SecurityFocus Linux Newsletter #192
------------------------------------
This issue sponsored by: WhiteHat Security
Free Web Security Checkup
Find out if your web site is vulnerable to common web site vulnerabilities
such as Cross Site Scripting, SQL Injection or Directory Traversal with a
free web security checkup from WhiteHat Security.
Sign up for a free checkup at
http://www.securityfocus.com/sponsor/WhiteHat_linux-secnews_040713
I. FRONT AND CENTER
1. Metasploit Framework (Part One)
II. LINUX VULNERABILITY SUMMARY
1. IBM Websphere Edge Server Denial Of Service Vulnerability
2. 12Planet Chat Server Cross-Site Scripting Vulnerability
3. Linux VServer Project ProcFS Weak Sharing Permissions Vulner...
4. Linux Kernel chown() System Call Group Ownership Alteration ...
5. PureFTPd Accept_Client Remote Denial of Service Vulnerabilit...
6. IlohaMail Email Header HTML Injection Vulnerability
7. Ethereal Multiple Unspecified iSNS, SMB and SNMP Protocol D...
8. Sun Java Virtual Machine Font.createFont Method Insecure Tem...
9. Linux Kernel Floating Point Register Contents Leak Vulnerabi...
III. LINUX FOCUS LIST SUMMARY
1. Visited by a cracker (Thread)
2. Weird! (Thread)
3. Re[2]: Weird! (Thread)
4. Last login missing (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Ettercap v0.7.0 pre2
2. SnortNotify 1.02
3. Devil-Linux v1.2 Beta 1
4. GNU Anubis v3.9.94
5. DNSSEC Walker v3.4
6. Linux Intrusion Detection System (LIDS) v2.6.6
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Metasploit Framework (Part One)
By Pukhraj Singh and K.K. Mookhey
This article provides an elaborate insight into the Open Source exploit
framework, the Metasploit Framework, which is meant to change the future of
penetration testing once and for all. Part one of three.
http://www.securityfocus.com/infocus/1789
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. IBM Websphere Edge Server Denial Of Service Vulnerability
BugTraq ID: 10651
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10651
Summary:
A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server.
It is reported that if the proxy is configured with the JunctionRewrite directive in conjunction with the UseCookie option, an attacker may be able to crash the application.
A remote attacker reportedly is able to cause a denial of service condition with one request.
IBM has released a patch dealing with this issue. This patch is available only to customers with support levels 2 or 3.
2. 12Planet Chat Server Cross-Site Scripting Vulnerability
BugTraq ID: 10659
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10659
Summary:
It is reported that 12Planet Chat Server is prone to a cross-site scripting vulnerability. This issue is due to a lack of sanitization of user-supplied data.
The problem presents itself when malicious HTML or script code is passed in a URI argument to one of the servlets in the application.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code may be rendered in the their web browser. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks.
Although version 2.9 of the software was reported vulnerable, other versions may also be affected.
3. Linux VServer Project ProcFS Weak Sharing Permissions Vulner...
BugTraq ID: 10660
Remote: No
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10660
Summary:
It is reported that VServer may be used in order to disclose memory contents and to deny service to the host operating system and other virtual servers. The vulnerability exists due to weak sharing permissions on procfs mounted directories. It is reported that a user residing in a VServer may make changes to a procfs mounted directory any changes made will affect the host operating system and all VServers that exist.
An attacker may exploit this issue to disclose information or initiate a denial of service.
4. Linux Kernel chown() System Call Group Ownership Alteration ...
BugTraq ID: 10662
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10662
Summary:
It is reported that the Linux kernel version 2.6 contains a flaw which allows users to improperly change the group ownership on arbitrary files that they do not own. For the Linux kernel 2.4.X this issue is only exploitable when the kernel NFS server is active, for the 2.6.X kernel this issue is always exploitable.
An attacker may reportedly be able to exploit this issue to gain superuser privileges.
This issue was reported in version 2.6.6, but other versions, including 2.4.X, are also likely vulnerable.
5. PureFTPd Accept_Client Remote Denial of Service Vulnerabilit...
BugTraq ID: 10664
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10664
Summary:
PureFTPd is reported prone to a remote undisclosed denial of service vulnerability. The vulnerability is reported to exist due to a bug in the accept_client function used to setup new connections. It is reported that when the maximum number of connections is reached an attacker may be able to deny service to the affected daemon.
It is reported that all versions of cPanel are also affected by this issue because cPanel ships with PureFTPd 1.0.12.
6. IlohaMail Email Header HTML Injection Vulnerability
BugTraq ID: 10668
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10668
Summary:
IlohaMail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings.
An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.
IlohaMail 0.8.12 and prior are prone to this issue.
7. Ethereal Multiple Unspecified iSNS, SMB and SNMP Protocol D...
BugTraq ID: 10672
Remote: Yes
Date Published: Jul 07 2004
Relevant URL: http://www.securityfocus.com/bid/10672
Summary:
Ethereal 0.10.5 has been released to address multiple vulnerabilities, including an iSNS protocol dissector vulnerability, a SMB protocol dissector vulnerability, and a SNMP protocol dissector vulnerability. These issues are due to a failure of the application to properly handle malformed packets.
Successful exploitation of these issues will allow an attacker to cause a denial of service condition in the affected application, it has also been reported that these issues may facilitate arbitrary code execution.
8. Sun Java Virtual Machine Font.createFont Method Insecure Tem...
BugTraq ID: 10685
Remote: Yes
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10685
Summary:
Sun Java Virtual Machine is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Unix, Linux, and Microsoft platforms.
Sun Java Virtual Machine is prone to an insecure temporary file creation weakness. It is reported that this file is created by the 'Font.createFont' method with the following name:
+~JFxxxxx.tmp
where xxxxx is a random number.
This issue can be combined with various other vulnerabilities in Internet Explorer to ultimately allow for code execution on a vulnerable computer.
9. Linux Kernel Floating Point Register Contents Leak Vulnerabi...
BugTraq ID: 10687
Remote: No
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10687
Summary:
The Linux kernel is reported prone to a data disclosure vulnerability.
It is reported that this issue may permit a malicious executable to disclose the contents of Floating Point registers that belong to another process.
It is reported that this vulnerability will only affect ia64 systems.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Visited by a cracker (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368736
2. Weird! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368598
3. Re[2]: Weird! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368597
4. Last login missing (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368070
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
2. SnortNotify 1.02
By: Adam Ely
Relevant URL: http://www.780inc.com/snortnotify/
Platforms: Linux
Summary:
Running from cron at a specified interval SnortNotify will search a snort database for new alerts. If new alerts match a pre configured priority level, an email will be sent to the contact. The email will include Sensor name, the signaturename, and the timestamp.
Devil-Linux is a special Linux distribution which is used for firewalls/routers. The goal of Devil-Linux is to have a small, customizable, and secure Linux system. Configuration is saved on a floppy disk, and it has several optional packages.
4. GNU Anubis v3.9.94
By: Wojciech Polak
Relevant URL: http://www.gnu.org/software/anubis/
Platforms: Linux, POSIX
Summary:
GNU Anubis is an outgoing mail processor. It goes between the MUA (Mail User Agent) and the MTA (Mail Transport Agent), and can perform various sorts of processing and conversion on-the-fly in accordance with the sender's specified rules, based on a highly configurable regular expressions system. It operates as a proxy server, and can edit outgoing mail headers, encrypt or sign mail with the GnuPG, build secure SMTP tunnels using the TLS/SSL encryption even if your mail user agent doesn't support it, or tunnel a connection through a SOCKS proxy server.
DNSSEC Walker is a tool to recover DNS zonefiles using the DNS protocol. The server does not have to support zonetransfer, but the zone must contain DNSSEC "NXT" records.
6. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg (at) gem.ncic.ac (dot) cn [email concealed]
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it is in effect, chosen files access, all system/network administration operations, any capability use, raw device, mem, and I/O access can be made impossible even for root. You can define which program can access which file. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: WhiteHat Security
Free Web Security Checkup
Find out if your web site is vulnerable to common web site vulnerabilities
such as Cross Site Scripting, SQL Injection or Directory Traversal with a
free web security checkup from WhiteHat Security.
Sign up for a free checkup at
http://www.securityfocus.com/sponsor/WhiteHat_linux-secnews_040713
------------------------------------
This issue sponsored by: WhiteHat Security
Free Web Security Checkup
Find out if your web site is vulnerable to common web site vulnerabilities
such as Cross Site Scripting, SQL Injection or Directory Traversal with a
free web security checkup from WhiteHat Security.
Sign up for a free checkup at
http://www.securityfocus.com/sponsor/WhiteHat_linux-secnews_040713
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit Framework (Part One)
II. LINUX VULNERABILITY SUMMARY
1. IBM Websphere Edge Server Denial Of Service Vulnerability
2. 12Planet Chat Server Cross-Site Scripting Vulnerability
3. Linux VServer Project ProcFS Weak Sharing Permissions Vulner...
4. Linux Kernel chown() System Call Group Ownership Alteration ...
5. PureFTPd Accept_Client Remote Denial of Service Vulnerabilit...
6. IlohaMail Email Header HTML Injection Vulnerability
7. Ethereal Multiple Unspecified iSNS, SMB and SNMP Protocol D...
8. Sun Java Virtual Machine Font.createFont Method Insecure Tem...
9. Linux Kernel Floating Point Register Contents Leak Vulnerabi...
III. LINUX FOCUS LIST SUMMARY
1. Visited by a cracker (Thread)
2. Weird! (Thread)
3. Re[2]: Weird! (Thread)
4. Last login missing (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Ettercap v0.7.0 pre2
2. SnortNotify 1.02
3. Devil-Linux v1.2 Beta 1
4. GNU Anubis v3.9.94
5. DNSSEC Walker v3.4
6. Linux Intrusion Detection System (LIDS) v2.6.6
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Metasploit Framework (Part One)
By Pukhraj Singh and K.K. Mookhey
This article provides an elaborate insight into the Open Source exploit
framework, the Metasploit Framework, which is meant to change the future of
penetration testing once and for all. Part one of three.
http://www.securityfocus.com/infocus/1789
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. IBM Websphere Edge Server Denial Of Service Vulnerability
BugTraq ID: 10651
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10651
Summary:
A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server.
It is reported that if the proxy is configured with the JunctionRewrite directive in conjunction with the UseCookie option, an attacker may be able to crash the application.
A remote attacker reportedly is able to cause a denial of service condition with one request.
IBM has released a patch dealing with this issue. This patch is available only to customers with support levels 2 or 3.
2. 12Planet Chat Server Cross-Site Scripting Vulnerability
BugTraq ID: 10659
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10659
Summary:
It is reported that 12Planet Chat Server is prone to a cross-site scripting vulnerability. This issue is due to a lack of sanitization of user-supplied data.
The problem presents itself when malicious HTML or script code is passed in a URI argument to one of the servlets in the application.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed by an unsuspecting user, the hostile code may be rendered in the their web browser. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks.
Although version 2.9 of the software was reported vulnerable, other versions may also be affected.
3. Linux VServer Project ProcFS Weak Sharing Permissions Vulner...
BugTraq ID: 10660
Remote: No
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10660
Summary:
It is reported that VServer may be used in order to disclose memory contents and to deny service to the host operating system and other virtual servers. The vulnerability exists due to weak sharing permissions on procfs mounted directories. It is reported that a user residing in a VServer may make changes to a procfs mounted directory any changes made will affect the host operating system and all VServers that exist.
An attacker may exploit this issue to disclose information or initiate a denial of service.
4. Linux Kernel chown() System Call Group Ownership Alteration ...
BugTraq ID: 10662
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10662
Summary:
It is reported that the Linux kernel version 2.6 contains a flaw which allows users to improperly change the group ownership on arbitrary files that they do not own. For the Linux kernel 2.4.X this issue is only exploitable when the kernel NFS server is active, for the 2.6.X kernel this issue is always exploitable.
An attacker may reportedly be able to exploit this issue to gain superuser privileges.
This issue was reported in version 2.6.6, but other versions, including 2.4.X, are also likely vulnerable.
5. PureFTPd Accept_Client Remote Denial of Service Vulnerabilit...
BugTraq ID: 10664
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10664
Summary:
PureFTPd is reported prone to a remote undisclosed denial of service vulnerability. The vulnerability is reported to exist due to a bug in the accept_client function used to setup new connections. It is reported that when the maximum number of connections is reached an attacker may be able to deny service to the affected daemon.
It is reported that all versions of cPanel are also affected by this issue because cPanel ships with PureFTPd 1.0.12.
6. IlohaMail Email Header HTML Injection Vulnerability
BugTraq ID: 10668
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10668
Summary:
IlohaMail is reported to be prone to an email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings.
An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.
IlohaMail 0.8.12 and prior are prone to this issue.
7. Ethereal Multiple Unspecified iSNS, SMB and SNMP Protocol D...
BugTraq ID: 10672
Remote: Yes
Date Published: Jul 07 2004
Relevant URL: http://www.securityfocus.com/bid/10672
Summary:
Ethereal 0.10.5 has been released to address multiple vulnerabilities, including an iSNS protocol dissector vulnerability, a SMB protocol dissector vulnerability, and a SNMP protocol dissector vulnerability. These issues are due to a failure of the application to properly handle malformed packets.
Successful exploitation of these issues will allow an attacker to cause a denial of service condition in the affected application, it has also been reported that these issues may facilitate arbitrary code execution.
8. Sun Java Virtual Machine Font.createFont Method Insecure Tem...
BugTraq ID: 10685
Remote: Yes
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10685
Summary:
Sun Java Virtual Machine is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Unix, Linux, and Microsoft platforms.
Sun Java Virtual Machine is prone to an insecure temporary file creation weakness. It is reported that this file is created by the 'Font.createFont' method with the following name:
+~JFxxxxx.tmp
where xxxxx is a random number.
This issue can be combined with various other vulnerabilities in Internet Explorer to ultimately allow for code execution on a vulnerable computer.
9. Linux Kernel Floating Point Register Contents Leak Vulnerabi...
BugTraq ID: 10687
Remote: No
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10687
Summary:
The Linux kernel is reported prone to a data disclosure vulnerability.
It is reported that this issue may permit a malicious executable to disclose the contents of Floating Point registers that belong to another process.
It is reported that this vulnerability will only affect ia64 systems.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Visited by a cracker (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368736
2. Weird! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368598
3. Re[2]: Weird! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368597
4. Last login missing (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368070
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
2. SnortNotify 1.02
By: Adam Ely
Relevant URL: http://www.780inc.com/snortnotify/
Platforms: Linux
Summary:
Running from cron at a specified interval SnortNotify will search a snort database for new alerts. If new alerts match a pre configured priority level, an email will be sent to the contact. The email will include Sensor name, the signaturename, and the timestamp.
3. Devil-Linux v1.2 Beta 1
By: Heiko Zuerker <heiko (at) devil-linux (dot) org [email concealed]>
Relevant URL: http://www.devil-linux.org/download.htm
Platforms: Linux
Summary:
Devil-Linux is a special Linux distribution which is used for firewalls/routers. The goal of Devil-Linux is to have a small, customizable, and secure Linux system. Configuration is saved on a floppy disk, and it has several optional packages.
4. GNU Anubis v3.9.94
By: Wojciech Polak
Relevant URL: http://www.gnu.org/software/anubis/
Platforms: Linux, POSIX
Summary:
GNU Anubis is an outgoing mail processor. It goes between the MUA (Mail User Agent) and the MTA (Mail Transport Agent), and can perform various sorts of processing and conversion on-the-fly in accordance with the sender's specified rules, based on a highly configurable regular expressions system. It operates as a proxy server, and can edit outgoing mail headers, encrypt or sign mail with the GnuPG, build secure SMTP tunnels using the TLS/SSL encryption even if your mail user agent doesn't support it, or tunnel a connection through a SOCKS proxy server.
5. DNSSEC Walker v3.4
By: Simon Josefsson
Relevant URL: http://josefsson.org/walker/
Platforms: Linux, UNIX
Summary:
DNSSEC Walker is a tool to recover DNS zonefiles using the DNS protocol. The server does not have to support zonetransfer, but the zone must contain DNSSEC "NXT" records.
6. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg (at) gem.ncic.ac (dot) cn [email concealed]
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it is in effect, chosen files access, all system/network administration operations, any capability use, raw device, mem, and I/O access can be made impossible even for root. You can define which program can access which file. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: WhiteHat Security
Free Web Security Checkup
Find out if your web site is vulnerable to common web site vulnerabilities
such as Cross Site Scripting, SQL Injection or Directory Traversal with a
free web security checkup from WhiteHat Security.
Sign up for a free checkup at
http://www.securityfocus.com/sponsor/WhiteHat_linux-secnews_040713
------------------------------------------------------------------------
[ reply ]