| Date: | 10 May 2005 19:24:01 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #235 |
SecurityFocus Linux Newsletter #235
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Live CD Paradise
2. Software Firewalls versus Wormhole Tunnels
3. Bruce Schneier on Cryptography
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel it87 and via686a Drivers Insecure File Creation...
2. Joshua Chamas Crypt::SSLeay Perl Module Insecure Entropy Sou...
3. SmartList ListManager Arbitrary List Addition Vulnerability
4. PostgreSQL TSearch2 Design Error Vulnerability
5. PostgreSQL Character Set Conversion Privilege Escalation Vul...
6. GNUTLS Padding Denial of Service Vulnerability
7. Invision Power Board Act Parameter Cross-Site Scripting Vuln...
8. FishNet FishCart Multiple Cross-Site Scripting and SQL Injec...
9. NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
10. MidiCart PHP Search_List.PHP SearchString Parameter SQL
Inje...
11. MidiCart PHP Item_List.PHP MainGroup Parameter SQL
Injection...
12. MidiCart PHP Item_List.PHP SecondGroup Parameter SQL
Injecti...
13. MidiCart PHP Item_Show.PHP Code_No Parameter SQL Injection
V...
14. MidiCart PHP Search_List.PHP SearchString Parameter
Cross-Si...
15. MidiCart PHP Item_List.PHP SecondGroup Parameter Cross-Site
...
16. MidiCart PHP Item_List.PHP Maingroup Parameter Cross-Site
Sc...
17. MegaBook Admin.CGI EntryID Cross-Site Scripting
Vulnerabilit...
18. QMail Alloc() Remote Integer Overflow Vulnerability
19. Invision Power Board Login.PHP SQL Injection Vulnerability
20. RealNetworks RealPlayer Unspecified Code Execution
Vulnerabi...
21. Invision Power Board Search.PHP Highlite Parameter
Cross-Sit...
22. Invision Power Board Topics.PHP Highlite Parameter
Cross-Sit...
23. QMail Commands() Function Remote Integer Overflow
Vulnerabil...
24. QMail Substdio_Put() Function Remote Integer Overflow
Vulner...
25. Apache HTDigest Realm Command Line Argument Buffer Overflow
...
26. FreeRadius RLM_SQL.C SQL Injection Vulnerability
27. FreeRadius RLM_SQL.C Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2005-05-03 to 2005-05-10.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Umbrella v0.6
2. Kernel Socks Bouncer 2.6.11
3. NuFW 1.0.0
4. ldaupenum 0.02alpha
5. File System Saint 1.02a
6. Travesty 1.0
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Live CD Paradise
By Scott Granneman
Whether you need to sniff for wireless networks or carry Nessus, Nmap
and
the Metasploit Framework with you in your pocket, there's a
security-based
Live CD out there for you.
http://www.securityfocus.com/columnists/323
2. Software Firewalls versus Wormhole Tunnels
By Bob Rudis and Phil Kostenbader
This article explains how the PCAP library on Windows can be used to
render
software firewalls and client VPN environments ineffective, easily
bypassing traditional security measures.
http://www.securityfocus.com/infocus/1831
3. Bruce Schneier on Cryptography
By Federico Biancuzzi
An interview with Bruce Schneier on some current trends in
cryptography.
http://www.securityfocus.com/columnists/324
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Linux Kernel it87 and via686a Drivers Insecure File Creation...
BugTraq ID: 13455
Remote: No
Date Published: May 02 2005
Relevant URL: http://www.securityfocus.com/bid/13455
Summary:
The Linux kernel it87 and via686a drivers create an insecure file that
could allow a local user to cause a denial of service condition. This
occurs because the created file's permissions allow both read and
write.
This issue was reported to affect kernel version 2.6.11.7; earlier
versions may also be affected.
2. Joshua Chamas Crypt::SSLeay Perl Module Insecure Entropy Sou...
BugTraq ID: 13471
Remote: No
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13471
Summary:
Crypt::SSLeay is prone to a security vulnerability. Reports indicate
that the library employs a file from a world writable location for its
fallback entropy source. The module defaults to this file if a proper
entropy source is not set.
If the affected library is using the insecure file as a source of
entropy, a local attacker may replace the contents of the file with known
text. This known text is then employed to seed cryptographic operations.
This may lead to weak cryptographic operations.
3. SmartList ListManager Arbitrary List Addition Vulnerability
BugTraq ID: 13474
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13474
Summary:
Smartlist could allow arbitrary email addresses to be added to a
mailing list. This issue is due to a vulnerability in the confirm add-on
function of Smartlist. The function can be tricked, thus permitting the
addition of arbitrary addresses to the list.
4. PostgreSQL TSearch2 Design Error Vulnerability
BugTraq ID: 13475
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13475
Summary:
The PostgreSQL 'contrib/tsearch2' module is prone to a security
vulnerability. The issue manifests because the module does not correctly
declare several functions.
Although unconfirmed, it is conjectured that this issue allows a remote
user that can write SQL queries to the affected database to call these
functions, when they should not be accessible directly from SQL
commands.
This vulnerability affects PostgreSQL 7.4 and later.
5. PostgreSQL Character Set Conversion Privilege Escalation Vul...
BugTraq ID: 13476
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13476
Summary:
PostgreSQL character set conversion functions could allow an
unprivileged user to supply malicious arguments. This may result in arbitrary
queries executing with the privileges of the conversion functions.
6. GNUTLS Padding Denial of Service Vulnerability
BugTraq ID: 13477
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13477
Summary:
GnuTLS is prone to a denial of service vulnerability. A remote
attacker can send specifically designed data to cause a flaw in the parsing,
leading to denial of service conditions.
This issue has been addressed in GnuTLS versions 1.0.25 and 1.2.3;
earlier versions are vulnerable.
7. Invision Power Board Act Parameter Cross-Site Scripting Vuln...
BugTraq ID: 13483
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13483
Summary:
Invision Power Board is prone to a cross-site scripting vulnerability.
This issue is due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
It is reported this issue may only be exploitable through Microsoft
Internet Explorer; this has not been confirmed.
8. FishNet FishCart Multiple Cross-Site Scripting and SQL Injec...
BugTraq ID: 13499
Remote: Yes
Date Published: May 04 2005
Relevant URL: http://www.securityfocus.com/bid/13499
Summary:
FishCart is prone to multiple cross-site scripting and SQL injection
vulnerabilities. These issues are due to a failure in the application to
properly sanitize user-supplied input.
Successful exploitation of the SQL injection issues could result in a
compromise of the application, disclosure or modification of data, or
may permit an attacker to exploit vulnerabilities in the underlying
database implementation.
An attacker may leverage the cross-site scripting issues to have
arbitrary script code executed in the browser of an unsuspecting user. This
may facilitate the theft of cookie-based authentication credentials as
well as other attacks.
9. NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
BugTraq ID: 13506
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13506
Summary:
NASM is prone to a remote buffer overflow vulnerability. This issue
affects the 'ieee_putascii()' function.
It is likely that an attacker exploits this issue by crafting a
malicious source file to be assembled by the application. This file is sent
to an affected user and if the user loads the file in NASM, the attack
may result in arbitrary code execution.
The attacker may then gain unauthorized access in the context of the
user running NASM.
10. MidiCart PHP Search_List.PHP SearchString Parameter SQL Inje...
BugTraq ID: 13512
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13512
Summary:
MidiCart PHP is prone to an SQL injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an attacker to
exploit vulnerabilities in the underlying database implementation.
11. MidiCart PHP Item_List.PHP MainGroup Parameter SQL Injection...
BugTraq ID: 13513
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13513
Summary:
MidiCart PHP is prone to an SQL injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an attacker to
exploit vulnerabilities in the underlying database implementation.
12. MidiCart PHP Item_List.PHP SecondGroup Parameter SQL Injecti...
BugTraq ID: 13514
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13514
Summary:
MidiCart PHP is prone to an SQL injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an attacker to
exploit vulnerabilities in the underlying database implementation.
13. MidiCart PHP Item_Show.PHP Code_No Parameter SQL Injection V...
BugTraq ID: 13515
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13515
Summary:
MidiCart PHP is prone to an SQL injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an attacker to
exploit vulnerabilities in the underlying database implementation.
14. MidiCart PHP Search_List.PHP SearchString Parameter Cross-Si...
BugTraq ID: 13516
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13516
Summary:
MidiCart PHP is prone to a cross-site scripting vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
15. MidiCart PHP Item_List.PHP SecondGroup Parameter Cross-Site ...
BugTraq ID: 13517
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13517
Summary:
MidiCart PHP is prone to a cross-site scripting vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
16. MidiCart PHP Item_List.PHP Maingroup Parameter Cross-Site Sc...
BugTraq ID: 13518
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13518
Summary:
MidiCart PHP is prone to a cross-site scripting vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
17. MegaBook Admin.CGI EntryID Cross-Site Scripting Vulnerabilit...
BugTraq ID: 13522
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13522
Summary:
MegaBook is prone to a cross-site scripting vulnerability. This issue
is due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
This issue is reported to affect MegaBook version 2.0; other versions
may also be vulnerable.
18. QMail Alloc() Remote Integer Overflow Vulnerability
BugTraq ID: 13528
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13528
Summary:
QMail is susceptible to a remote integer overflow vulnerability in the
alloc() function.
Specifically, the alloc() function can be coerced into overflowing an
integer value, resulting in an incorrect memory allocation occurring.
This may only be possible in environments where more than 4 gigabytes of
virtual memory is available, such as 64 bit systems.
It is conjectured that remote code executing may be possible.
19. Invision Power Board Login.PHP SQL Injection Vulnerability
BugTraq ID: 13529
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13529
Summary:
Invision Power Board is prone to an SQL injection vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied data before using it in an SQL query.
Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an attacker to
exploit vulnerabilities in the underlying database implementation.
This issue reportedly affects Invision Power Board versions prior to
2.0.4.
20. RealNetworks RealPlayer Unspecified Code Execution Vulnerabi...
BugTraq ID: 13530
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13530
Summary:
RealNetworks RealPlayer is a media player that is available for various
operating systems, including Microsoft Windows, Linux, and Mac OS.
An unspecified vulnerability affects RealNetworks RealPlayer. The
cause of this issue is currently unknown.
The potential impact of this issue is that an attacker may execute code
in the context of the user running the affected software; this BID will
be updated as more information is released.
21. Invision Power Board Search.PHP Highlite Parameter Cross-Sit...
BugTraq ID: 13532
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13532
Summary:
Invision Power Board is prone to a cross-site scripting vulnerability.
This issue is due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
This issue has been addressed in Invision Power Board version 2.0.4;
earlier versions are vulnerable.
22. Invision Power Board Topics.PHP Highlite Parameter Cross-Sit...
BugTraq ID: 13534
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13534
Summary:
Invision Power Board is prone to a cross-site scripting vulnerability.
This issue is due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
This issue has been addressed in Invision Power Board version 2.0.4;
earlier versions are vulnerable.
23. QMail Commands() Function Remote Integer Overflow Vulnerabil...
BugTraq ID: 13535
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13535
Summary:
QMail is susceptible to a remote integer overflow vulnerability in the
commands() function.
Specifically, the commands() function can be coerced into overflowing
an integer value, resulting in overwriting an unintended location with a
NULL byte. This may only be possible in environments where more than 4
gigabytes of virtual memory is available, such as 64 bit systems.
It is conjectured that remote code executing may be possible.
24. QMail Substdio_Put() Function Remote Integer Overflow Vulner...
BugTraq ID: 13536
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13536
Summary:
QMail is susceptible to a remote integer overflow vulnerability in the
substdio_put() function.
Specifically, the substdio_put() function can be coerced into
overflowing an integer value, resulting in writing data to an unintended
location. This may only be possible in environments where more than 4
gigabytes of virtual memory is available, such as 64 bit systems.
It is conjectured that remote code executing may be possible.
25. Apache HTDigest Realm Command Line Argument Buffer Overflow ...
BugTraq ID: 13537
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13537
Summary:
A buffer overflow vulnerability exists in the htdigest utility included
with Apache. The vulnerability is due to improper bounds checking when
copying user-supplied realm data into local buffers.
By supplying an overly long realm value to the command line options of
htdigest, it is possible to trigger an overflow condition. This may
cause memory to be corrupted with attacker-specified values.
This issue could be exploited by a remote attacker; potentially
resulting in the execution of arbitrary system commands within the context of
the web server process.
26. FreeRadius RLM_SQL.C SQL Injection Vulnerability
BugTraq ID: 13540
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13540
Summary:
FreeRadius is prone to an SQL injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an attacker to
exploit vulnerabilities in the underlying database implementation.
27. FreeRadius RLM_SQL.C Buffer Overflow Vulnerability
BugTraq ID: 13541
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13541
Summary:
FreeRadius is prone to a buffer overflow vulnerability. This issue is
due to a failure in the application to do proper bounds checking on
user-supplied data.
Remote code execution may be possible; this has not been confirmed.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
NO NEW POSTS FOR THE WEEK 2005-05-03 to 2005-05-10.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Umbrella v0.6
By: Umbrella
Relevant URL: http://umbrella.sourceforge.net/
Platforms: Linux
Summary:
Umbrella is a security mechanism that implements a combination of
Process-Based Access Control (PBAC) and authentication of binaries through
Digital Signed Binaries (DSB). The scheme is designed for Linux-based
consumer electronic devices ranging from mobile phones to settop boxes.
Umbrella is implemented on top of the Linux Security Modules (LSM)
framework. The PBAC scheme is enforced by a set of restrictions on each
process.
2. Kernel Socks Bouncer 2.6.11
By: Paolo Ardoino
Relevant URL: http://ksb.sourceforge.net/
Platforms: Linux
Summary:
Kernel Socks Bouncer is a Linux Kernel 2.6.x patch that redirects tcp
connections [SSH, telnet, browsers...] to follow through socks5. KSB26
uses a character device to pass socks5 and target ips to the Linux
Kernel.
3. NuFW 1.0.0
By: INL
Relevant URL: http://www.nufw.org
Platforms: Linux
Summary:
NuFW performs an authentication of every single connections passing
through the IP filter, by transparently requesting user's credentials
before any filtering decision is taken. Practically, this brings the notion
of user ID down to the IP layers.
4. ldaupenum 0.02alpha
By: Roni Bachar & Sol Zehnwirth
Relevant URL: https://sourceforge.net/projects/ldapenum
Platforms: Linux, Perl (any system supporting perl), Windows 2000,
Windows 95/98, Windows NT, Windows XP
Summary:
ldapenum is a perl script designed to enumerate system and password
information from domain controllers using the LDAP service when IPC$ is
locked. The script has been tested on windows and linux.
5. File System Saint 1.02a
By: Joshua Fritsch
Relevant URL: http://www.unixgeeks.org/saint
Platforms: Linux, UNIX
Summary:
A fast, flexible, lightweight perl-based host IDS.
6. Travesty 1.0
By: Robert Wesley McGrew
Relevant URL: http://cse.msstate.edu/~rwm8/travesty/
Platforms: Linux
Summary:
Travesty is an interactive program for managing the hardware addresses
(MAC) of ethernet devices on your computer. It supports manually
changing the MAC, generating random addresses, and applying different vendor
prefixes to the current address.
It also allows the user to import their own lists of hardware
addresses and descriptions that can be navigated from within the Travesty
interface. Travesty is written in Python, and is very simple to add
functionality to, or modify.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------