SecurityFocus Linux Newsletter #202
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
I. FRONT AND CENTER
1. Examining a Public Exploit, Part 2
2. Academia Headaches
3. Metasploit Framework, Part 3
II. LINUX VULNERABILITY SUMMARY
1. Webmin / Usermin Installation Insecure Temporary File Creati...
2. Apache mod_ssl Remote Denial of Service Vulnerability
3. Samba Multiple ASN.1 and MailSlot Parsing Remote Denial Of S...
4. FocalMedia.net Turbo Seek Information Disclosure Vulnerabili...
5. Mozilla Firefox Default Installation File Permission Vulnera...
6. Multiple BEA Systems WebLogic Vulnerabilities
7. Mozilla Multiple URI Processing Heap Based Buffer Overflow V...
8. Mozilla Browser BMP Image Decoding Multiple Integer Overflow...
9. Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scri...
10. Mozilla/Firefox Browsers Unauthorized Clipboard Contents Dis...
11. Apache Web Server Configuration File Environment Variable Lo...
12. CUPS UDP Packet Remote Denial Of Service Vulnerability
13. LinuxPrinting.org Foomatic-Filter Command Execution Vulnerab...
14. Apache Mod_DAV LOCK Denial Of Service Vulnerability
15. Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
16. HP Web Jetadmin Unspecified Arbitrary Command Execution Vuln...
17. MyServer Directory Traversal Vulnerability
18. Mozilla/Firefox Browsers Tar.GZ Archive Weak Permissions Vul...
19. Mozilla/Firefox Browsers PrivilegeManager EnablePrivilege Di...
20. GDK-Pixbuf Multiple Vulnerabilities
21. LibXpm Image Decoding Multiple Remote Buffer Overflow Vulner...
22. Sudo Information Disclosure Vulnerability
23. Xine-lib DVD Subpicture Decoder Heap Overflow Vulnerability
24. Xine-lib VideoCD And Text Subtitle Stack Overflow Vulnerabil...
25. Samba Samba-VScan Undisclosed Denial Of Service Vulnerabilit...
III. LINUX FOCUS LIST SUMMARY
1. Network "Change Management" (Thread)
2. LIDS 1.2.2rc3 for Linux kernel 2.4.27 released (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. ID-Synch 3.1
2. Nmap v3.70
3. THC-Hydra v4.3
4. Pads 1.1
5. cenfw 0.3b
6. Firewall Builder 2.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Examining a Public Exploit, Part 2
By Don Parker
The purpose of this article is to analyze a public exploit in a lab
environment, see the alerts generated by an intrusion detection system, and
then do some packet analysis of the malicious binary in order to better
understand what it does and how you may have been compromised. Part 2 of 2.
http://www.securityfocus.com/infocus/1801
2. Academia Headaches
By Scott Granneman
Academic institutions who have to add, manage, and secure thousands of new
users within a period of just a few days face political and social issues
on top of the immense technical ones.
http://www.securityfocus.com/columnists/267
3. Metasploit Framework, Part 3
By Pukhraj Singh and K.K. Mookhey
This third and final article in the Metasploit series covers the msfcli
scripting interface as well as the intuitive web interface to the
Framework. The article also discusses what's new with version 2.2, and then
introduces the exploit development process through an example.
http://www.securityfocus.com/infocus/1800
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Webmin / Usermin Installation Insecure Temporary File Creati...
BugTraq ID: 11153
Remote: No
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11153
Summary:
It is reported that Webmin and Usermin create insecure temporary files during installation. The result of this is that temporary files created by the applications may use predictable filenames.
A local attacker may possibly exploit this vulnerability to execute symbolic link file overwrite attacks.
Versions of Usermin prior to version 1.090 are reported prone to this vulnerability. Webmin 1.150 and prior versions are affected as well.
2. Apache mod_ssl Remote Denial of Service Vulnerability
BugTraq ID: 11154
Remote: Yes
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11154
Summary:
Apache 2.x mod_ssl is reported prone to a remote denial of service vulnerability. This issue likely exists because the application fails to handle exceptional conditions. The vulnerability originates in the 'char_buffer_read' function of the 'ssl_engine_io.c' file.
It is likely that this issue only results in a denial of service condition in child process. This BID will be updated as more information becomes available.
Apache 2.0.50 is reported to be affected by this issue, however, it is possible that other versions are vulnerable as well.
3. Samba Multiple ASN.1 and MailSlot Parsing Remote Denial Of S...
BugTraq ID: 11156
Remote: Yes
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11156
Summary:
Samba is reportedly affected by multiple remote denial of service vulnerabilities. These issues are due to a failure to properly parse ASN.1 and MailSlot packets.
An attacker may leverage these issues to cause the affected Samba server to become inaccessible, and to crash the NetBIOS name server, effectively denying service to legitimate users.
4. FocalMedia.net Turbo Seek Information Disclosure Vulnerabili...
BugTraq ID: 11163
Remote: Yes
Date Published: Sep 12 2004
Relevant URL: http://www.securityfocus.com/bid/11163
Summary:
It is reported that Turbo Seek is prone to an information disclosure vulnerability.
Successful exploitation reportedly causes the affected application to display the contents of requested files to the attacker. This allows attackers to retrieve the contents of potentially sensitive web-server accessible files. This may aid them in further attacks.
Versions prior to 1.7.2 are reported to be affected by this vulnerability.
5. Mozilla Firefox Default Installation File Permission Vulnera...
BugTraq ID: 11166
Remote: No
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11166
Summary:
Mozilla Firefox is reported susceptible to an improper file permission vulnerability. This vulnerability is reported to exist only in the Linux archive as published by the Mozilla Foundation. If the browser is installed by package management software contained in many distributions of Linux, this vulnerability is likely not present.
This allows attackers with local interactive access to computers hosting installations of Firefox to overwrite binaries and scripts used by Firefox. This allows script, or code execution in the context of the user running the affected package.
If this method of installation is used to install a system-wide version of the browser by the superuser, then root-owned files are world writable, allowing for code execution in the context of any user utilizing the affected package.
The installation package from Mozilla.org for versions 0.9.x of Firefox for Linux is reported to contain this vulnerability.
6. Multiple BEA Systems WebLogic Vulnerabilities
BugTraq ID: 11168
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11168
Summary:
BEA Systems has released advisories to address multiple vulnerabilities in WebLogic Server and Express. These issues may permit unauthorized access, information disclosure, or pose threats to role and policy security.
7. Mozilla Multiple URI Processing Heap Based Buffer Overflow V...
BugTraq ID: 11170
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11170
Summary:
Mozilla is reportedly affected by multiple heap based buffer overflow vulnerabilities when processing URIs in emails. These issues are due to a failure of the affected application to validate user-supplied string lengths before copying them into finite process buffers.
An attacker might leverage these issues to have arbitrary code executed in the context of the user running the vulnerable application.
8. Mozilla Browser BMP Image Decoding Multiple Integer Overflow...
BugTraq ID: 11171
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11171
Summary:
Mozilla Browser is reportedly prone to multiple integer overflow vulnerabilities in the image parsing routines. These issues exist due to insufficient boundary checks performed by the application. A remote attacker may cause denial of service conditions in the client or execute arbitrary code to gain unauthorized access to a vulnerable computer.
These vulnerabilities were researched on Mozilla 1.7, however, other versions may be affected as well. Thunderbird 0.7 was also tested.
9. Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scri...
BugTraq ID: 11177
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11177
Summary:
Both Mozilla and Firefox are reported to be prone to a cross-domain scripting vulnerability. It is reported that URI links that are dragged from one browser window and dropped into another browser window will bypass the browser same-origin policy security checks.
Certain URI types may be employed by a malicious website in order to trigger this vulnerability. If successful, this attack will result in the execution of arbitrary script code in the context of a target domain.
10. Mozilla/Firefox Browsers Unauthorized Clipboard Contents Dis...
BugTraq ID: 11179
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11179
Summary:
A vulnerability is reported in Mozilla and Firefox browsers that could permit a remote site to gain access to contents of the client user's clipboard.
This vulnerability exists because certain unsafe scripting operations are permitted on TextAreas. This can lead to the disclosure of clipboard contents and malicious Web sites having the ability to write to a users clipboard.
11. Apache Web Server Configuration File Environment Variable Lo...
BugTraq ID: 11182
Remote: No
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11182
Summary:
Reportedly the Apache Web Server is affected by a configuration file environment variable local buffer overflow vulnerability. This issue is due to a failure of the affected application to validate user-supplied string lengths before copying them into finite process buffers.
An attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the Apache Web Server process.
12. CUPS UDP Packet Remote Denial Of Service Vulnerability
BugTraq ID: 11183
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11183
Summary:
CUPS is prone to a remotely exploitable denial of service vulnerability that may be triggered through port 631 by a zero-length UDP packet.
13. LinuxPrinting.org Foomatic-Filter Command Execution Vulnerab...
BugTraq ID: 11184
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11184
Summary:
Reportedly the LinuxPrinting.org Foomatic-Filter is affected by an arbitrary command execution vulnerability. Although unconfirmed, it is likely that this issue is due to a failure of the affected script to properly validate input when issuing shell commands.
An attacker may exploit this issue to execute arbitrary commands as the printer user on a computer running the vulnerable software.
14. Apache Mod_DAV LOCK Denial Of Service Vulnerability
BugTraq ID: 11185
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11185
Summary:
Apache's 'mod_dav' module is reported susceptible to a denial of service vulnerability.
This vulnerability presents itself when Apache is configured to use the 'mod_dav' module, and it receives a specific sequence of LOCK commands from an authorized user.
This vulnerability can be exploited by remote attackers to crash Apache processes. If Apache is configured to use the threaded process model, an attacker could completely crash Apache. If Apache is configured to use multiple processes as apposed to threads, an attacker could crash individual web server processes. With a sustained attack, they could crash multiple server processes, and still likely deny service to legitimate users.
All versions of Apache 2.0, prior to 2.0.51 are reported vulnerable.
15. Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
BugTraq ID: 11187
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11187
Summary:
Apache Web Server is reportedly affected by a remote buffer overflow vulnerability. This issue is due to a buffer boundary condition error that fails to provide a valid string length parameter while using libc memory copy functions.
It has been reported that this issue can be exploited to execute arbitrary code on computers running BSD based Unix variants. This issue is reportedly due to the implementation of the 'memcpy()' function.
On Linux based Unix variants this issue can only be exploited to trigger a denial of service condition.
16. HP Web Jetadmin Unspecified Arbitrary Command Execution Vuln...
BugTraq ID: 11188
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11188
Summary:
HP Web Jetadmin is prone to an unspecified arbitrary arbitrary command execution vulnerability. This issue was reported by the vendor and it may allow a remote attacker to execute arbitrary commands on a vulnerable computer running Web Jetadmin. This may allow the attacker to gain unauthorized access to the computer.
HP Web Jetadmin version 7.5 is reported prone to this issue.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
17. MyServer Directory Traversal Vulnerability
BugTraq ID: 11189
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11189
Summary:
MyServer is reported prone to a remote directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. This vulnerability results in improper access to potentially sensitive files located outside of the document root of the web server.
MyServer version 0.7 is reportedly affected by this issue, however, other versions may be vulnerable as well.
18. Mozilla/Firefox Browsers Tar.GZ Archive Weak Permissions Vul...
BugTraq ID: 11192
Remote: No
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11192
Summary:
Mozilla and Mozilla Firefox browsers tar.gz archive that contains the installation files is reported susceptible to an improper file permissions vulnerability. It is reported that if the archive is extracted in a certain manner, then the archive is extracted with world read/writeable permissions on its contents.
This allows attackers with local interactive access to overwrite or modify installation files used during the installation of the browser.
19. Mozilla/Firefox Browsers PrivilegeManager EnablePrivilege Di...
BugTraq ID: 11194
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11194
Summary:
A vulnerability is reported in the Mozilla 'enablePrivilege' method. Because the argument data of a 'enablePrivilege' method is used as text in a prompt dialog if the user has not accessed the principal previously, it is possible to manipulate dialog contents.
A remote attacker may exploit this condition to influence a victim user into permitting a malicious script to run.
20. GDK-Pixbuf Multiple Vulnerabilities
BugTraq ID: 11195
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11195
Summary:
Multiple vulnerabilities have been reported in gdk-pixbuf.
The first vulnerability in the library presents itself upon attempting to decode BMP images. In certain circumstances, the library may enter into an infinite loop, consuming CPU resources, and halting further execution of applications utilizing the library.
The second and third vulnerabilities are exist when the library attempts to decode XPM images. Specially crafted image files could either crash applications utilizing the affected library, or allow for the execution of attacker-supplied code.
The forth and last vulnerability in the library presents itself upon attempting to decode ICO images. Specially crafted ICO files could cause applications to crash.
These vulnerabilities allow attackers to crash applications, or execute arbitrary code in the context of applications that use the affected library.
21. LibXpm Image Decoding Multiple Remote Buffer Overflow Vulner...
BugTraq ID: 11196
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11196
Summary:
Multiple vulnerabilities are reported to exist in the libXpm. These issues may be triggered when the library handles malformed XPM images. The vulnerabilities exist due to insufficient boundary checks performed by the application and may allow for unauthorized access to a vulnerable computer.
An attacker can exploit these issues by crafting a malicious XPM file and having unsuspecting users view the file through an application that uses the affected library.
LibXpm shipped with X.org X11R6 6.8.0 is reported vulnerable to this issue.
This BID will be divided and updated as more information becomes available.
22. Sudo Information Disclosure Vulnerability
BugTraq ID: 11204
Remote: No
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11204
Summary:
Sudo is reported prone to an information disclosure vulnerability.
This vulnerability presents itself when sudo is called with the '-e' option, or the 'sudoedit' command is invoked. In certain circumstances, attackers may access the contents of arbitrary files with superuser privileges.
Version 1.6.8 is reported susceptible to this vulnerability.
23. Xine-lib DVD Subpicture Decoder Heap Overflow Vulnerability
BugTraq ID: 11205
Remote: Yes
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11205
Summary:
A buffer overflow in the DVD subpicture component, exploitable through malicious DVD or MPEG content, may allow for the execution of arbitrary code. The Xine-lib decoder converts subpicture data into an internal representation and stores it in dynamically allocated memory. There exists a flaw in the calculation of required buffer space that may result in allocation of a buffer that is too small. Consequently, neighboring data in the heap may be corrupted when data is written to the buffer.
This vulnerability can theoretically be exploited to write arbitrary words to nearly arbitrary locations in memory. The Linux and Windows dynamic memory allocation subsystems may be more susceptible than BSD-based systems.
24. Xine-lib VideoCD And Text Subtitle Stack Overflow Vulnerabil...
BugTraq ID: 11206
Remote: Yes
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11206
Summary:
Two buffer overflows are reported to exist in Xine-lib. These issues are exploitable through malicious VideoCDs or subtitle text content, and may allow for the execution of arbitrary code in the context of the user invoking Xine. Attackers can overwrite critical memory structures and return addresses in order to control the flow of execution of the application.
The first vulnerability presents itself when the affected application attempts to read malicious ISO disk labels from VideoCDs. The second vulnerability presents itself when the affected application attempts to parse malicious text subtitle data.
Xine-lib versions 1-rc2 though 1-rc5 are reported vulnerable to these issues.
25. Samba Samba-VScan Undisclosed Denial Of Service Vulnerabilit...
BugTraq ID: 11216
Remote: Yes
Date Published: Sep 17 2004
Relevant URL: http://www.securityfocus.com/bid/11216
Summary:
An undisclosed denial of service vulnerability is reported to exist that may result in a denial of service for both the smbd and nmbd daemons. It is reported that the counter and pointer-handling present in 'samba-vscan' may provide an exploit vector for this vulnerability.
This BID will be updated when further information regarding this vulnerability is made available.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Network "Change Management" (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/375863
2. LIDS 1.2.2rc3 for Linux kernel 2.4.27 released (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/375239
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris, SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost of user administration, helps new and reassigned users get to work more quickly, and ensures prompt and reliable access termination. This is accomplished through automatic propagation of changes to user profiles from systems of record to managed systems, with self service workflow for security change requests, through consolidated and delegated user administration, and with federation.
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP frag
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Visit the project web site to download Win32, Palm and ARM binaries. Changes: important bugfix!
4. Pads 1.1
By: Matt Shelton
Relevant URL: http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary:
Pads (Passive Asset Detection System) is a signature-based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
5. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database driven, windows interface to linux IPtables firewall rules.
6. Firewall Builder 2.0
By: Vadim Kurland
Relevant URL: http://www.fwbuilder.org/
Platforms: FreeBSD, Linux, MacOS, Solaris, Windows 2000, Windows XP
Summary:
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, and support for a new firewall platform can be added to the GUI without any changes to the program (only a new policy compiler is needed). This provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, and OpenBSD pf.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Examining a Public Exploit, Part 2
2. Academia Headaches
3. Metasploit Framework, Part 3
II. LINUX VULNERABILITY SUMMARY
1. Webmin / Usermin Installation Insecure Temporary File Creati...
2. Apache mod_ssl Remote Denial of Service Vulnerability
3. Samba Multiple ASN.1 and MailSlot Parsing Remote Denial Of S...
4. FocalMedia.net Turbo Seek Information Disclosure Vulnerabili...
5. Mozilla Firefox Default Installation File Permission Vulnera...
6. Multiple BEA Systems WebLogic Vulnerabilities
7. Mozilla Multiple URI Processing Heap Based Buffer Overflow V...
8. Mozilla Browser BMP Image Decoding Multiple Integer Overflow...
9. Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scri...
10. Mozilla/Firefox Browsers Unauthorized Clipboard Contents Dis...
11. Apache Web Server Configuration File Environment Variable Lo...
12. CUPS UDP Packet Remote Denial Of Service Vulnerability
13. LinuxPrinting.org Foomatic-Filter Command Execution Vulnerab...
14. Apache Mod_DAV LOCK Denial Of Service Vulnerability
15. Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
16. HP Web Jetadmin Unspecified Arbitrary Command Execution Vuln...
17. MyServer Directory Traversal Vulnerability
18. Mozilla/Firefox Browsers Tar.GZ Archive Weak Permissions Vul...
19. Mozilla/Firefox Browsers PrivilegeManager EnablePrivilege Di...
20. GDK-Pixbuf Multiple Vulnerabilities
21. LibXpm Image Decoding Multiple Remote Buffer Overflow Vulner...
22. Sudo Information Disclosure Vulnerability
23. Xine-lib DVD Subpicture Decoder Heap Overflow Vulnerability
24. Xine-lib VideoCD And Text Subtitle Stack Overflow Vulnerabil...
25. Samba Samba-VScan Undisclosed Denial Of Service Vulnerabilit...
III. LINUX FOCUS LIST SUMMARY
1. Network "Change Management" (Thread)
2. LIDS 1.2.2rc3 for Linux kernel 2.4.27 released (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. ID-Synch 3.1
2. Nmap v3.70
3. THC-Hydra v4.3
4. Pads 1.1
5. cenfw 0.3b
6. Firewall Builder 2.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Examining a Public Exploit, Part 2
By Don Parker
The purpose of this article is to analyze a public exploit in a lab
environment, see the alerts generated by an intrusion detection system, and
then do some packet analysis of the malicious binary in order to better
understand what it does and how you may have been compromised. Part 2 of 2.
http://www.securityfocus.com/infocus/1801
2. Academia Headaches
By Scott Granneman
Academic institutions who have to add, manage, and secure thousands of new
users within a period of just a few days face political and social issues
on top of the immense technical ones.
http://www.securityfocus.com/columnists/267
3. Metasploit Framework, Part 3
By Pukhraj Singh and K.K. Mookhey
This third and final article in the Metasploit series covers the msfcli
scripting interface as well as the intuitive web interface to the
Framework. The article also discusses what's new with version 2.2, and then
introduces the exploit development process through an example.
http://www.securityfocus.com/infocus/1800
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Webmin / Usermin Installation Insecure Temporary File Creati...
BugTraq ID: 11153
Remote: No
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11153
Summary:
It is reported that Webmin and Usermin create insecure temporary files during installation. The result of this is that temporary files created by the applications may use predictable filenames.
A local attacker may possibly exploit this vulnerability to execute symbolic link file overwrite attacks.
Versions of Usermin prior to version 1.090 are reported prone to this vulnerability. Webmin 1.150 and prior versions are affected as well.
2. Apache mod_ssl Remote Denial of Service Vulnerability
BugTraq ID: 11154
Remote: Yes
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11154
Summary:
Apache 2.x mod_ssl is reported prone to a remote denial of service vulnerability. This issue likely exists because the application fails to handle exceptional conditions. The vulnerability originates in the 'char_buffer_read' function of the 'ssl_engine_io.c' file.
It is likely that this issue only results in a denial of service condition in child process. This BID will be updated as more information becomes available.
Apache 2.0.50 is reported to be affected by this issue, however, it is possible that other versions are vulnerable as well.
3. Samba Multiple ASN.1 and MailSlot Parsing Remote Denial Of S...
BugTraq ID: 11156
Remote: Yes
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11156
Summary:
Samba is reportedly affected by multiple remote denial of service vulnerabilities. These issues are due to a failure to properly parse ASN.1 and MailSlot packets.
An attacker may leverage these issues to cause the affected Samba server to become inaccessible, and to crash the NetBIOS name server, effectively denying service to legitimate users.
4. FocalMedia.net Turbo Seek Information Disclosure Vulnerabili...
BugTraq ID: 11163
Remote: Yes
Date Published: Sep 12 2004
Relevant URL: http://www.securityfocus.com/bid/11163
Summary:
It is reported that Turbo Seek is prone to an information disclosure vulnerability.
Successful exploitation reportedly causes the affected application to display the contents of requested files to the attacker. This allows attackers to retrieve the contents of potentially sensitive web-server accessible files. This may aid them in further attacks.
Versions prior to 1.7.2 are reported to be affected by this vulnerability.
5. Mozilla Firefox Default Installation File Permission Vulnera...
BugTraq ID: 11166
Remote: No
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11166
Summary:
Mozilla Firefox is reported susceptible to an improper file permission vulnerability. This vulnerability is reported to exist only in the Linux archive as published by the Mozilla Foundation. If the browser is installed by package management software contained in many distributions of Linux, this vulnerability is likely not present.
This allows attackers with local interactive access to computers hosting installations of Firefox to overwrite binaries and scripts used by Firefox. This allows script, or code execution in the context of the user running the affected package.
If this method of installation is used to install a system-wide version of the browser by the superuser, then root-owned files are world writable, allowing for code execution in the context of any user utilizing the affected package.
The installation package from Mozilla.org for versions 0.9.x of Firefox for Linux is reported to contain this vulnerability.
6. Multiple BEA Systems WebLogic Vulnerabilities
BugTraq ID: 11168
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11168
Summary:
BEA Systems has released advisories to address multiple vulnerabilities in WebLogic Server and Express. These issues may permit unauthorized access, information disclosure, or pose threats to role and policy security.
7. Mozilla Multiple URI Processing Heap Based Buffer Overflow V...
BugTraq ID: 11170
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11170
Summary:
Mozilla is reportedly affected by multiple heap based buffer overflow vulnerabilities when processing URIs in emails. These issues are due to a failure of the affected application to validate user-supplied string lengths before copying them into finite process buffers.
An attacker might leverage these issues to have arbitrary code executed in the context of the user running the vulnerable application.
8. Mozilla Browser BMP Image Decoding Multiple Integer Overflow...
BugTraq ID: 11171
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11171
Summary:
Mozilla Browser is reportedly prone to multiple integer overflow vulnerabilities in the image parsing routines. These issues exist due to insufficient boundary checks performed by the application. A remote attacker may cause denial of service conditions in the client or execute arbitrary code to gain unauthorized access to a vulnerable computer.
These vulnerabilities were researched on Mozilla 1.7, however, other versions may be affected as well. Thunderbird 0.7 was also tested.
9. Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scri...
BugTraq ID: 11177
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11177
Summary:
Both Mozilla and Firefox are reported to be prone to a cross-domain scripting vulnerability. It is reported that URI links that are dragged from one browser window and dropped into another browser window will bypass the browser same-origin policy security checks.
Certain URI types may be employed by a malicious website in order to trigger this vulnerability. If successful, this attack will result in the execution of arbitrary script code in the context of a target domain.
10. Mozilla/Firefox Browsers Unauthorized Clipboard Contents Dis...
BugTraq ID: 11179
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11179
Summary:
A vulnerability is reported in Mozilla and Firefox browsers that could permit a remote site to gain access to contents of the client user's clipboard.
This vulnerability exists because certain unsafe scripting operations are permitted on TextAreas. This can lead to the disclosure of clipboard contents and malicious Web sites having the ability to write to a users clipboard.
11. Apache Web Server Configuration File Environment Variable Lo...
BugTraq ID: 11182
Remote: No
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11182
Summary:
Reportedly the Apache Web Server is affected by a configuration file environment variable local buffer overflow vulnerability. This issue is due to a failure of the affected application to validate user-supplied string lengths before copying them into finite process buffers.
An attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the Apache Web Server process.
12. CUPS UDP Packet Remote Denial Of Service Vulnerability
BugTraq ID: 11183
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11183
Summary:
CUPS is prone to a remotely exploitable denial of service vulnerability that may be triggered through port 631 by a zero-length UDP packet.
13. LinuxPrinting.org Foomatic-Filter Command Execution Vulnerab...
BugTraq ID: 11184
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11184
Summary:
Reportedly the LinuxPrinting.org Foomatic-Filter is affected by an arbitrary command execution vulnerability. Although unconfirmed, it is likely that this issue is due to a failure of the affected script to properly validate input when issuing shell commands.
An attacker may exploit this issue to execute arbitrary commands as the printer user on a computer running the vulnerable software.
14. Apache Mod_DAV LOCK Denial Of Service Vulnerability
BugTraq ID: 11185
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11185
Summary:
Apache's 'mod_dav' module is reported susceptible to a denial of service vulnerability.
This vulnerability presents itself when Apache is configured to use the 'mod_dav' module, and it receives a specific sequence of LOCK commands from an authorized user.
This vulnerability can be exploited by remote attackers to crash Apache processes. If Apache is configured to use the threaded process model, an attacker could completely crash Apache. If Apache is configured to use multiple processes as apposed to threads, an attacker could crash individual web server processes. With a sustained attack, they could crash multiple server processes, and still likely deny service to legitimate users.
All versions of Apache 2.0, prior to 2.0.51 are reported vulnerable.
15. Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
BugTraq ID: 11187
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11187
Summary:
Apache Web Server is reportedly affected by a remote buffer overflow vulnerability. This issue is due to a buffer boundary condition error that fails to provide a valid string length parameter while using libc memory copy functions.
It has been reported that this issue can be exploited to execute arbitrary code on computers running BSD based Unix variants. This issue is reportedly due to the implementation of the 'memcpy()' function.
On Linux based Unix variants this issue can only be exploited to trigger a denial of service condition.
16. HP Web Jetadmin Unspecified Arbitrary Command Execution Vuln...
BugTraq ID: 11188
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11188
Summary:
HP Web Jetadmin is prone to an unspecified arbitrary arbitrary command execution vulnerability. This issue was reported by the vendor and it may allow a remote attacker to execute arbitrary commands on a vulnerable computer running Web Jetadmin. This may allow the attacker to gain unauthorized access to the computer.
HP Web Jetadmin version 7.5 is reported prone to this issue.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
17. MyServer Directory Traversal Vulnerability
BugTraq ID: 11189
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11189
Summary:
MyServer is reported prone to a remote directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. This vulnerability results in improper access to potentially sensitive files located outside of the document root of the web server.
MyServer version 0.7 is reportedly affected by this issue, however, other versions may be vulnerable as well.
18. Mozilla/Firefox Browsers Tar.GZ Archive Weak Permissions Vul...
BugTraq ID: 11192
Remote: No
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11192
Summary:
Mozilla and Mozilla Firefox browsers tar.gz archive that contains the installation files is reported susceptible to an improper file permissions vulnerability. It is reported that if the archive is extracted in a certain manner, then the archive is extracted with world read/writeable permissions on its contents.
This allows attackers with local interactive access to overwrite or modify installation files used during the installation of the browser.
19. Mozilla/Firefox Browsers PrivilegeManager EnablePrivilege Di...
BugTraq ID: 11194
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11194
Summary:
A vulnerability is reported in the Mozilla 'enablePrivilege' method. Because the argument data of a 'enablePrivilege' method is used as text in a prompt dialog if the user has not accessed the principal previously, it is possible to manipulate dialog contents.
A remote attacker may exploit this condition to influence a victim user into permitting a malicious script to run.
20. GDK-Pixbuf Multiple Vulnerabilities
BugTraq ID: 11195
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11195
Summary:
Multiple vulnerabilities have been reported in gdk-pixbuf.
The first vulnerability in the library presents itself upon attempting to decode BMP images. In certain circumstances, the library may enter into an infinite loop, consuming CPU resources, and halting further execution of applications utilizing the library.
The second and third vulnerabilities are exist when the library attempts to decode XPM images. Specially crafted image files could either crash applications utilizing the affected library, or allow for the execution of attacker-supplied code.
The forth and last vulnerability in the library presents itself upon attempting to decode ICO images. Specially crafted ICO files could cause applications to crash.
These vulnerabilities allow attackers to crash applications, or execute arbitrary code in the context of applications that use the affected library.
21. LibXpm Image Decoding Multiple Remote Buffer Overflow Vulner...
BugTraq ID: 11196
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11196
Summary:
Multiple vulnerabilities are reported to exist in the libXpm. These issues may be triggered when the library handles malformed XPM images. The vulnerabilities exist due to insufficient boundary checks performed by the application and may allow for unauthorized access to a vulnerable computer.
An attacker can exploit these issues by crafting a malicious XPM file and having unsuspecting users view the file through an application that uses the affected library.
LibXpm shipped with X.org X11R6 6.8.0 is reported vulnerable to this issue.
This BID will be divided and updated as more information becomes available.
22. Sudo Information Disclosure Vulnerability
BugTraq ID: 11204
Remote: No
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11204
Summary:
Sudo is reported prone to an information disclosure vulnerability.
This vulnerability presents itself when sudo is called with the '-e' option, or the 'sudoedit' command is invoked. In certain circumstances, attackers may access the contents of arbitrary files with superuser privileges.
Version 1.6.8 is reported susceptible to this vulnerability.
23. Xine-lib DVD Subpicture Decoder Heap Overflow Vulnerability
BugTraq ID: 11205
Remote: Yes
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11205
Summary:
A buffer overflow in the DVD subpicture component, exploitable through malicious DVD or MPEG content, may allow for the execution of arbitrary code. The Xine-lib decoder converts subpicture data into an internal representation and stores it in dynamically allocated memory. There exists a flaw in the calculation of required buffer space that may result in allocation of a buffer that is too small. Consequently, neighboring data in the heap may be corrupted when data is written to the buffer.
This vulnerability can theoretically be exploited to write arbitrary words to nearly arbitrary locations in memory. The Linux and Windows dynamic memory allocation subsystems may be more susceptible than BSD-based systems.
24. Xine-lib VideoCD And Text Subtitle Stack Overflow Vulnerabil...
BugTraq ID: 11206
Remote: Yes
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11206
Summary:
Two buffer overflows are reported to exist in Xine-lib. These issues are exploitable through malicious VideoCDs or subtitle text content, and may allow for the execution of arbitrary code in the context of the user invoking Xine. Attackers can overwrite critical memory structures and return addresses in order to control the flow of execution of the application.
The first vulnerability presents itself when the affected application attempts to read malicious ISO disk labels from VideoCDs. The second vulnerability presents itself when the affected application attempts to parse malicious text subtitle data.
Xine-lib versions 1-rc2 though 1-rc5 are reported vulnerable to these issues.
25. Samba Samba-VScan Undisclosed Denial Of Service Vulnerabilit...
BugTraq ID: 11216
Remote: Yes
Date Published: Sep 17 2004
Relevant URL: http://www.securityfocus.com/bid/11216
Summary:
An undisclosed denial of service vulnerability is reported to exist that may result in a denial of service for both the smbd and nmbd daemons. It is reported that the counter and pointer-handling present in 'samba-vscan' may provide an exploit vector for this vulnerability.
This BID will be updated when further information regarding this vulnerability is made available.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Network "Change Management" (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/375863
2. LIDS 1.2.2rc3 for Linux kernel 2.4.27 released (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/375239
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris, SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost of user administration, helps new and reassigned users get to work more quickly, and ensures prompt and reliable access termination. This is accomplished through automatic propagation of changes to user profiles from systems of record to managed systems, with self service workflow for security change requests, through consolidated and delegated user administration, and with federation.
2. Nmap v3.70
By: Fyodor
Relevant URL: http://www.insecure.org/nmap/
Platforms: AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris, SunOS, UNIX
Summary:
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP frag
3. THC-Hydra v4.3
By: THC
Relevant URL: http://www.thc.org/releases/hydra-4.3-src.tar.gz
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris, UNIX
Summary:
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Visit the project web site to download Win32, Palm and ARM binaries. Changes: important bugfix!
4. Pads 1.1
By: Matt Shelton
Relevant URL: http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary:
Pads (Passive Asset Detection System) is a signature-based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
5. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database driven, windows interface to linux IPtables firewall rules.
6. Firewall Builder 2.0
By: Vadim Kurland
Relevant URL: http://www.fwbuilder.org/
Platforms: FreeBSD, Linux, MacOS, Solaris, Windows 2000, Windows XP
Summary:
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, and support for a new firewall platform can be added to the GUI without any changes to the program (only a new policy compiler is needed). This provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, and OpenBSD pf.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
[ reply ]