| Date: | 1 Mar 2005 21:45:34 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #225 |
SecurityFocus Linux Newsletter #225
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Do We Need a New SPIM Law?
2. Apache 2 with SSL/TLS: Step-by-Step, Part 3
3. Changing the Notification Process
II. LINUX VULNERABILITY SUMMARY
1. Red Hat Enterprise Linux Kernel Multiple Vulnerabilities
2. PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabil...
3. UIM LibUIM Environment Variables Privilege Escalation Weakne...
4. Invision Power Board SML Code Script Injection Vulnerability
5. cURL / libcURL NTLM Authentication Buffer Overflow Vulnerabi...
6. Verity Ultraseek Search Request Cross-Site Scripting Vulnera...
7. PHPBB Multiple Remote Path Disclosure Vulnerabilities
8. PHPBB Arbitrary File Disclosure Vulnerability
9. PHPBB Arbitrary File Deletion Vulnerability
10. MediaWiki Multiple Unspecified Remote Vulnerabilities
11. Mono Unicode Character Conversion Multiple Cross-Site
Script...
12. Winace UnAce ACE Archive Remote Directory Traversal
Vulnerab...
13. Winace UnAce ACE Archive Multiple Remote Buffer Overflow
Vul...
14. ProZilla Initial Server Response Remote Client-Side Format
S...
15. ELOG Web Logbook Attached Filename Remote Buffer Overflow
Vu...
16. ELOG Web Logbook Multiple Remote Unspecified Vulnerabilities
17. Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability
18. Raven Software Soldier Of Fortune 2 Remote Denial Of
Service...
19. PHPWebSite Image File Processing Remote Arbitrary PHP File
U...
20. Mozilla Firefox Scrollbar Remote Code Execution
Vulnerabilit...
21. DNA MKBold-MKItalic Remote Format String Vulnerability
22. Mozilla Suite Multiple Remote Vulnerabilities
23. Gaim Remote Denial of Service Vulnerability
24. BSMTPD Remote Arbitrary Command Execution Vulnerability
25. PHP4 Readfile Denial Of Service Vulnerability
26. Gaim File Download Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Samba vs NFS (Thread)
2. RES: Samba vs NFS (Thread)
3. [U] Re: Samba vs NFS (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. KSB - Kernel Socks Bouncer 2.6.10
2. DigSig 1.3.2
3. Firestarter 1.0.0
4. Network Equipment Performance Monitor 2.2
5. BitDefender for qmail v1.5.5-2
6. Bilbo 0.11
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Do We Need a New SPIM Law?
By Mark Rasch
Existing statutes may not be enough to crack down on Instant Messaging
spammers.
http://www.securityfocus.com/columnists/303
2. Apache 2 with SSL/TLS: Step-by-Step, Part 3
By Artur Maj
This article concludes our three part series dedicated to configuring
Apache 2.0 with SSL/TLS support, for maximum security and optimal
performance of SSL based e-commerce transactions.
http://www.securityfocus.com/infocus/1823
3. Changing the Notification Process
By Daniel Hanson
Developers have the opportunity to offer better vendor security
procedures
and notifications in an open-source world.
http://www.securityfocus.com/columnists/302
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Red Hat Enterprise Linux Kernel Multiple Vulnerabilities
BugTraq ID: 12599
Remote: No
Date Published: Feb 19 2005
Relevant URL: http://www.securityfocus.com/bid/12599
Summary:
Red Hat Enterprise Linux kernel is reported prone to multiple
vulnerabilities. These issues may allow local attackers to carry out denial of
service attacks and gain elevated privileges.
The following specific issues were identified:
The Red Hat Enterprise Linux kernel is reported prone to two local
denial of service vulnerabilities.
Another issue affecting the Red Hat Enterprise Linux 4 kernel 4GB/4GB
split patch can allow local attackers to read and write to arbitrary
kernel memory.
These issues are reported to affect the Red Hat Enterprise Linux 4
kernel.
Due to lack of details, further information is not available at the
moment. This BID will be updated when more information becomes available.
2. PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabil...
BugTraq ID: 12601
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12601
Summary:
PuTTY, PSFTP and PSCP are reported prone to multiple integer overflow
vulnerabilities. The following individual issues are reported:
The first reported vulnerability, an integer overflow, exists in the
'fxp_readdir_recv()' function of the 'sftp.c' source file.
A remote malicious server may trigger this vulnerability in order to
execute arbitrary code in the context of the user that is running the
affected client. It should be noted that this vulnerability exists in a
code path that is executed after host key verification occurs, this may
hinder exploitation.
The second issue, another integer overflow, is reported to exist in the
'sftp_pkt_getstring()' of the 'sftp.c' source file.
A remote malicious server may trigger this vulnerability in order to
crash the affected client or to potentially execute arbitrary code. It
should be noted that this vulnerability exists in a code path that is
executed after host key verification occurs, this may also hinder
exploitation.
These vulnerabilities are reported to exist in versions of PSFTP and
PSCP prior to version 0.57.
3. UIM LibUIM Environment Variables Privilege Escalation Weakne...
BugTraq ID: 12604
Remote: No
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12604
Summary:
Uim is reported prone to an privilege escalation weakness. It is
reported that the Uim library will always trust user-supplied environment
variables, and that this may be exploited in circumstances where the Uim
library is linked to a setuid/setgid application.
An attacker that has local interactive to a system that has a
vulnerable application installed may potentially exploit this weakness to
escalate privileges.
4. Invision Power Board SML Code Script Injection Vulnerability
BugTraq ID: 12607
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12607
Summary:
Invision Power Board is reported prone to a JavaScript injection
vulnerability. It is reported that the SML Code 'COLOR' tag is not
sufficiently sanitized of malicious script content.
Since this could permit an attacker to inject hostile JavaScript into
the forum system, it is possible to steal cookie credentials or
misrepresent site content.
This vulnerability is reported to affect Invision Power Board version
1.3.1; previous versions might also be affected.
5. cURL / libcURL NTLM Authentication Buffer Overflow Vulnerabi...
BugTraq ID: 12615
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12615
Summary:
It has been reported that cURL and libcURL are vulnerable to a remotely
exploitable stack-based buffer overflow vulnerability. The cURL and
libcURL NTML response processing code fails to ensure that a buffer
overflow cannot occur when response data is decoded.
The overflow occurs in the stack region, and remote code execution is
possible if the saved instruction pointer is overwritten with a pointer
to embedded instructions.
6. Verity Ultraseek Search Request Cross-Site Scripting Vulnera...
BugTraq ID: 12617
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12617
Summary:
A cross-site scripting vulnerability reportedly affects Verity
Ultraseek. This issue is due to a failure of the application to properly
sanitize user-supplied input prior to including it in dynamically generated
Web content.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
7. PHPBB Multiple Remote Path Disclosure Vulnerabilities
BugTraq ID: 12618
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12618
Summary:
phpBB is affected by multiple remote vulnerabilities.
The vendor has released phpBB 2.0.12 to address multiple path
disclosure vulnerabilities affecting prior versions. These issues can allow an
attacker to disclose sensitive data that may be used to launch further
attacks against a vulnerable computer.
Due to a lack of details, further information is not available at the
moment. It is possible that some of these issues were previously
identified in other BIDS. This is not confirmed at the moment. This BID
will be updated when more information becomes available.
8. PHPBB Arbitrary File Disclosure Vulnerability
BugTraq ID: 12621
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12621
Summary:
phpBB is affected by an arbitrary file disclosure vulnerability. This
issue arises due to an input validation error allowing an attacker to
disclose files in the context of a Web server running the application.
This may allow the attacker to gain access to sensitive data that may
be used to carry out further attacks against a vulnerable computer.
A successful attack requires the attacker to have a user account and
the presence of some non-default settings allowing for the uploading of
remote avatars.
phpBB 2.0.11 and prior versions are affected by this issue.
9. PHPBB Arbitrary File Deletion Vulnerability
BugTraq ID: 12623
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12623
Summary:
phpBB is affected by an arbitrary file deletion vulnerability. This
issue arises due to an input validation error allowing an attacker to
delete files in the context of a Web server running the application
It is reported that this issue allows an attacker to influence calls to
the 'unlink()' function and delete arbitrary files. Due to a lack of
input validation, an attacker can supply directory traversal sequences
followed by an arbitrary file name through the 'avatarselect' return
value to delete specific files.
phpBB 2.0.11 and prior versions are affected by this issue.
10. MediaWiki Multiple Unspecified Remote Vulnerabilities
BugTraq ID: 12625
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12625
Summary:
MediaWiki is reported prone to multiple remote vulnerabilities. The
following individual issues are reported:
An unspecified cross-site scripting vulnerability is reported to affect
MediaWiki.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user.
An unspecified directory traversal vulnerability is reported to affect
MediaWiki. The issue is reported to exist in the site administration
image deletion functionality.
A privileged remote attacker may exploit this vulnerability to deny
service for legitimate users.
11. Mono Unicode Character Conversion Multiple Cross-Site Script...
BugTraq ID: 12626
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12626
Summary:
It is reported that Mono is prone to various cross-site scripting
attacks. These issues result from insufficient sanitization of user-supplied
data and arise when Mono converts Unicode characters ranging from
U+ff00-U+ff60 to ASCII.
Mono 1.0.5 is reported vulnerable, however, other versions may be
affected as well.
This issue is related to BID 12574 (Microsoft ASP.NET Unicode Character
Conversion Multiple Cross-Site Scripting Vulnerabilities).
12. Winace UnAce ACE Archive Remote Directory Traversal Vulnerab...
BugTraq ID: 12628
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12628
Summary:
A remotely exploitable client-side directory traversal vulnerability
affects Winace UnAce. This issue is due to a failure of the application
to properly sanitize file and directory names contained within
malicious ACE format archives.
An attacker may leverage this issue by distributing malicious ACE
archives to unsuspecting users. This issue will allow an attacker to write
files to arbitrary locations on the file system with the privileges of
an unsuspecting user that extracts the malicious ACE archive.
13. Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vul...
BugTraq ID: 12630
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12630
Summary:
Multiple remotely exploitable client-side buffer overflow
vulnerabilities reportedly affect Winace UnAce. These issues are due to a failure of
the application to properly validate the length of user-supplied
strings prior to copying them into static process buffers.
An attacker may exploit these issues to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.
14. ProZilla Initial Server Response Remote Client-Side Format S...
BugTraq ID: 12635
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12635
Summary:
A remote client-side format string vulnerability is reported to exist
in ProZilla. This issue is due to a failure of the application to
properly implement a formatted string function. The format string
vulnerability manifests when the affected application is handling initial server
responses that contain format string specifiers.
An attacker may leverage this issue to execute arbitrary code on an
affected computer with the privileges of an unsuspecting user that
activated the vulnerable application.
Prozilla versions up to an including version 1.3.7.3 are reported prone
to this vulnerability.
15. ELOG Web Logbook Attached Filename Remote Buffer Overflow Vu...
BugTraq ID: 12639
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12639
Summary:
ELOG Web Logbook is prone to a remote buffer overflow vulnerability.
The vulnerability is reported to exist due to a lack of sufficient
boundary checks performed on user-supplied data.
A remote attacker that can authenticate to the affected daemon may
leverage this issue to execute arbitrary instructions in the context of the
affected daemon.
This vulnerability is reported to affect ELOG versions up to and
including version 2.5.6.
16. ELOG Web Logbook Multiple Remote Unspecified Vulnerabilities
BugTraq ID: 12640
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12640
Summary:
ELOG Web Logbook is reported prone to multiple vulnerabilities. The
following individual issues are reported:
ELOG Web Logbook is reported prone to two remote heap-based buffer
overflow vulnerabilities. It is reported that the overflows may be
leveraged remotely to have arbitrary code executed in the context of the
affected daemon.
A directory traversal vulnerability is also reported to affect ELOG Web
Logbook; again, the details of this issue are not specified. It is
conjectured that this issue may be exploited by a remote attacker to
disclose sensitive information.
These vulnerabilities are reported to exist in ELOG versions up to and
including version 2.5.6. Other versions might also be affected.
17. Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability
BugTraq ID: 12643
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12643
Summary:
The Trend Micro VSAPI scan engine library is prone to a heap-based
buffer overflow vulnerability. This vulnerability may be triggered when
the library processes a malformed ARJ archive.
The vulnerability affects multiple Trend Micro products. It is also
noted that multiple attack vectors exist, as affected software may scan
ARJ files in email attachments, and through various file transfer
protocols.
18. Raven Software Soldier Of Fortune 2 Remote Denial Of Service...
BugTraq ID: 12650
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12650
Summary:
A remote denial of service vulnerability affects Raven Software Soldier
Of Fortune 2. This issue is due to a failure of the application to
handle excessively long values derived from network data.
An attacker may leverage this issue to cause an affected server to
crash, denying service to legitimate users.
19. PHPWebSite Image File Processing Remote Arbitrary PHP File U...
BugTraq ID: 12653
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12653
Summary:
phpWebSite is reported prone to a remote arbitrary PHP file upload
vulnerability. The issue presents itself due to a lack of sanitization
performed on image files that are uploaded when submitting an announcement.
A remote attacker may exploit this condition to execute arbitrary PHP
code in the context of the hosting web server process.
This vulnerability is reported to affect phpWebSite versions up to an
including version 0.10.0.
20. Mozilla Firefox Scrollbar Remote Code Execution Vulnerabilit...
BugTraq ID: 12655
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12655
Summary:
Reportedly a remote code execution vulnerability affects Mozilla
Firefox. This issue is due to a failure of the application to properly
restrict the access rights of Web content.
An attacker may leverage this issue to compromise security of the
affected browser; by exploiting this issue along with others (BIDs 12465 and
12466) it is possible to execute arbitrary code.
It should be noted that although only version 1.0 is reported
vulnerable, other versions may be vulnerable as well.
21. DNA MKBold-MKItalic Remote Format String Vulnerability
BugTraq ID: 12657
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12657
Summary:
A remote, client-side format string vulnerability reportedly affects
DNA mkbold-mkitalic. This issue is due to a failure of the application
to securely implement a formatted printing function.
An attacker may leverage this issue to have arbitrary code executed
with the privileges of an unsuspecting user that processes a malicious BDF
format font file.
22. Mozilla Suite Multiple Remote Vulnerabilities
BugTraq ID: 12659
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12659
Summary:
Multiple remote vulnerabilities affect Mozilla Suite, Firefox, and
Thunderbird. The following text outlines the issues that have been
disclosed.
Mozilla Foundation Security Advisory 2005-28 reports an insecure
temporary directory creation vulnerability affecting the plugin
functionality. A dialog box spoofing vulnerability is disclosed in Mozilla
Foundation Security Advisory 2005-22. A '.lnk' link file arbitrary file
overwrite vulnerability is reported in Mozilla Foundation Security Advisory
2005-21. Mozilla Foundation Security Advisory 2005-20 outlines an XSLT
stylesheet information disclosure vulnerability. Mozilla Foundation
Security Advisory 2005-19 outlines an information disclosure issue affecting
the form auto-complete functionality. A buffer overflow vulnerability
is disclosed in Mozilla Foundation Security Advisory 2005-18. Mozilla
Foundation Security Advisory 2005-17 outlines an installation
confirmation dialog box spoofing vulnerability. A heap overflow vulnerability in
UTF8 encoding is outlined in Mozilla Foundation Security Advisory
2005-15. Finally multiple SSL 'secure site' lock icon indicator spoofing
vulnerabilities are outlined in Mozilla Foundation Security Advisory
2005-15.
An attacker may leverage these issues to spoof dialog boxes, SSL
'secure site' icons, carry out symbolic link attacks, execute arbitrary code,
and disclose potentially sensitive information.
Please note that this BID will be separated into individual BIDs as
soon as further research into each of the vulnerabilities is completed. At
that time this BID will be retired.
23. Gaim Remote Denial of Service Vulnerability
BugTraq ID: 12660
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12660
Summary:
Gaim is affected by a remote denial of service vulnerability. This
issue can allow remote attackers to crash an affected client.
A vulnerability in the client arises during the parsing of malformed
HTML data. This issue is nearly identical to that reported in BID 12589
but is a separate issue.
Gaim versions prior to 1.1.4 are affected by this issue.
24. BSMTPD Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 12661
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12661
Summary:
The bsmtpd daemon is reported prone to a remote arbitrary command
execution vulnerability.
A remote attacker may exploit his condition to execute arbitrary shell
commands in the context of the affected bsmtpd daemon.
25. PHP4 Readfile Denial Of Service Vulnerability
BugTraq ID: 12665
Remote: No
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12665
Summary:
PHP4 is reported prone to a denial of service vulnerability. It is
reported that the PHP 'readfile()' function may be utilized to trigger this
issue.
An attacker that has access to a PHP enabled web host may exploit this
vulnerability to crash the HTTP server that is incorporating the
vulnerable PHP module.
26. Gaim File Download Denial of Service Vulnerability
BugTraq ID: 12667
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12667
Summary:
Gaim is affected by a denial of service vulnerability during the
download of a file. This issue can allow remote attackers to cause an
affected client to fail.
A vulnerablity in the client arises when it tries to download a file
with bracket characters '(' ')' in the file name.
Gaim version 1.1.3 is reported to be affected by this vulnerability;
other versions may also be vulnerable.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Samba vs NFS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/391832
2. RES: Samba vs NFS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/391299
3. [U] Re: Samba vs NFS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/391283
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects
full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26
uses a character device to pass socks5 and target ips to the Linux
Kernel. I have choosen to write in kernel space to enjoy myself [I know
that there are easier and safer ways to write this in userspace].
2. DigSig 1.3.2
By:
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary:
DigSig Linux kernel load module checks the signature of a binary before
running it. It inserts digital signatures inside the ELF binary and
verify this signature before loading the binary. Therefore, it improves
the security of the system by avoiding a wide range of malicious
binaries like viruses, worms, Torjan programs and backdoors from running on
the system.
3. Firestarter 1.0.0
By: Tomas Junnonen
Relevant URL: http://www.fs-security.com/
Platforms: Linux
Summary:
Firestarter is graphical firewall tool for Linux. The program aims to
combine
ease of use with powerful features, serving both desktop users and
administrators.
4. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX,
Windows 2000, Windows NT, Windows XP
Summary:
NEPM is a very general, highly configurable, two part software system
that monitors any type of logged data from IP networked equipment and
reports it via E-mail and web pages. Current conditions and history from
systems based on Windows NT/2000 and UNIX can be tracked and reported.
Most major server, switch and router systems can be monitored, without
running agents on the target systems.
5. BitDefender for qmail v1.5.5-2
By: SOFTWIN <mmitu@bitdefender.com>
Relevant URL: http://www.bitdefender.com/bd/site/products.php?p_id=10
Platforms: Linux
Summary:
BitDefender for qmail is a powerful antivirus software for Linux mail
servers, which provides proactive protection of message traffic at the
email server level, eliminating the risk to the entire network that
could be caused by a negligent user. All messages, both sent and received,
are scanned in real time, avoiding the possible infections and
preventing anyone from sending an infected message. BitDefender claims 100%
detection rate for all viruses in the wild (ITW) through its powerful
scanning engines certified by the most prestigious testing labs (ICSA in
February 2003, Virus Bulletin 100% in June 2003 and CheckMark in August
2003).
6. Bilbo 0.11
By: Bart Somers
Relevant URL: http://doornenburg.homelinux.net/scripts/bilbo/
Platforms: FreeBSD, Linux
Summary:
Bilbo is an automated, multithreaded nmap-scanner and reporter, capable
of header fetching and matching the results against a database from
previous scans.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------