Date: 9 Feb 2005 17:59:25 -0000
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #222
SecurityFocus Linux Newsletter #222
------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Penetration Testing IPsec VPNs
     2. Linux Kernel Security is Lacking
     3. Apache 2 with SSL/TLS: Step-by-Step, Part 2
     4. Of Dog Sniffs and Packet Sniffs
II. LINUX VULNERABILITY SUMMARY
     1. NCPFS Multiple Remote Vulnerabilities
     2. CitrusDB Credit Card Data Remote Information Disclosure Vuln...
     3. Xoops Incontent Module Directory Traversal Vulnerability
     4. Clam Anti-Virus ClamAV ZIP File Parsing Remote Denial Of Ser...
     5. RealNetworks RealPlayer Drag And Drop Zone Bypass Vulnerabil...
     6. PostgreSQL LOAD Extension Local Privilege Escalation Vulnera...
     7. Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnera...
     8. SquirrelMail URL Remote Code Execution Vulnerability
     9. Newsfetch SScanf Remote Buffer Overflow Vulnerability
     10. PostgreSQL Multiple Remote Vulnerabilities
     11. Newspost Remote Buffer Overflow Vulnerability
     12. Perl SuidPerl Multiple Local Vulnerabilities
     13. Squid Proxy squid_ldap_auth Authentication Bypass 
Vulnerabil...
     14. Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability
     15. Squid Proxy Malformed HTTP Header Parsing Cache Poisoning 
Vu...
     16. D-BUS Session Bus Local Privilege Escalation Vulnerability
     17. Python SimpleXMLRPCServer Library Module Unauthorized 
Access...
     18. SunShop Shopping Cart Cross-Site Scripting Vulnerability
     19. Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer 
Overflo...
     20. ht://Dig Unspecified Cross-Site Scripting Vulnerability
     21. Postfix IPv6 Unauthorized Mail Relay Vulnerability
     22. PowerDNS Unspecified Remote Denial of Service Vulnerability
     23. Netgear DG834 ADSL Firewall Router Insecure Configuration 
Vu...
III. LINUX FOCUS LIST SUMMARY
     NO NEW POSTS FOR THE WEEK 2005-02-01 to 2005-02-08.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. CoreGuard Core Security System
     2. EnCase Forensic Edition
     3. KeyGhost SX
     4. SafeKit
     5. Astaro Linux Firewall
     6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
     1. DigSig 1.3.2
     2. Firestarter 1.0.0
     3. Network Equipment Performance Monitor 2.2
     4. BitDefender for qmail v1.5.5-2 
     5. Bilbo 0.11
     6. Ipanto Secure 2.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Penetration Testing IPsec VPNs
By Rohyt Belani and K.K. Mookhey
This article discusses a methodology to assess the security posture of 
an
organization's IPsec based VPN architecture.
http://www.securityfocus.com/infocus/1821

2. Linux Kernel Security is Lacking
By Jason Miller
Recent events have shown that the way security in the Linux kernel is
handled is broken, and it needs to be fixed right now.
http://www.securityfocus.com/columnists/296

3. Apache 2 with SSL/TLS: Step-by-Step, Part 2
By Artur Maj
This article is part two of a three part series dedicated to 
configuring
Apache 2.0 with SSL/TLS support, for maxiumum security and optimal
performance. This article offers mod_ssl recommendations and then 
discusses
three different ways to sign a certificate, including setting up a 
local
Certificate Authority using OpenSSL.
http://www.securityfocus.com/infocus/1820

4. Of Dog Sniffs and Packet Sniffs
By Mark Rasch
Why a Supreme Court decision on canine-assisted roadside searches opens 
the
door to a new regime of Internet surveillance.
http://www.securityfocus.com/columnists/297

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. NCPFS Multiple Remote Vulnerabilities
BugTraq ID: 12400
Remote: Yes
Date Published: Jan 31 2005
Relevant URL: http://www.securityfocus.com/bid/12400
Summary:
Multiple remote vulnerabilities affect ncpfs.  These issues are due to 
a failure to manage access privileges securely and a failure to 
validate the length of user-supplied strings prior to copying them into finite 
process buffers.

The first issue is a remote buffer overflow vulnerability. The second 
issue is an access validation issue due to the setuid privileges of 
ncpfs utilities.

An attacker may leverage these issues to execute arbitrary code with 
the privileges of the affected application and to access arbitrary files 
with the escalated privileges.

2. CitrusDB Credit Card Data Remote Information Disclosure Vuln...
BugTraq ID: 12402
Remote: Yes
Date Published: Jan 31 2005
Relevant URL: http://www.securityfocus.com/bid/12402
Summary:
A remote information disclosure issue affects CitrusDB.  This issue is 
due to a design problem that grants unauthorized users the ability to 
export sensitive data.

An attacker may leverage this issue to gain access to sensitive 
information including credit card data.

3. Xoops Incontent Module Directory Traversal Vulnerability
BugTraq ID: 12406
Remote: Yes
Date Published: Jan 28 2005
Relevant URL: http://www.securityfocus.com/bid/12406
Summary:
Xoops Incontent module is reported prone to a directory traversal 
vulnerability.  This issue is due to a failure of the application to 
properly sanitize user-supplied input.

A malicious user could issue a request containing directory traversal 
strings such as '../' to possibly view files outside the server root 
directory.

Incontent version 3.0 is reported to be susceptible to this 
vulnerability. Other versions may also be affected.

4. Clam Anti-Virus ClamAV ZIP File Parsing Remote Denial Of Ser...
BugTraq ID: 12408
Remote: Yes
Date Published: Jan 31 2005
Relevant URL: http://www.securityfocus.com/bid/12408
Summary:
A remote denial of service vulnerability affects ClamAV.  This issue is 
due to a failure of the application to properly handle malicious file 
content.

An attacker may leverage this issue to crash the Clam Anti-Virus 
daemon, potentially leaving an affected computer open to infection by 
malicious code.

5. RealNetworks RealPlayer Drag And Drop Zone Bypass Vulnerabil...
BugTraq ID: 12410
Remote: Yes
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12410
Summary:
RealNetworks RealPlayer is reported susceptible to a security zone 
bypass vulnerability. This issue is due to a failure of the application to 
properly enforce security zones, potentially allowing remote attackers 
to execute HTML or script code in the Local Zone of affected client 
computers.

The embedded Internet Explorer engine in RealPlayer reportedly loads 
attacker-supplied files in the Local Zone, allowing attackers to execute 
malicious HTML and script code with potentially elevated privileges. 
This issue may be a variant, or be related to BIDs 10973, or 11466.

It is unclear at this time if a further vulnerability has been 
discovered by this disclosure. This BID will be updated as further analysis is 
completed.

6. PostgreSQL LOAD Extension Local Privilege Escalation Vulnera...
BugTraq ID: 12411
Remote: No
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12411
Summary:
A local privilege escalation vulnerability affects PostgreSQL.  This 
issue is due to a failure of the application to restrict critical 
functionality to privileged users.

An attacker may leverage this issue to execute arbitrary code with the 
privileges of the affected database, potentially facilitating privilege 
escalation.

7. Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnera...
BugTraq ID: 12412
Remote: Yes
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12412
Summary:
A remote unspecified vulnerability reportedly affects Squid Proxy.  
This issue is due to a failure of the application to properly handle 
malformed HTTP headers.

The impact of this issue is currently unknown.  This BID will be 
updated when more information becomes available.

8. SquirrelMail URL Remote Code Execution Vulnerability
BugTraq ID: 12413
Remote: Yes
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12413
Summary:
A remote code execution vulnerability affects SquirrelMail.  Although 
unconfirmed, it is likely that this issue is due to a failure of the 
application to properly sanitize user-supplied input prior to including it 
in functionality designed to carry out critical actions.

An attacker may leverage this issue to execute arbitrary code with the 
privileges of the 'www-data' user; this may facilitate privilege 
escalation and system compromise.

9. Newsfetch SScanf Remote Buffer Overflow Vulnerability
BugTraq ID: 12414
Remote: Yes
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12414
Summary:
Newsfetch makes several insecure sscanf calls that could potentially 
result in a buffer overflow.  This is a result of insufficient bounds 
checking when sscanf stores data in an internal buffer.

10. PostgreSQL Multiple Remote Vulnerabilities
BugTraq ID: 12417
Remote: Yes
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12417
Summary:
Multiple remote vulnerabilities affect PostgreSQL.  These issues are 
due to design errors, buffer mismanagement errors, and issues that are 
currently unspecified.

The first issue is a failure of the application to ensure function 
permissions are enforced. The second issue is a buffer overflow triggered 
when cursor declaration occurs. The final vulnerability is an 
unspecified security issue that exists in 'contrib/intagg'. The information 
currently available is not sufficient to provide a more in-depth technical 
description.  This BID will be updated with the release of further 
details.

An attacker may leverage these issues to execute arbitrary code with 
the privileges of the vulnerable database process and to execute 
functions without requiring permission.  Other attacks are also possible.

11. Newspost Remote Buffer Overflow Vulnerability
BugTraq ID: 12418
Remote: Yes
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12418
Summary:
Newspost is prone to a remote buffer overflow vulnerability due to an 
unbounded memory copy operation.

The problem occurs in the 'socket_getline()' function of 'socket.c' 
when the vulnerable client handles NNTP server responses.

Successful exploitation of this issue could potentially lead to 
arbitrary code execution.

This issue was reported to affect Newspost 2.1.1 and prior, however, 
other versions may be vulnerable.

12. Perl SuidPerl Multiple Local Vulnerabilities
BugTraq ID: 12426
Remote: No
Date Published: Feb 02 2005
Relevant URL: http://www.securityfocus.com/bid/12426
Summary:
SuidPerl is reported prone to multiple vulnerabilities. The following 
individual issues are reported:

It is reported that the 'PERLIO_DEBUG' SuidPerl environment variable 
may be employed to corrupt arbitrary files.

A local unprivileged attacker may exploit this vulnerability to corrupt 
arbitrary files with superuser privileges. This may ultimately lead to 
a denial of service for legitimate users or privilege escalation.

SuidPerl is reported prone to a local buffer overflow vulnerability as 
well.  This buffer overflow vulnerability may be exploited by a local 
attacker to gain superuser privileges.  This issue is also exploited 
through the 'PERLIO_DEBUG' variable.

13. Squid Proxy squid_ldap_auth Authentication Bypass Vulnerabil...
BugTraq ID: 12431
Remote: Yes
Date Published: Feb 02 2005
Relevant URL: http://www.securityfocus.com/bid/12431
Summary:
Squid Proxy is reported prone to an authentication bypass 
vulnerability.  This issue seems to result of insufficient input validation.

It is reported that the 'squid_ldap_auth' module is affected by this 
issue.  A remote attacker may gain unauthorized access or gain elevated 
privileges from bypassing access controls.

Squid versions 2.5 and earlier are reported prone to this 
vulnerability.

14. Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability
BugTraq ID: 12432
Remote: Yes
Date Published: Feb 02 2005
Relevant URL: http://www.securityfocus.com/bid/12432
Summary:
The Squid proxy server is vulnerable to a remotely exploitable buffer 
overflow vulnerability.  The vulnerability is in its implementation of 
WCCP (web cache communication protocol), a UDP based web cache 
management protocol.  The condition is triggered when it reads a packet from the 
network that is larger than the size of the buffer allocated to store 
it.  This can occur because recvfrom() is passed an incorrect value for 
its "len" argument.

15. Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vu...
BugTraq ID: 12433
Remote: Yes
Date Published: Feb 02 2005
Relevant URL: http://www.securityfocus.com/bid/12433
Summary:
Squid Proxy is reported prone to a cache poisoning vulnerability when 
processing malformed HTTP requests and responses.  This issue results 
from insufficient sanitzation of user-supplied data.

Squid versions 2.5 and earlier are reported prone to this issue.

16. D-BUS Session Bus Local Privilege Escalation Vulnerability
BugTraq ID: 12435
Remote: No
Date Published: Feb 03 2005
Relevant URL: http://www.securityfocus.com/bid/12435
Summary:
A local privilege escalation vulnerability affects D-BUS. This issue is 
due to a failure of the application to properly secure message bus 
sessions. 

An attacker may leverage this issue to send messages to the message bus 
of an unsuspecting user. This may facilitate command execution with the 
privileges of the unsuspecting user, ultimately leading to privilege 
escalation.

17. Python SimpleXMLRPCServer Library Module Unauthorized Access...
BugTraq ID: 12437
Remote: Yes
Date Published: Feb 03 2005
Relevant URL: http://www.securityfocus.com/bid/12437
Summary:
A remote unauthorized access vulnerability affects Python.  This issue 
is due to a failure of the API to properly secure access to sensitive 
internal data or functionality of registered objects and modules.

A remote attacker may leverage this issue to gain unauthorized access 
to an affected computer. Other attacks are also possible.

18. SunShop Shopping Cart Cross-Site Scripting Vulnerability
BugTraq ID: 12438
Remote: Yes
Date Published: Feb 03 2005
Relevant URL: http://www.securityfocus.com/bid/12438
Summary:
SunShop Shopping Cart is reportedly affected by a cross-site scripting 
vulnerability.  This issue is due to the application failing to 
properly sanitize user-supplied input.

This issue is reported to affect SunShop Shopping Cart version 3.4RC1; 
earlier versions may also be affected.

19. Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflo...
BugTraq ID: 12441
Remote: No
Date Published: Feb 03 2005
Relevant URL: http://www.securityfocus.com/bid/12441
Summary:
An integer overflow vulnerability is reported in the Linux kernel 
'ipv6_setsockopt()' system call. This issue is related to the code for 
handling the IPV6_PKTOPTIONS socket option, which is used to provide the 
kernel with IPv6 options for a designation socket. 

This issue may be exploited by a local user to compromise the system. 
Exploitation could also result in a denial of service.  It should be 
noted that this type of vulnerability might provide a generic means of 
privilege escalation across Linux distributions once a remote attacker has 
gained unauthorized access as a lower privileged user.

**Update: Conflicting reports suggest that this issue is not in fact a 
vulnerability. It is reported that the 'optlen' value is sanitized in 
'linux/net/socket.c' before reaching the code that is reported 
vulnerable.

20. ht://Dig Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 12442
Remote: Yes
Date Published: Feb 03 2005
Relevant URL: http://www.securityfocus.com/bid/12442
Summary:
ht://Dig is reported prone to an unspecified cross-site scripting 
vulnerability.  This issue is due to a failure of the application to 
properly sanitize user-supplied URI data prior to including it in dynamically 
generated Web page content. 

All versions of ht://Dig are considered vulnerable at the moment.

This BID will be updated when more information becomes available.

21. Postfix IPv6 Unauthorized Mail Relay Vulnerability
BugTraq ID: 12445
Remote: Yes
Date Published: Feb 04 2005
Relevant URL: http://www.securityfocus.com/bid/12445
Summary:
Postfix is prone to a vulnerability that allows the application to be 
abused as a mail relay.

Arbitrary mail may be sent to any MX host with an IPv6 address.  This 
could be exploited by spammers or other malicious parties.

Postfix 2.1.3 is reported prone to this issue.  It is possible that 
other versions are affected as well.

22. PowerDNS Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 12446
Remote: Yes
Date Published: Feb 04 2005
Relevant URL: http://www.securityfocus.com/bid/12446
Summary:
PowerDNS is reported prone to an unspecified remote denial of service 
vulnerability.  It is conjectured that this issue likely results from 
the failure of the application to handle exceptional conditions.

PowerDNS versions prior to 2.9.17 are reported vulnerable to this 
issue.

23. Netgear DG834 ADSL Firewall Router Insecure Configuration Vu...
BugTraq ID: 12447
Remote: Yes
Date Published: Feb 04 2005
Relevant URL: http://www.securityfocus.com/bid/12447
Summary:
The Netgear DG834 ADSL Firewall Router is reported prone to a firewall 
insecure configuration vulnerability. It is reported that when the 
affected appliance is configured so that NAT (Network Address Translation) 
is disabled the firewall becomes ineffective.

This vulnerability will result in a false sense of security where a 
user may believe that their network and appliance is protected when it is 
not.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
NO NEW POSTS FOR THE WEEK 2005-02-01 to 2005-02-08.

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary: 

CoreGuard System profile

The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates 
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.

CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets 
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits

2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary: 

Astaro Linux Firewall: All-in-one firewall, virus protection, content 
filtering and spam protection internet security software package for 
Linux. 
Free download for home users.

6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, 
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary: 

Low cost, easy to use Two Factor Authentication One Time Password token 
using the Cellular. Does not use SMS or communication, manages multiple 
OTP accounts - new technology. For any business that want a safer 
access to its Internet Services. More information at our site.
 
We also provide eAuthentication service for businesses that will not 
buy an Authentication product but would prefer to pay a monthly charge 
for authentication services from our our CAT Server.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. DigSig 1.3.2
By: 
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary: 

DigSig Linux kernel load module checks the signature of a binary before 
running it.  It inserts digital signatures inside the ELF binary and 
verify this signature before loading the binary. Therefore, it improves 
the security of the system by avoiding a wide range of malicious 
binaries like viruses, worms, Torjan programs and backdoors from running on 
the system.

2. Firestarter 1.0.0
By: Tomas Junnonen
Relevant URL: http://www.fs-security.com/
Platforms: Linux
Summary: 

Firestarter is graphical firewall tool for Linux. The program aims to 
combine
ease of use with powerful features, serving both desktop users and 
administrators.

3. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX, 
Windows 2000, Windows NT, Windows XP
Summary: 

NEPM is a very general, highly configurable, two part software system 
that monitors any type of logged data from IP networked equipment and 
reports it via E-mail and web pages. Current conditions and history from 
systems based on Windows NT/2000 and UNIX can be tracked and reported. 
Most major server, switch and router systems can be monitored, without 
running agents on the target systems.

4. BitDefender for qmail v1.5.5-2 
By: SOFTWIN <mmitu@bitdefender.com>
Relevant URL: http://www.bitdefender.com/bd/site/products.php?p_id=10
Platforms: Linux
Summary: 

BitDefender for qmail is a powerful antivirus software for Linux mail 
servers, which provides proactive protection of message traffic at the 
email server level, eliminating the risk to the entire network that 
could be caused by a negligent user. All messages, both sent and received, 
are scanned in real time, avoiding the possible infections and 
preventing anyone from sending an infected message. BitDefender claims 100% 
detection rate for all viruses in the wild (ITW) through its powerful 
scanning engines certified by the most prestigious testing labs (ICSA in 
February 2003, Virus Bulletin 100% in June 2003 and CheckMark in August 
2003).

5. Bilbo 0.11
By: Bart Somers
Relevant URL: http://doornenburg.homelinux.net/scripts/bilbo/
Platforms: FreeBSD, Linux
Summary: 

Bilbo is an automated, multithreaded nmap-scanner and reporter, capable 
of header fetching and matching the results against a database from 
previous scans.

6. Ipanto Secure 2.0
By: Ipanto
Relevant URL: http://www.ipanto.com/secure
Platforms: HP-UX, Linux, Solaris, UNIX
Summary: 

Ipanto Secure allows ISC based DHCP servers (UNIX, Linux) to send 
signed dynamic DNS updates to a Microsoft DNS, using the GSS-TSIG protocol.

VII. SPONSOR INFORMATION
-----------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------