| Date: | 19 Apr 2005 21:51:41 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #232 |
SecurityFocus Linux Newsletter #232
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network based Intrusion Detection Systems, giving you a comprehensive
view of your computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Privacy From the Trenches
2. Introduction to Spyware Keyloggers
3. Watching the Watchers
II. LINUX VULNERABILITY SUMMARY
1. PostNuke Phoenix SID Parameter Remote SQL Injection Vulnerab...
2. Sun J2SE Software Development Kit Java Archive Tool Director...
3. OpenOffice Malformed Document Remote Heap Overflow Vulnerabi...
4. Pine RPDump Local File Corruption Vulnerability
5. RSnapshot Local File Permission Manipulation Vulnerability
6. KDE PCX Image File Handling Buffer Overflow Vulnerability
7. Invision Power Board ST Parameter SQL Injection Vulnerabilit...
8. Computer Associates BrightStor ARCserve Backup UniversalAgen...
9. Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of ...
10. Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow
V...
11. Salim Gasmi GLD Postfix Greylisting Daemon Format String
Vul...
12. EGroupWare EMail Attachment Information Disclosure
Vulnerabi...
13. CPIO CHMod File Permission Modification Race Condition
Weakn...
14. PHP Group Exif Module IFD Tag Integer Overflow Vulnerability
15. PHP Group Exif Module IFD Nesting Denial Of Service
Vulnerab...
16. Squid Proxy Aborted Connection Remote Denial Of Service
Vuln...
17. Opera SSL Security Feature Design Error Vulnerability
18. Kerio MailServer WebMail Remote Resource Exhaustion
Vulnerab...
19. Monkey HTTP Daemon CGI Processor Format String Vulnerability
20. Monkey HTTP Daemon Zero Length File Request Denial Of
Servic...
21. Libsafe Multi-threaded Process Race Condition Security
Bypas...
22. GOCR ReadPGM NetPBM Remote Client-Side Integer Overflow
Vuln...
23. GOCR ReadPGM Remote Client-Side Buffer Overflow
Vulnerabilit...
24. PHP-Nuke Surveys Module HTTP Response Splitting
Vulnerabilit...
III. LINUX FOCUS LIST SUMMARY
1. PAKCON II: Call for Papers (CfP - 2005) (Thread)
2. Announcing PAKCON II (2005)! (Thread)
3. Any way to automatically change arbitrary headers of...
(Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. NuFW 1.0.0
2. ldaupenum 0.02alpha
3. File System Saint 1.02a
4. Umbrella v0.5
5. Travesty 1.0
6. OCS 0.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Privacy From the Trenches
By Scott Granneman
The recent string of high profile security breaches doesn't even hit
the
radar of the average user worried about the privacy of his personal
information.
http://www.securityfocus.com/columnists/317
2. Introduction to Spyware Keyloggers
By Sachin Shetty
The purpose of this article is to discuss keyloggers found in spyware
applications, including their detection, features, and removal.
http://www.securityfocus.com/infocus/1829
3. Watching the Watchers
By Matthew Tanase
Misuse of database information by insiders happens everyday, and
there's
little we can do about it.
http://www.securityfocus.com/columnists/318
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. PostNuke Phoenix SID Parameter Remote SQL Injection Vulnerab...
BugTraq ID: 13077
Remote: Yes
Date Published: Apr 08 2005
Relevant URL: http://www.securityfocus.com/bid/13077
Summary:
A remote SQL Injection vulnerability affects PostNuke Phoenix. This
issue is due to a failure of the application to properly sanitize
user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the
underlying database. This may facilitate theft sensitive information,
potentially including authentication credentials, and data corruption.
2. Sun J2SE Software Development Kit Java Archive Tool Director...
BugTraq ID: 13083
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13083
Summary:
The Java Archive Tool is reported vulnerable to a directory traversal
vulnerability.
An attacker can supply a malicious archive containing files named with
'../' directory traversal sequences, which can potentially overwrite
existing data during extraction.
Sun Java 2 Standard Edition versions 1.5.0 and 1.4.2 for both Linux and
Microsoft Windows platforms are reported vulnerable. Other vendors
using the technology may be affected as well.
3. OpenOffice Malformed Document Remote Heap Overflow Vulnerabi...
BugTraq ID: 13092
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13092
Summary:
OpenOffice is reported prone to a remote heap overflow vulnerability.
An attacker may exploit this issue by crafting a malformed .doc file
and enticing a user to open this file with the affected application. If
a vulnerable user opens this file in OpenOffice, the application may
crash due to memory corruption. This issue may also be leveraged to
execute arbitrary code in the context of the user running OpenOffice.
OpenOffice 1.1.4 and 2.0 Beta are reported vulnerable to this issue.
4. Pine RPDump Local File Corruption Vulnerability
BugTraq ID: 13093
Remote: No
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13093
Summary:
Pine 'rpdump' is reported prone to a race condition vulnerability. The
issue exists because a window of opportunity exists between the time
that the software checks if a user supplied local file exists, and the
time that the file is opened for writing.
If 'rpdump' is being invoked against an existing file that resides in a
local world-writable directory, an attacker may potentially replace the
file with a hardlink to a target file. The attacker may accomplish this
while the vulnerable software is processing the remote file. If
successful, data that was supposed for the existing file will instead be
written to the linked file.
Pine version 4.62 is reported vulnerable, other versions might also be
affected.
5. RSnapshot Local File Permission Manipulation Vulnerability
BugTraq ID: 13095
Remote: No
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13095
Summary:
A local file privileges manipulation vulnerability affects rsnapshot.
This issue is due to a design error that causes the failure of the
utility to properly assign permissions on files referenced by symbolic link
files.
An attacker may leverage this issue to change the permissions on
arbitrary files backed up by the affected utility. Specifically an attacker
can claim ownership of the target file.
6. KDE PCX Image File Handling Buffer Overflow Vulnerability
BugTraq ID: 13096
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13096
Summary:
KDE is reported prone to a PCX image file handling buffer overflow
vulnerability. This issue is due to a failure of the 'kimgio' image library
to properly validate PCX image data.
This vulnerability was reported to exist in PCX image handling
routines, but other image handlers have been patched by the vendor. It is
therefore possible that other image file formats may also be affected by
similar problems.
Attackers may exploit this vulnerability to crash applications
utilizing the affected library, or possibly cause arbitrary machine code to be
executed in the context of the application utilizing the affected
library.
7. Invision Power Board ST Parameter SQL Injection Vulnerabilit...
BugTraq ID: 13097
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13097
Summary:
Invision Power Board is reported prone to an SQL injection
vulnerability. Due to improper filtering of user-supplied data, attackers may pass
SQL statements to the underlying database through the 'st' parameter.
Invision Power Board 1.3.1 and prior versions are affected by this
issue.
8. Computer Associates BrightStor ARCserve Backup UniversalAgen...
BugTraq ID: 13102
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13102
Summary:
A remote buffer overflow vulnerability reportedly affects BrightStor
ARCserve and ARCserve Enterprise agent. This issue is due to a failure
of the application to securely copy data from the network.
A remote attacker may exploit this issue to execute arbitrary code on a
vulnerable computer, potentially facilitating unauthorized superuser
access. A denial of service condition may arise as well.
Computer Associates BrightStor ARCserve Backup version v11 for Win32
platforms is reported prone to this issue. Other versions might also be
affected.
9. Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of ...
BugTraq ID: 13124
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13124
Summary:
Multiple vendor implementations of TCP/IP Internet Control Message
Protocol (ICMP) are reported prone to several denial of service attacks.
ICMP is employed by network nodes to determine certain automatic
actions to take based on network failures reported by an ICMP message.
It is reported that for ICMP error messages, no security checks are
recommended by the RFC. As long as an ICMP message contains a valid source
and destination IP address and port pair, it will be accepted for an
associated connection.
The following individual attacks are reported:
A blind connection-reset attack is reported to affect multiple vendors.
This attack takes advantage of the specification that describes that on
receiving a 'hard' ICMP error, the corresponding connection should be
aborted. The Mitre ID CAN-2004-0790 is assigned to this issue.
A remote attacker may exploit this issue to terminate target TCP
connections and deny service for legitimate users.
An ICMP Source Quench attack is reported to affect multiple vendors.
This attack takes advantage of the specification that a host must react
to receive ICMP Source Quench messages by slowing transmission on the
associated connection. The Mitre ID CAN-2004-0791 is assigned to this
issue.
A remote attacker may exploit this issue to degrade the performance of
TCP connections and partially deny service for legitimate users.
An attack against ICMP PMTUD is reported to affect multiple vendors
when they are configured to employ PMTUD. By sending a suitable forged
ICMP message to a target host an attacker may reduce the MTU for a given
connection. The Mitre ID CAN-2004-1060 is assigned to this issue.
A remote attacker may exploit this issue to degrade the performance of
TCP connections and partially deny service for legitimate users.
**Update: It is reported that Microsoft platforms are also prone to
these issues.
10. Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow V...
BugTraq ID: 13129
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13129
Summary:
It is reported that GLD contains a buffer overflow vulnerability. This
issue is due to a failure of the application to properly ensure that a
fixed-size memory buffer is sufficiently large prior to copying
user-supplied input data into it.
Remote attackers may exploit this vulnerability to cause arbitrary
machine code to be executed in the context of the affected service. As the
service is designed to be run as the superuser, remote attackers may
gain superuser privileges on affected computers.
GLD version 1.4 is reportedly affected, but prior versions may also be
affected.
11. Salim Gasmi GLD Postfix Greylisting Daemon Format String Vul...
BugTraq ID: 13133
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13133
Summary:
It is reported that GLD contains a format string vulnerability. This
issue is due to a failure of the application to properly sanitize
user-supplied input data prior to using it in a formatted-printing function.
Remote attackers may exploit this vulnerability to cause arbitrary
machine code to be executed in the context of the affected service. As the
service is designed to be run as the superuser, remote attackers may
gain superuser privileges on affected computers.
GLD version 1.4 is reportedly affected, but prior versions may also be
affected.
12. EGroupWare EMail Attachment Information Disclosure Vulnerabi...
BugTraq ID: 13137
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13137
Summary:
An information disclosure vulnerability affects eGroupWare. This issue
is due to a failure of the application to properly handle access to
email attachments.
This issue may result in a disclosure of email attachments; attachments
may be sent to individuals that the sender did not intend to grant
access to.
13. CPIO CHMod File Permission Modification Race Condition Weakn...
BugTraq ID: 13159
Remote: No
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13159
Summary:
cpio is prone to a security weakness. The issue is only present when an
archive is extracted into a world or group writeable directory. It has
been reported that cpio employs non-atomic procedures to write a file
and later change the permissions on the newly extracted file.
A local attacker may leverage this issue to modify file permissions of
target files.
This weakness affects cpio version 2.6 and previous versions.
14. PHP Group Exif Module IFD Tag Integer Overflow Vulnerability
BugTraq ID: 13163
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13163
Summary:
PHP is prone to an integer overflow vulnerability in the EXIF module.
This issue is exposed when malformed IFD (Image File Directory) tags
are processed.
This issue could manifest itself in Web applications that allow users
to upload images. Any other application that processes untrusted EXIF
image data could also be exposed to attacks. Successful exploitation
may allow for execution of arbitrary code.
This vulnerability may be one of the issues described in BID 13143 "PHP
Group PHP Multiple Unspecified Vulnerabilities".
15. PHP Group Exif Module IFD Nesting Denial Of Service Vulnerab...
BugTraq ID: 13164
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13164
Summary:
PHP is prone to a denial of service vulnerability. This issue occurs
when deeply nested EXIF IFD (Image File Directory) data is processed.
This issue could manifest itself in Web applications that allow users
to upload images.
This vulnerability may be one of the issues described in BID 13143 "PHP
Group PHP Multiple Unspecified Vulnerabilities".
16. Squid Proxy Aborted Connection Remote Denial Of Service Vuln...
BugTraq ID: 13166
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13166
Summary:
A remote denial of service vulnerability affects the Squid Proxy. This
issue is due to a failure of the application to properly handle
exceptional network requests. The problem presents itself when a remote
attacker prematurely aborts a connection during a PUT or POST request.
A remote attacker may leverage this issue to crash the affected Squid
Proxy, denying service to legitimate users.
17. Opera SSL Security Feature Design Error Vulnerability
BugTraq ID: 13176
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13176
Summary:
Opera is prone to a design error that can result in a false sense of
security. The issue exists in a security feature that is available in
Opera version 8 Beta 3. The new security feature displays the Organization
name derived from an SSL certificate in the Opera tab of an SSL secured
site.
Because the Organization name of an SSL certificate is not intended to
be unique, this issue may be exploited and result in a false sense of
security for users.
18. Kerio MailServer WebMail Remote Resource Exhaustion Vulnerab...
BugTraq ID: 13180
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13180
Summary:
Kerio MailServer is prone to a remote resource exhaustion vulnerability
in the WebMail service. This issue is due to a failure of the
application to properly handle exceptional conditions.
A remote attacker may leverage this issue to cause the affected
application to hang, possibly denying service to legitimate users.
The vendor has addressed this issue in Kerio MailServer 6.0.9; earlier
versions are reported vulnerable.
19. Monkey HTTP Daemon CGI Processor Format String Vulnerability
BugTraq ID: 13187
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13187
Summary:
Monkey HTTP Daemon is prone to a format string vulnerability in the CGI
processor. Successful exploitation allows execution of arbitrary code
with the privileges of the server.
20. Monkey HTTP Daemon Zero Length File Request Denial Of Servic...
BugTraq ID: 13188
Remote: Yes
Date Published: Apr 13 2005
Relevant URL: http://www.securityfocus.com/bid/13188
Summary:
Monkey HTTP Daemon is prone to a remotely exploitable denial of service
vulnerability. Though unconfirmed, this issue may be triggered when
handling malformed file requests.
21. Libsafe Multi-threaded Process Race Condition Security Bypas...
BugTraq ID: 13190
Remote: Yes
Date Published: Apr 15 2005
Relevant URL: http://www.securityfocus.com/bid/13190
Summary:
Libsafe will normally kill an application when certain types of memory
corruption are detected, preventing exploitation of some buffer
overflow and format string vulnerabilities. A weakness has been reported that
may allow Libsafe security failsafe mechanisms to be bypassed.
This vulnerability is due to a race condition that may be exposed when
Libsafe is used with multi-threaded applications. The result is that
Libsafe security features may be bypassed and an attack that would
ordinarily be prevented may succeed. It should be noted that this is an
implementation error in Libsafe that does not present a security risk
unless there is a memory corruption vulnerability in a multi-threaded
application on an affected computer.
This issue was reported in Libsafe 2.0-16. Other versions may also be
affected.
22. GOCR ReadPGM NetPBM Remote Client-Side Integer Overflow Vuln...
BugTraq ID: 13195
Remote: Yes
Date Published: Apr 15 2005
Relevant URL: http://www.securityfocus.com/bid/13195
Summary:
A remote, client-side integer overflow vulnerability affects GOCR. This
issue is due to a failure of the application to properly validate
user-supplied image size values prior to using them to copy image data into
static process buffers.
An attacker may exploit this issue to overflow a process buffer and
execute arbitrary code with the privileges of the user that activated the
vulnerable application. This may facilitate unauthorized access or
privilege escalation.
23. GOCR ReadPGM Remote Client-Side Buffer Overflow Vulnerabilit...
BugTraq ID: 13197
Remote: Yes
Date Published: Apr 15 2005
Relevant URL: http://www.securityfocus.com/bid/13197
Summary:
A remote, client-side buffer overflow vulnerability affects GOCR. This
issue is due to a failure of the application to properly validate
user-supplied string sizes prior to using them to copy image data into
static process buffers.
An attacker may exploit this issue to overflow a process buffer and
execute arbitrary code with the privileges of the user that activated the
vulnerable application. This may facilitate unauthorized access or
privilege escalation.
24. PHP-Nuke Surveys Module HTTP Response Splitting Vulnerabilit...
BugTraq ID: 13201
Remote: Yes
Date Published: Apr 15 2005
Relevant URL: http://www.securityfocus.com/bid/13201
Summary:
PHP-Nuke is prone to a HTTP response splitting vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input.
A remote attacker may exploit this vulnerability to influence or
misrepresent how Web content is served, cached or interpreted. This could aid
in various attacks that attempt to entice client users into a false
sense of trust.
This issue is reported to affect PHP-Nuke version 7.6; earlier versions
may also be vulnerable.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. PAKCON II: Call for Papers (CfP - 2005) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/396097
2. Announcing PAKCON II (2005)! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/396095
3. Any way to automatically change arbitrary headers of... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/396045
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. NuFW 1.0.0
By: INL
Relevant URL: http://www.nufw.org
Platforms: Linux
Summary:
NuFW performs an authentication of every single connections passing
through the IP filter, by transparently requesting user's credentials
before any filtering decision is taken. Practically, this brings the notion
of user ID down to the IP layers.
2. ldaupenum 0.02alpha
By: Roni Bachar & Sol Zehnwirth
Relevant URL: https://sourceforge.net/projects/ldapenum
Platforms: Linux, Perl (any system supporting perl), Windows 2000,
Windows 95/98, Windows NT, Windows XP
Summary:
ldapenum is a perl script designed to enumerate system and password
information from domain controllers using the LDAP service when IPC$ is
locked. The script has been tested on windows and linux.
3. File System Saint 1.02a
By: Joshua Fritsch
Relevant URL: http://www.unixgeeks.org/saint
Platforms: Linux, UNIX
Summary:
A fast, flexible, lightweight perl-based host IDS.
4. Umbrella v0.5
By: Umbrella
Relevant URL: http://umbrella.sf.net/
Platforms: Linux
Summary:
A combination of process-based access control (PBAC) and authentication
of binaries (like DigSig) - in addition the binaries have the security
policy included within the binary, thus when it is executed, the policy
is applied to the corrosponding process. Umbrella provides developers
with a "restricted fork" which enables him to further restrict a
sub-process from e.g. accessing the network.
5. Travesty 1.0
By: Robert Wesley McGrew
Relevant URL: http://cse.msstate.edu/~rwm8/travesty/
Platforms: Linux
Summary:
Travesty is an interactive program for managing the hardware addresses
(MAC) of ethernet devices on your computer. It supports manually
changing the MAC, generating random addresses, and applying different vendor
prefixes to the current address.
It also allows the user to import their own lists of hardware
addresses and descriptions that can be navigated from within the Travesty
interface. Travesty is written in Python, and is very simple to add
functionality to, or modify.
6. OCS 0.1
By: OverIP
Relevant URL: http://hacklab.altervista.org/download/OCS.c
Platforms: Linux
Summary:
This is a very reliable and fast mass scanner for Cisco router with
telnet/enable default password.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
linux-secnews-unsubscribe@securityfocus.com from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network based Intrusion Detection Systems, giving you a comprehensive
view of your computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------