| Date: | 27 Apr 2005 17:04:43 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #233 |
SecurityFocus Linux Newsletter #233
------------------------------------
This Issue is Sponsored By: CanSecWest/core05
It won't affect you unless you run Linux, OSX, some BSDs, or Windows...
Can/SecWest/core05 - Vancouver, Canada - May 4-6 2005
World Security Pros. Cutting Edge Training, Tools, and Techniques
Security Masters Dojo May 3/4 2005
http://www.securityfocus.com/sponsor/CanSecWest_sf-news_050427
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Apple's Big Virus
2. Bluetooth Security Review, Part 1
II. LINUX VULNERABILITY SUMMARY
1. Webmin And Usermin Configuration File Unauthorized Access Vu...
2. Mozilla Suite And Firefox Search Plug-In Remote Script Code ...
3. Multiple Vendor TCP Session Acknowledgement Number Denial Of...
4. Mozilla Suite And Firefox Favicon Link Tag Remote Script Cod...
5. CVS Unspecified Buffer Overflow And Memory Access Vulnerabil...
6. Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vul...
7. Mozilla Suite And Firefox Blocked Pop-Up Window Remote Scrip...
8. Mozilla Suite And Firefox Global Scope Pollution Cross-Site ...
9. Mozilla Firefox Search Target Sidebar Panel Script Code Exec...
10. Mozilla Suite And Firefox XPInstall JavaScript Object
Instan...
11. Mozilla Suite And Firefox Document Object Model Nodes Code
E...
12. XV Image Decoders Multiple Unspecified Input Validation
Vuln...
13. XV Planetary Data System Image Decoder Unspecified Input
Val...
14. XV Planetary Data System Image Decoder Format String
Vulnera...
15. XV Tagged Image File Format Image Decoder Format String
Vuln...
16. XV Image File Name Remote Command Execution Vulnerability
17. RealNetworks RealPlayer Enterprise RAM File Parsing Buffer
O...
18. Linux Kernel Unw_Unwind_To_User Local Denial of Service
Vuln...
19. Linux Kernel Fib_Seq_Start Local Denial of Service
Vulnerabi...
20. MPlayer RTSP Server Line Response Remote Buffer Overflow
Vul...
21. MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability
22. Logwatch Secure Script Denial Of Service Vulnerability
23. Real Networks Helix Player Unspecified Vulnerability
24. PHProjekt Chatroom Text Submission HTML Injection
Vulnerabil...
25. GNU GZip Filename Directory Traversal Vulnerability
26. CPIO Filename Directory Traversal Vulnerability
27. KDE Kommander Unspecified Arbitrary Script Execution
Vulnera...
28. PixySoft E-Cart Cat Parameter Remote Command Execution
Vulne...
29. PixySoft E-Cart Art Parameter Remote Command Execution
Vulne...
III. LINUX FOCUS LIST SUMMARY
1. Any way to automatically change arbitrary headers of...
(Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Umbrella v0.6
2. Kernel Socks Bouncer 2.6.11
3. NuFW 1.0.0
4. ldaupenum 0.02alpha
5. File System Saint 1.02a
6. Travesty 1.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Apple's Big Virus
By Kelly Martin
After your identity has been stolen, your bank accounts compromised, 53
critical patches and 27 reboots later, when will you decide that you've
had
enough?
http://www.securityfocus.com/columnists/319
2. Bluetooth Security Review, Part 1
By Marek Bialoglowy
This two-part series looks at Bluetooth security and privacy issues,
including methods of detection, data loss prevention and social
engineering.
http://www.securityfocus.com/infocus/1830
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Webmin And Usermin Configuration File Unauthorized Access Vu...
BugTraq ID: 13205
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13205
Summary:
Usermin and Webmin are affected by a configuration file access
validation vulnerability. This issue is due to a design error that causes
certain configuration files to be assigned insecure permissions.
An attacker may leverage this issue to gain access to various,
potentially sensitive system configuration files. This may facilitate
privilege escalation or other attacks.
2. Mozilla Suite And Firefox Search Plug-In Remote Script Code ...
BugTraq ID: 13211
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13211
Summary:
A remote script code execution vulnerability affects Mozilla Suite and
Mozilla Firefox. This issue is due to a failure of the application to
provide secure access validation prior to carrying out remotely
supplied script code execution.
An attacker may leverage this issue to execute arbitrary code in the
context of a Web site that is being viewed by an unsuspecting user; if
the Web page being viewed is a privileged page, remote code execution is
possible. This may facilitate cross-site scripting as well as a
compromise of an affected computer.
It should be noted that this issue was previously reported in BID 13208
(Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And
Policy Bypass Vulnerabilities); it has been assigned its own BID.
3. Multiple Vendor TCP Session Acknowledgement Number Denial Of...
BugTraq ID: 13215
Remote: Yes
Date Published: Apr 18 2005
Relevant URL: http://www.securityfocus.com/bid/13215
Summary:
Multiple Vendor TCP/IP stack implementations are reported prone to a
denial of service vulnerability.
A report indicates that the vulnerability manifests when an erroneous
TCP acknowledgement number is encountered in an active TCP session
stream.
A successful attack may result in a degradation of the target
connection, effectively denying service for legitimate users. Additionally,
reports indicate that the computer being attacked may suffer CPU
performance degradation, potentially denying service for local users too.
4. Mozilla Suite And Firefox Favicon Link Tag Remote Script Cod...
BugTraq ID: 13216
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13216
Summary:
A remote script code execution vulnerability affects Mozilla Suite and
Mozilla Firefox. This issue is due to a failure of the application to
deny remote unauthorized access to trusted local interfaces.
An attacker may be able to exploit this issue to execute arbitrary
script code with the privileges of an unsuspecting user that activated the
affected Web browser. This may facilitate the installation and
execution of malicious applications on an affected computer.
It should be noted that this issue was previously reported in BID 13208
(Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And
Policy Bypass Vulnerabilities); it has been assigned its own BID.
5. CVS Unspecified Buffer Overflow And Memory Access Vulnerabil...
BugTraq ID: 13217
Remote: Yes
Date Published: Apr 18 2005
Relevant URL: http://www.securityfocus.com/bid/13217
Summary:
CVS is prone to unspecified buffer overflow, memory access
vulnerabilities, and a NULL pointer dereference denial of service.
It is conjectured that the issues may be leveraged by a remote
authenticated user to disclose regions of the CVS process memory, and to
corrupt CVS process memory. The two issues combined may lead to a remote
attacker reliably executing arbitrary code in the context of the vulnerable
process, although this is not confirmed.
This BID will be updated as soon as further information is made
available.
6. Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vul...
BugTraq ID: 13228
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13228
Summary:
A remote script code execution vulnerability affects Mozilla Firefox.
This issue is due to a failure of the application to deny remote
unauthorized access to malicious Plugin Finder Service links.
An attacker may be able to exploit this issue to execute arbitrary
script code with the privileges of an unsuspecting user that activated the
affected Web browser. This may facilitate the installation and
execution of malicious applications, subsequently facilitating unauthorized
access.
It should be noted that this issue was previously reported in BID 13208
(Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And
Policy Bypass Vulnerabilities); it has been assigned its own BID.
7. Mozilla Suite And Firefox Blocked Pop-Up Window Remote Scrip...
BugTraq ID: 13229
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13229
Summary:
A remote script code execution vulnerability affects Mozilla Suite and
Mozilla Firefox. This issue is due to a failure of the application to
execute JavaScript in blocked pop-up windows securely.
An attacker may be able to exploit this issue to execute arbitrary
script code with the privileges of an unsuspecting user that activated the
affected Web browser. This may facilitate the installation and
execution of malicious applications, subsequently facilitating unauthorized
access.
It should be noted that this issue was previously reported in BID 13208
(Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And
Policy Bypass Vulnerabilities); it has been assigned its own BID.
8. Mozilla Suite And Firefox Global Scope Pollution Cross-Site ...
BugTraq ID: 13230
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13230
Summary:
A remote cross-site scripting vulnerability affects Mozilla Suite and
Mozilla Firefox. This issue is due to a failure of the application to
properly clear stored parameters.
An attacker may exploit this issue to execute arbitrary script code in
the context of a page that is currently being viewed. This may
facilitate the theft of cookie based authentication credentials as well a other
attacks.
It should be noted that this issue was previously reported in BID 13208
(Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And
Policy Bypass Vulnerabilities); it has been assigned its own BID.
9. Mozilla Firefox Search Target Sidebar Panel Script Code Exec...
BugTraq ID: 13231
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13231
Summary:
A remote script code execution vulnerability affects Mozilla Firefox.
This issue is due to a failure of the application to securely run
script code targeted at the sidebar panel.
An attacker may be able to exploit this issue to execute arbitrary
script code with the privileges of an unsuspecting user that activated the
affected Web browser. This may facilitate the installation and
execution of malicious applications, subsequently facilitating unauthorized
access.
It should be noted that this issue was previously reported in BID 13208
(Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And
Policy Bypass Vulnerabilities); it has been assigned its own BID.
10. Mozilla Suite And Firefox XPInstall JavaScript Object Instan...
BugTraq ID: 13232
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13232
Summary:
Mozilla Suite and Mozilla Firefox are affected by an input validation
vulnerability. This issue is due to a failure in the application to
verify input passed to installation objects.
An attacker may be able to exploit this issue to execute malicious code
in the context of the affected browser, subsequently facilitating
unauthorized access.
It should be noted that this issue was previously reported in BID 13208
(Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And
Policy Bypass Vulnerabilities); it has been assigned its own BID.
11. Mozilla Suite And Firefox Document Object Model Nodes Code E...
BugTraq ID: 13233
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13233
Summary:
Mozilla Suite and Mozilla Firefox are affected by a code execution
vulnerability. This issue is due to a failure in the application to
properly verify Document Object Model (DOM) property values.
An attacker may leverage this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable Web browser,
ultimately facilitating a compromise of the affected computer.
It should be noted that this issue was previously reported in BID 13208
(Mozilla Suite Multiple Code Execution, Cross-Site Scripting, And
Policy Bypass Vulnerabilities); it has been assigned its own BID.
12. XV Image Decoders Multiple Unspecified Input Validation Vuln...
BugTraq ID: 13243
Remote: Yes
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13243
Summary:
Multiple unspecified input validation vulnerabilities affect xv. These
issues are due to a failure of the application to properly sanitize
input prior to using it to carry out critical functions.
Although unconfirmed, it is likely that these issues may be exploited
to cause the affected application to crash, and potentially execute
arbitrary commands or machine code. This BID will be updated and
potentially split into seperate BIDs with the release of further details.
13. XV Planetary Data System Image Decoder Unspecified Input Val...
BugTraq ID: 13244
Remote: Yes
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13244
Summary:
An unspecified input validation vulnerability affects xv. This issues
is due to a failure of the application to properly sanitize input prior
to using it to carry out critical functions.
Although unconfirmed, it is likely that these issues may be exploited
to cause the affected application to crash, and potentially execute
arbitrary commands or machine code. This BID will be updated with the
release of further details.
Reportedly this issue is distinct from those outlined in BID 13243 (XV
Image Decoders Multiple Unspecified Input Validation Vulnerabilities).
14. XV Planetary Data System Image Decoder Format String Vulnera...
BugTraq ID: 13245
Remote: Yes
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13245
Summary:
A remote, client-side format string vulnerability affects xv. This
issue is due to a failure of the application to securely implement a
formatted printing function.
An attacker may leverage this issue to execute arbitrary code with the
privileges of an unsuspecting user that activated the vulnerable
utility.
15. XV Tagged Image File Format Image Decoder Format String Vuln...
BugTraq ID: 13246
Remote: Yes
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13246
Summary:
A remote, client-side format string vulnerability affects xv. This
issue is due to a failure of the application to securely implement a
formatted printing function.
An attacker may leverage this issue to execute arbitrary code with the
privileges of an unsuspecting user that activated the vulnerable
utility.
16. XV Image File Name Remote Command Execution Vulnerability
BugTraq ID: 13247
Remote: Yes
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13247
Summary:
A remote, client-side command execution vulnerability affects xv. This
issue is due to a failure of the application to properly sanitize input
prior to using it to carry out critical functions.
An attacker may leverage this issue to execute arbitrary commands with
the privileges on an unsuspecting user.
17. RealNetworks RealPlayer Enterprise RAM File Parsing Buffer O...
BugTraq ID: 13264
Remote: Yes
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13264
Summary:
RealNetworks RealPlayer Enterprise is reported prone to a buffer
overflow vulnerability. It is reported that the issue manifests when a
malicious RAM file is parsed.
A remote attacker may exploit this vulnerability to execute arbitrary
code in the context of a user that uses a vulnerable version of the
media player to load a malicious RAM file.
18. Linux Kernel Unw_Unwind_To_User Local Denial of Service Vuln...
BugTraq ID: 13266
Remote: No
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13266
Summary:
A local denial of service vulnerability affects the Linux kernel.
A local attacker may leverage this issue to cause an affected Linux
kernel to panic, effectively denying service to legitimate users.
19. Linux Kernel Fib_Seq_Start Local Denial of Service Vulnerabi...
BugTraq ID: 13267
Remote: No
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13267
Summary:
A local denial of service vulnerability affects the Linux kernel.
A local attacker may leverage this issue to cause an affected Linux
kernel to panic, effectively denying service to legitimate users.
Although only the Linux kernel version 2.6.9 is reported vulnerable, it
is likely that other versions are vulnerable as well.
20. MPlayer RTSP Server Line Response Remote Buffer Overflow Vul...
BugTraq ID: 13270
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13270
Summary:
A remote heap-based buffer overflow vulnerability affects MPlayer. This
issue is due to a failure of the application to properly validate the
length of user-supplied strings prior to copying them into static
process buffers.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.
21. MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability
BugTraq ID: 13271
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13271
Summary:
A remote heap-based buffer overflow vulnerability affects MPlayer. This
issue is due to a failure of the application to properly validate the
length of user-supplied strings prior to copying them into static
process buffers.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.
22. Logwatch Secure Script Denial Of Service Vulnerability
BugTraq ID: 13273
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13273
Summary:
Logwatch is prone to a denial of vulnerability in the secure script.
This issue may be exploited by a local attacker who can inject a
malicious string into a log file, causing a denial of service condition. As
a result, the utility may not detect subsequent malicious activity.
23. Real Networks Helix Player Unspecified Vulnerability
BugTraq ID: 13280
Remote: Unknown
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13280
Summary:
An unspecified vulnerability affects Real Networks Helix Player. The
cause of this issue is currently unknown.
The potential impact of this issue is currently unknown; this BID will
be updated as more information is released.
It should be noted that it is likely that this issue corresponds with
that reported in BID 13264 (RealNetworks RealPlayer Enterprise RAM File
Parsing Buffer Overflow Vulnerability). If it is confirmed that this
issue corresponds to the RealPlayer issue, this BID will be retired.
Note: This BID is being retired as it has been confirmed that this
issue affecting Helix Player is the same issue affecting RealPlayer as
reported in BID 13264 (RealNetworks RealPlayer Enterprise RAM File Parsing
Buffer Overflow Vulnerability).
24. PHProjekt Chatroom Text Submission HTML Injection Vulnerabil...
BugTraq ID: 13286
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13286
Summary:
PHProjekt is prone to an HTML injection vulnerability in the Chatroom
text submission form. The application fails to sanitize user-supplied
input that is in turn displayed to all users of the chatroom.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
25. GNU GZip Filename Directory Traversal Vulnerability
BugTraq ID: 13290
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13290
Summary:
gzip is prone to a directory traversal vulnerability. The issue
manifests when gunzip is invoked on a malicious archive using the '-N' switch.
An archive containing an absolute path for a filename that contains '/'
characters, results in the file getting written using the absolute path
contained in the filename.
A remote attacker may leverage this issue using a malicious archive to
corrupt arbitrary files with the privileges of the user that is running
the vulnerable software.
26. CPIO Filename Directory Traversal Vulnerability
BugTraq ID: 13291
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13291
Summary:
cpio is prone to a directory traversal vulnerability. The issue
manifests when cpio is invoked on a malicious archive.
An archive containing an absolute path for a filename that contains '/'
characters, results in the file getting written using the absolute path
contained in the filename.
A remote attacker may leverage this issue using a malicious archive to
corrupt arbitrary files with the privileges of the user that is running
the vulnerable software.
27. KDE Kommander Unspecified Arbitrary Script Execution Vulnera...
BugTraq ID: 13313
Remote: Yes
Date Published: Apr 22 2005
Relevant URL: http://www.securityfocus.com/bid/13313
Summary:
KDE Kommander is prone to a vulnerability that could allow arbitrary
script code to be executed without user interaction. Such code would
execute in the security context of the user running Kommander.
This issue was reported to affect Quanta 3.1.x and KDE from 3.2 to
3.4.0.
28. PixySoft E-Cart Cat Parameter Remote Command Execution Vulne...
BugTraq ID: 13316
Remote: Yes
Date Published: Apr 22 2005
Relevant URL: http://www.securityfocus.com/bid/13316
Summary:
PixySoft E-Cart is prone to a remote arbitrary command execution
vulnerability. This issue presents itself due to insufficient sanitization
of user-supplied data.
Specifically, the user-specified 'cat' URI parameter is supplied to a
Perl open() routine.
PixySoft E-Cart versions 1.1 is reported vulnerable to this issue.
29. PixySoft E-Cart Art Parameter Remote Command Execution Vulne...
BugTraq ID: 13321
Remote: Yes
Date Published: Apr 22 2005
Relevant URL: http://www.securityfocus.com/bid/13321
Summary:
PixySoft E-Cart is prone to a remote arbitrary command execution
vulnerability. This issue presents itself due to insufficient sanitization
of user-supplied data.
Specifically, the user-specified 'art' URI parameter is supplied to a
Perl open() routine.
PixySoft E-Cart versions 1.1 is reported vulnerable to this issue.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Any way to automatically change arbitrary headers of... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/396758
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Umbrella v0.6
By: Umbrella
Relevant URL: http://umbrella.sourceforge.net/
Platforms: Linux
Summary:
Umbrella is a security mechanism that implements a combination of
Process-Based Access Control (PBAC) and authentication of binaries through
Digital Signed Binaries (DSB). The scheme is designed for Linux-based
consumer electronic devices ranging from mobile phones to settop boxes.
Umbrella is implemented on top of the Linux Security Modules (LSM)
framework. The PBAC scheme is enforced by a set of restrictions on each
process.
2. Kernel Socks Bouncer 2.6.11
By: Paolo Ardoino
Relevant URL: http://ksb.sourceforge.net/
Platforms: Linux
Summary:
Kernel Socks Bouncer is a Linux Kernel 2.6.x patch that redirects tcp
connections [SSH, telnet, browsers...] to follow through socks5. KSB26
uses a character device to pass socks5 and target ips to the Linux
Kernel.
3. NuFW 1.0.0
By: INL
Relevant URL: http://www.nufw.org
Platforms: Linux
Summary:
NuFW performs an authentication of every single connections passing
through the IP filter, by transparently requesting user's credentials
before any filtering decision is taken. Practically, this brings the notion
of user ID down to the IP layers.
4. ldaupenum 0.02alpha
By: Roni Bachar & Sol Zehnwirth
Relevant URL: https://sourceforge.net/projects/ldapenum
Platforms: Linux, Perl (any system supporting perl), Windows 2000,
Windows 95/98, Windows NT, Windows XP
Summary:
ldapenum is a perl script designed to enumerate system and password
information from domain controllers using the LDAP service when IPC$ is
locked. The script has been tested on windows and linux.
5. File System Saint 1.02a
By: Joshua Fritsch
Relevant URL: http://www.unixgeeks.org/saint
Platforms: Linux, UNIX
Summary:
A fast, flexible, lightweight perl-based host IDS.
6. Travesty 1.0
By: Robert Wesley McGrew
Relevant URL: http://cse.msstate.edu/~rwm8/travesty/
Platforms: Linux
Summary:
Travesty is an interactive program for managing the hardware addresses
(MAC) of ethernet devices on your computer. It supports manually
changing the MAC, generating random addresses, and applying different vendor
prefixes to the current address.
It also allows the user to import their own lists of hardware
addresses and descriptions that can be navigated from within the Travesty
interface. Travesty is written in Python, and is very simple to add
functionality to, or modify.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
linux-secnews-unsubscribe@securityfocus.com from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: CanSecWest/core05
It won't affect you unless you run Linux, OSX, some BSDs, or Windows...
Can/SecWest/core05 - Vancouver, Canada - May 4-6 2005
World Security Pros. Cutting Edge Training, Tools, and Techniques
Security Masters Dojo May 3/4 2005
http://www.securityfocus.com/sponsor/CanSecWest_sf-news_050427
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------