq ID: 8585
Remote: Yes
Date Published: Sep 09 2003
Relevant URL: http://www.securityfocus.com/bid/8585
Summary:
KokeshCMS is a content management system that is implemented in PHP. It
is available for Microsoft Windows operating systems and Unix/Linux
variants.
KokeshCMS does not adequately secure access to the content editing script
(edit.php). The source of the problem is that KokeshCMS does not force
users to authenticate before granting access to the script. As a result,
remote users can access this script without needing to authenticate. A
remote attacker could exploit this issue to manipulate content on sites
managed by the software, for example, placing malicious or abusive content
on a site. This could pose an additional risk if users trust the site's
content.
12. CmdFTP Store_Line() Heap Overflow Vulnerability
BugTraq ID: 8587
Remote: Yes
Date Published: Sep 08 2003
Relevant URL: http://www.securityfocus.com/bid/8587
Summary:
cmdftp is a command line FTP client for Linux.
cmdftp has been reported prone to a remote heap overflow vulnerability.
The issue presents itself likely due to insufficient boundary checks
performed by store_line() when handling ftp server directory listings.
Excessive data returned by a malicious FTP server, when an 'ls' command is
invoked, may overflow the bounds of a buffer in heap memory and result in
the corruption of adjacent heap memory management structures. Ultimately a
remote attacker may leverage this corruption to have supplied arbitrary
instructions executed in the context of the user who is running the
vulnerable FTP client.
This vulnerability has been reported to affect all versions of cmdftp
prior to version 0.641.
13. Pine Message/External-Body Type Attribute Buffer Overflow Vu...
BugTraq ID: 8588
Remote: Yes
Date Published: Sep 10 2003
Relevant URL: http://www.securityfocus.com/bid/8588
Summary:
Pine is a freely available, open source Mail User Agent. It is
distributed by the University of Washington, and available for the Unix,
Linux, and Microsoft platforms.
A problem in Pine has been reported when handling "message/external body
type" attributes. Because of this, an attacker may be able to gain
unauthorized access to a host using the vulnerable software.
The problem is in the parsing of the name/value pairs. Due to improper
bounds checking, it is possible to supply a value in this field that
results in the overwriting of sensitive process memory. An attacker can
exploit this with a custom string to execute arbitrary code with the
privileges of the Pine user.
14. Pine rfc2231_get_param() Remote Integer Overflow Vulnerabili...
BugTraq ID: 8589
Remote: Yes
Date Published: Sep 10 2003
Relevant URL: http://www.securityfocus.com/bid/8589
Summary:
Pine is an e-mail client program used with Linux and Unix distributions.
It has been reported that Pine is prone to an integer overflow condition
resulting in possible memory corruption and leading to arbitrary code
execution.
The vulnerability exists in the rfc2231_get_param() function present in
the strings.c file. The condition is triggered when a vulnerable user
opens a maliciously crafted e-mail message sent by a remote attacker. The
vulnerability exists due to insufficient bounds checking by the software
when parsing e-mail message headers. Due to the possibility of memory
corruption, an attacker may be able to execute arbitrary code in the
security context of the vulnerable version of Pine.
Successful exploitation of this issue may allow an attacker to execute
arbitrary code in order to gain unauthorized access to a vulnerable host.
15. MySQL Password Handler Buffer Overflow Vulnerability
BugTraq ID: 8590
Remote: Yes
Date Published: Sep 10 2003
Relevant URL: http://www.securityfocus.com/bid/8590
Summary:
MySQL is an open source relational database project. It is available for
the Microsoft Windows, Linux, and Unix operating systems.
MySQL server has been reported prone to a buffer overflow vulnerability
when handling user passwords of excessive size.
The issue presents itself, due to a lack of sufficient bounds checking
performed on MySQL user passwords that are stored in the 'Password' field
of the 'User' table in a MySQL database. It has been reported that MySQL
fails to properly perform bounds checking when processing passwords. A
password greater that 16 characters may overrun the bounds of a reserved
buffer in memory and corrupt adjacent memory. The buffer overflow occurs
in an ACL_USER instance of acl_init(), and may ultimately result in the
corruption of a saved instruction pointer.
An attacker with global administrative privileges on an affected MySQL
server may potentially exploit this condition to have arbitrary supplied
instructions executed in the context of the MySQL server.
This vulnerability has been reported to affect all versions of MySQL up to
and including 4.0.14 and 3.0.57.
16. Asterisk CallerID Call Detail Records SQL Injection Vulnerab...
BugTraq ID: 8599
Remote: Yes
Date Published: Sep 11 2003
Relevant URL: http://www.securityfocus.com/bid/8599
Summary:
Asterisk is a software-based PBX system, which is available for Linux
operating systems. Asterisk includes support for various protocols
including SIP, IAX v1 and v2, and H323. It is back-ended by a relational
database.
Call Detail Records (CDR) are used by telephone systems to record various
user data. This includes a variety of information, such as the CallerID
data.
Asterisk is prone to SQL injection attacks via malformed CDR data. The
vulnerability occurs due to insufficient sanitization of user-supplied
CallerID data and could allow for the execution of SQL commands on the
system hosting Asterisk. This could potentially be exploited by an
attacker to influence the logic of SQL queries or to exploit
vulnerabilities in the underlying database. Other attacks may also be
possible.
For an attacker to exploit this issue, it would have to be possible for
them to modify the CallerID data sent out by their phone system.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Accessing file server (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/336910
2. Voting on issues for this list and SecurityFocus (Fo... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/336843
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Sophos Anti-Virus
By: Sophos
Platforms: AIX, DOS, FreeBSD, HP-UX, Linux, MacOS, Netware, OS/2, Solaris,
UNIX, VMS, Windows 3.x, Windows 95/98, Windows NT
Relevant URL: http://www.sophos.com/products/sav/
Summary:
Sophos Anti-Virus is a unique solution to the virus problem, providing
true cross-platform protection in a single, fully integrated product. The
network-centric design provides a host of benefits for the protection of
servers, workstations and portables. Sophos's ground-breaking architecture
maximises protection, while minimising performance and administrative
overheads.
2. Zorp
By: Balabit IT Security Ltd.
Platforms: Linux
Relevant URL: http://www.balabit.com/products/zorp/
Summary:
Zorp is a proxy firewall suite making it possible to finetune proxy
decisions (with its built in script language), to fully analyze complex
protocols (like SSH with several forwarded TCP connections), to use
outband authentication techniques (unlike common practices where proxy
authentication had to be hacked into the protocol). Combined the power
explained above, source code is provided under the GNU/GPL.
3. F-Secure Policy Manager
By: F-Secure Corporation
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.f-secure.com/products/policy-man/index.shtml
Summary:
With F-Secure Policy Manager, your system administrator can manage all the
critical security applications from antivirus protection to file and
network encryption from one single console. The administrator can
automatically and remotely install, configure and update the applications.
It is possible to manage the security applications on almost any device
and across the enterprise so that even the security of mobile workers'
laptops is guaranteed. In addition to all this, the administrator can
easily monitor the network by generating extensive reports on the security
status of the network.
4. Gordano Messaging Suite
By: Gordano
Platforms: AIX, Linux, Solaris, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.gordano.com/
Summary:
Gordano's Messaging Suite provides robust and secure email, instant and
SMS messaging for small, medium and large businesses.
5. LANDesk Management Suite 7
By: LANDesk Software
Platforms: AIX, HP-UX, Linux, MacOS, Solaris, Windows 2000, Windows 95/98,
Windows NT, Windows XP
Relevant URL: http://www.landesk.com/products/ilms/
Summary:
LANDesk Management Suite 7 is a comprehensive, integrated management
solution that's easy to use. Enabling proactive management of desktops,
server and mobile devices across heterogeneous IT environments.
- Keep up with security patches and virus updates
- Efficiently install and maintain software on the desktop
- Decrease software license costs and respond to audits
- Reduce the cost of helpdesk support
- Discover and manage hardware and software assets
- Migrate many users and their profiles to new operating systems
6. ActiveScout Enterprise
By: ForeScout Technologies
Platforms: Linux, Solaris, Windows 2000, Windows 95/98, Windows NT
Relevant URL: http://www.forescout.com/enterprise.html
Summary:
ActiveScout Enterprises actively protects a network with multiple access
points. In addition to the identification of attackers and automatic
action to stop them, this solution offers full management capabilities,
from configuration and reporting, to the sharing of threat information
between multiple deployed scouts.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Private v0.5b
By: drugphish
Relevant URL: http://www.drugphish.ch/~jonny/private.html
Platforms: Linux, POSIX
Summary:
Private is a kernel module which uses the LSM hooks to implement
configurable, 4.4BSD-like securelevels for Linux. It gives users control
over ptrace, module loading/ unloading, mounting filesystems, file
permissions, and changing system time much like the securelevels known on
BSD systems.
2. LinuxMagic magic-smtpd v0.7.2rc3
By: LinuxMagic Inc. <magicsmtpd (at) linuxmagic (dot) com [email concealed]>
Relevant URL: http://www.linuxmagic.com/opensource/magicmail/magic-smtpd/
Platforms: Linux, POSIX
Summary:
MAGIC-SMTPD is a drop-in replacement for Dan Bernstein's qmail-smtpd, and
was originally designed to be part of the LinuxMagic Magic Mail Server.
This opensource version has been released to allow others to benefit from
its anti-spam components, and valid user checking to reduce server loads
and spam volumes. It is designed to support stock qmail installations,
qmail/vpopmail installations, and database connectivity. Designed for ISP
service, this will work for all mail servers large and small.
3. GKrellM v2.1.18 (GTK 2.0)
By: Bill Wilson
Relevant URL: http://www.gkrellm.net/
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, Solaris, SunOS
Summary:
GKrellM is a GTK-based stacked monitor program that charts SMP CPUs,
disks, load, active net interfaces, and internet connections. There are
also builtin monitors for memory and swap, file systems with mount/umount
feature, mailbox checking including POP3 and IMAP, clock/calendar, laptop
battery, sensors (temperatures, voltages, and fans), and uptime. It has
LEDs for the net monitors and an on/off button and online timer for PPP.
There is a GUI popup for configuration, plugin extensions can be
installed, and many themes are available. It also features a client/server
monitoring capability.
4. Tiny SHell v0.6
By: Christophe Devine
Relevant URL: http://www.cr0.net:8040/code/network/
Platforms: FreeBSD, IRIX, Linux, OpenBSD, Solaris, SunOS, UNIX
Summary:
Tiny SHell is a lightweight client/server clone of the standard remote
shell tools (rlogin, telnet, ssh, etc.). It provides remote shell
execution and file transfers. It is 8-bit clean, has full support for
pseudo-terminal pairs (pty/tty), and uses simple xor encryption. Most Unix
platforms are currently supported (Linux, BSD, OSF, SunOS, and IRIX).
5. iptables-control v1.0.6
By: Francesco 'StealthP' <NOSPAM (at) stealthp (dot) net [email concealed]>
Relevant URL: http://devzone.stealthp.org/iptables-control
Platforms: Linux, POSIX
Summary:
Iptables-Control is a fast and easy iptables filter configurator It
features a step-by-step interactive configurator script, a TCP/UDP ports
configurator, LAN settings for routing and masquerading, and ICMP
filtering.
6. SpamProbe v0.9e
By: Brian Burton
Relevant URL: http://spamprobe.sourceforge.net/
Platforms: Linux, POSIX
Summary:
SpamProbe is a spam detection program that uses a Bayesian analysis of the
frequencies of terms used in the email. Because it filters email based on
content rather than on general rules, it easily adapts itself to the types
of email that each individual user normally receives.
VI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: SecurityFocus
We are pleased to announce the launch of two new mailing lists for the
Security community:
1. Security Management (security-management-subscribe (at) securityfocus (dot) com [email concealed])
2. Bugtraq-French (bugtraq-french-subscribe (at) securityfocus (dot) com [email concealed])
To subscribe to either of these lists, send mail to the listserv at the
respective address indicated above; the subject and body of your message
do not matter. Or, you can visit our signup page at
http://www.securityfocus.com/archive
------------------------------------------------------------------------
[ reply ]