SecurityFocus Linux Newsletter #128

SecurityFocus Linux Newsletter #128

This Issue is Sponsored By: SpiDynamics

FREE White Paper: “How A Hacker Launches A Web App Attack!” Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation, and Parameter Manipulation. All undetectable by Firewalls and IDS!

Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

http://www.securityfocus.com/SPIDynamics-linux-secnews2

I. FRONT AND CENTER

1. Statistical-Based Intrusion Detection
2. On Cures That Are Worse than the Disease
3. SecurityFocus DPP Program II. LINUX VULNERABILITY SUMMARY
4. SheerDNS CNAME Buffer Overflow Vulnerability
5. Mozilla Browser Cross Domain Violation Vulnerability
6. SGI XFSDump Quotas File Symbolic Link Vulnerability
7. Snort TCP Packet Reassembly Integer Overflow Vulnerability
8. SheerDNS Information Disclosure Vulnerability
9. EZ Publish Multiple Path Disclosure Vulnerabilities
10. 12Planet Chat Server Error Message Installation Path Disclosure...
11. EZ Publish site.ini Information Disclosure Vulnerability
12. 12Planet Chat Server Administration Page Clear Text Authenti...
13. KDE Postscript/PDF File Processing Arbitrary Command Execut...
14. BitchX Trojan Horse Vulnerability
15. EZ Publish Multiple Cross Site Scripting Vulnerabilities
16. Python Documentation Server Error Page Cross-Site Scripting... III. LINUX FOCUS LIST SUMMARY
17. about ptrace vuln and patch (Thread)
18. PAM.d Syntax for Radius Auth (Thread)
19. SecurityFocus Article Announcement (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORMS
20. NetSecure Web
21. PowerBroker
22. Dragon IDS
23. NEW TOOLS FOR LINUX PLATFORMS
24. Amrita VPN v0.90 beta 2
25. Crypt Blowfish v0.4.5
26. Nast v0.1.7 VI. SPONSOR INFORMATION
27. FRONT AND CENTER

    ---

28. Statistical-Based Intrusion Detection By Jamil Farshchi

This article will examine statistical-based intrusion detection systems, which alert on anomalous network behaviour, thus providing better monitoring for zero-day exploits than traditional IDS.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/infocus/1686

2. On Cures That Are Worse than the Disease By George Smith

In which your columnist ponders the question, which is worst for the Internet: computer viruses, spam that advertises anti-virus products, or clueless anti-spam solutions.

http://www.securityfocus.com/columnists/155

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

II. BUGTRAQ SUMMARY

1. SheerDNS CNAME Buffer Overflow Vulnerability BugTraq ID: 7335 Remote: No Date Published: Apr 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7335 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SheerDNS is a master DNS server implementation for Unix and Linux variants.

SheerDNS is prone to a buffer overflow when constructing responses to CNAME queries. This is due to insufficient bounds checking of lookup information. Specifically, the static buffer for lookup results is much larger than the buffer for queries. The program does a strcpy() operation to copy the lookup results into the query buffer.

Lookup information which is fetched from local files. If an attacker can influence the contents of these files, then it will be possible to trigger this condition to corrupt adjacent regions of stack memory with malicious data.

Exploitation could lead to a denial of service or execution of malicious instructions.

This issue was discovered in SheerDNS version 1.0.0, however, earlier versions may also be affected.

2. Mozilla Browser Cross Domain Violation Vulnerability BugTraq ID: 7363
Remote: Yes
Date Published: Apr 16 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7363
Summary:

Mozilla is an open source web browser available for a number of platforms, including Microsoft Windows and Linux.

A problem has been reported in Mozilla that could allow access to information in other browser windows. The vulnerability exists because Mozilla does not properly sanitize links when transferring documents from one domain to another. Specifically, malicious HTML code is not sanitized from the 'onclick' property.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Upon the execution of code through the 'onclick' property, a violation in browser security zone policy would occur that allows the original web site to view the contents of web pages in other browser windows.

This problem would require a user visiting a web page that has been designed to present malicious dialog boxes. This type of attack would most commonly occur through social engineering.

Other browsers based on the Mozilla codebase are vulnerable to this issue.

3. SGI XFSDump Quotas File Symbolic Link Vulnerability BugTraq ID: 7321
Remote: No
Date Published: Apr 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7321
Summary:

xfsdump is a backup program originally distributed by SGI. It is implemented with some UNIX and Linux operating systems.

A problem with the program may allow an attacker to gain elevated privileges.

It has been reported that xfsdump insecurely handles symbolic links. Because of this, an attacker may be able to overwrite system files, and potentially gain elevated privileges.

The problem is in the handling of the xfs_quotas file. When xfsdump is executed, it can be forced to create an xfs_quotas file in the root directory of the file system that has been backed up. However, if this file is a symbolic link, data at the end of the symbolic link will be overwritten with the privileges of the xfsdump user. As this user is typically of elevated privileges, this could allow an attacker to gain privileges equal to the xfsdump user.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should be noted that this program might also be installed with setuid or setgid privileges on some systems. This would allow an attacker to execute and exploit the program at will.

4. Snort TCP Packet Reassembly Integer Overflow Vulnerability BugTraq ID: 7178
Remote: Yes
Date Published: Apr 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7178
Summary:

Snort is a freely available, open source intrusion detection system. It is available for Unix, Linux, and Microsoft Windows platforms.

The stream4 preprocessor is designed to reassemble fragmented TCP packets before passing them to Snort for analysis. It is also designed to detect various IDS evasion attacks.

A vulnerability has been discovered in the stream4 preprocessor which may allow an attacker to execute arbitrary code with the privileges of Snort.

The problem occurs in the Traversefunc() function, located in the spp_stream4.c source file, while carrying out various sanity checks. Specifically, an integer overflow may occur while making a bounds check, which could result in a potential heap overflow going undetected.

The integer overflow can be triggered by passing fragmented TCP packets across a network monitored by Snort which contain specially calculated sequence and acknowledgement values. The sequence numbers must be a large enough value so that, when added to the packet size, a 32 bit calculation integer will overflow. When these values are later calculated during a check for potential memory corruption, the integer overflow will trigger a miscalculation where an exception would typically be triggered.

When memcpy() is later called to copy the data to a heap buffer, the previously undetected overflow will occur. This may allow an attacker to corrupt heap memory.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation of this issue may allow an attacker to overwrite sensitive heap memory with malicious values. By overwriting a function pointer or corrupting memory management headers, it may be possible to leverage this vulnerability to execute arbitrary code.

This issue effects Snort releases prior to Snort 2.0 RC1.

5. SheerDNS Information Disclosure Vulnerability BugTraq ID: 7336
Remote: Yes
Date Published: Apr 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7336
Summary:

SheerDNS is a master DNS server implementation for Unix and Linux variants.

A vulnerability has been discovered in SheerDNS. Due to insufficient sanitization of user-supplied data within DNS requests, an attacker may be capable of viewing the contents of an arbitrary directory or file. Specifically, SheerDNS fails to filter directory traversal sequences (../) embedded in DNS queries.

As SheerDNS runs with root privileges, exploitation of this issue would allow an attacker to view the contents of all system directories.

This issue was discovered in SheerDNS version 1.0.0, however, earlier versions may also be affected.

6. EZ Publish Multiple Path Disclosure Vulnerabilities BugTraq ID: 7349
Remote: Yes
Date Published: Apr 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7349
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

eZ Publish is a web content management system for Microsoft Windows and Unix and Linux variants.

Several path disclosure vulnerabilities have been reported for eZ Publish. The vulnerabilities affect several PHP script files in the kernel/class and kernel/classes directory.

An attacker can exploit this vulnerability by making a HTTP request for any of the affected pages. This may result in a condition where path information is returned to the attacker. Information gathered in this way may be used in further attacks against the system.

This vulnerability affects eZ Publish 3.0. It is likely that earlier versions are also affected.

7. 12Planet Chat Server Error Message Installation Path Disclosure Vulnerability BugTraq ID: 7355
Remote: Yes
Date Published: Apr 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7355
Summary:

12Planet Chat Server is web forum software that runs on Windows NT/2000/XP, Linux, Sun Solaris, IBM AIX, and HP UNIX.

When certain malformed URL requests are received by the chat server, an error message is returned containing the full path of the chat server's installation. The URL must contain at least three '/qwe' sequences in order to generate this error message. ie. http://www.victim.com:8080/qwe/qwe/qwe/index.html

If the URL does not contain at least three '/qwe' sequences, a simple HTTP 500 error message will be returned to the remote user.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. EZ Publish site.ini Information Disclosure Vulnerability BugTraq ID: 7347
Remote: Yes
Date Published: Apr 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7347
Summary:

eZ Publish is a web content management system for Microsoft Windows and Unix and Linux variants.

eZ Publish has been reported prone to sensitive information disclosure vulnerability.

An attacker may make a request for and download the underlying site.ini configuration file. The file contains eZ Publish administration credentials stored in plaintext format. Any HTTP requests for this file will reveal the contents of this file to remote attackers.

Information collected in this way may be used to aid in further attacks against the system.

This vulnerability was reported for eZ Publish 3.0. It is likely that earlier versions are affected by this vulnerability.

9. 12Planet Chat Server Administration Page Clear Text Authentication Vulnerability BugTraq ID: 7354
Remote: Yes
Date Published: Apr 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7354
Summary:

12Planet Chat Server is web forum software that runs on Windows NT/2000/XP, Linux, Sun Solaris, IBM AIX, and HP UNIX.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The login page of the administration site for the chat server sends usernames and passwords in clear text. This could allow a remote attacker to sniff the administrator's authentication information.

The interface that allows the administrator to change their passwords also transmits the new password in clear text.

1. KDE Postscript/PDF File Processing Arbitrary Command Execution Vulnerability BugTraq ID: 7318 Remote: Yes Date Published: Apr 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7318 Summary:

KDE is a freely available, open source X Desktop Manager. It has application features to make systems user-friendly, and is designed for Unix and Linux operating systems.

A problem with KDE could lead to arbitrary command execution.

The vulnerability exists when KDE attempts to process specially formatted PDF and PS (PostScript) files using Ghostscript. The source of this vulnerability is due to execution of gs without the '-dSAFER' or '-dPARANOIDSAFER' commandline parameters.

The following source files have been reported to contain the source of this vulnerability. kdebase/kioslave/thumbnail/gscreator.cpp kgvconfigdialog.cpp

This vulnerability has been reported to exist in the kghostview and kview applications. Other applications may also be affected.

An attacker can exploit this vulnerability by creating a malicious PDF/PS file which, when opened using KDE default applications, will result in the execution of arbitrary system commands.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported to affect all KDE 2 and KDE 3 versions including 3.1.1.

1. BitchX Trojan Horse Vulnerability BugTraq ID: 7333 Remote: Yes Date Published: Apr 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7333 Summary:

BitchX is a freely available, open source IRC client. It is available for Unix, Linux, and Microsoft operating systems.

It has been announced that the server hosting BitchX, www.bitchx.org, was compromised recently. It has been reported that the intruder made modifications to the source code of BitchX to include trojan horse code. Downloads of the source code of BitchX from www.bitchx.org, and mirrors, likely contain the trojan code.

Reports say that the trojan will run once upon compilation of BitchX. Once the trojan is executed, it attempts to connect to host 207.178.61.5 on port 6667.

The trojan horse modifications can be found in the configure script in BitchX 1.0c19.

Additionally, the trojan displays similarity to those found in irssi, fragroute, fragrouter, tcpdump, libpcap, OpenSSH, and Sendmail.

This BID will be updated as more information becomes available.

1. EZ Publish Multiple Cross Site Scripting Vulnerabilities BugTraq ID: 7348 Remote: Yes Date Published: Apr 15 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7348 Summary:

eZ Publish is a web content management system for Microsoft Windows and Unix and Linux variants.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Several cross site scripting vulnerabilities have been reported for eZ Publish. These vulnerabilities are due to insufficient sanitization of user-supplied data submitted to eZ Publish.

An attacker can exploit this vulnerability by creating malicious links to a site hosting the vulnerable software which contains hostile HTML and script code. If this link is visited, the attacker-supplied HTML and script code will be interpreted by their browser. This will occur in the context of the site hosting the vulnerable software.

Exploitation may allow theft of cookie-based authentication credentials or other attacks.

This issue was reported in eZ Publish 3.0. It is likely that earlier versions are affected.

1. Python Documentation Server Error Page Cross-Site Scripting Vulnerability BugTraq ID: 7353 Remote: Yes Date Published: Apr 15 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7353 Summary:

Python Documentation Server is a freely available server distributed with the Python software package. It is available for Unix, Linux, and Microsoft Operating Systems.

It has been reported that the Python Documentation Server is vulnerable to a cross-site scripting vulnerability.

The problem is due to insufficient sanitization of HTML and script code from error output. When HTML and script code are passed to the vulnerable server in a URI, the code will be displayed in the server's error page. An attacker could exploit this issue by constructing a malicious link which contains hostile HTML and script code and then enticing web users to visit the link. When the error page is displayed, the attacker-supplied code may be rendered in the user's web browser. This will occur in the security context of the documentation server.

The server runs on port 7464 by default.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

IV. LINUX FOCUS LIST SUMMARY

1. about ptrace vuln and patch (Thread) Relevant URL:

http://www.securityfocus.com/archive/91/318234

2. PAM.d Syntax for Radius Auth (Thread) Relevant URL:

http://www.securityfocus.com/archive/91/318860

3. SecurityFocus Article Announcement (Thread) Relevant URL:

http://www.securityfocus.com/archive/91/318664

IV. NEW PRODUCTS FOR LINUX PLATFORMS

1. 1. NetSecure Web by NetSecure Software Platforms: AIX, BSDI, Linux, Solaris, Windows NT Relevant URL: http://www.netsecuresoftware.com/netsecurenew/Products/NetSecureWeb/netsecureweb.html Summary:

NetSecure Web enables you to create Internet services guaranteeing full protection of your information system network. * Total access to internal database server * Fully transparent for internal and external users * Preserves your private network from intrusion * Ensures that only authorized requests are delivered * Easy installation and operation

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. PowerBroker
by Symark Software
Platforms: DG-UX, HP-UX, Linux, SunOS, UNIX Relevant URL:
http://www.symark.com/powerbroker.htm
Summary:

Symark PowerBroker® provides UNIX security and accountability by enabling system administrators to delegate administrative privileges and authorization without disclosing the root password and to grant selective access to UNIX-based corporate resources. Administrative tasks such as system programs mounting, performing backups, adding new users can be delegated to individuals or groups at a granular level, thus reducing the risk of accidental damage and the threat of malicious activities. Symark PowerBroker also grants user access to files, directories and third-party applications and accounts (such as HR, financial or database programs), including generic accounts. Symark PowerBroker protects the superuser or root account (the most targeted user account), from hackers who could remove critical system files, gain access to confidential data and delete audit trails.

3. Dragon IDS
by Enterasys Networks
Platforms: FreeBSD, Linux, OpenBSD, Solaris Relevant URL:
http://www.enterasys.com/products/ids/
Summary:

The Dragon IDS draws from three types of detected suspicious activity. First, Enterasys Networks maintains an extremely large database of known hacker techniques. These techniques have corresponding 'signatures' that are programmed into the Dragon network and host agents. Examples of hacker techniques include denial of service attacks and buffer overflows. Second, Dragon network and host agents are programmed to search for anomalies that are likely hacker attacks. These anomalies are less exact than a perfect match of a hacker technique, but are still highly effective for detection of port scans, distributed network probes, new forms of buffer overflows and denial of service attacks. And thirdly, all Dragon agents can detect security policy deviations. These policy deviations include detection of unauthorized network services, applications running on unusual ports and logs from network sessions denied by firewalls.

V. NEW TOOLS FOR LINUX PLATFORMS

1. Amrita VPN v0.90 beta 2 by Jayaraj Relevant URL: http://amvpn.sourceforge.net Platforms: Linux, POSIX Summary:

Amrita VPN is an easy-to-use open source VPN solution that runs on the GNU/Linux platform. The implementation is fully in userspace and requires no kernel patches or enhancements. It uses SSL for strong encryption and authentication.

2. Crypt Blowfish v0.4.5
by OpenWall Project
http://www.openwall.com/crypt/
Platforms: N/A
Summary:

Crypt Blowfish is an implementation of a modern password hashing algorithm, based on the Blowfish block cipher, provided via the crypt(3) and a reentrant interface. It is compatible with bcrypt.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Nast v0.1.7
by embyte
Relevant URL:
http://nast.berlios.de
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, POSIX Summary:

Nast is a packet sniffer and a LAN analyzer based on Libnet and Libpcap. It can sniff the packets on a network interface in normal mode or in promiscuous mode. It dumps the headers of packets and the payload in ASCII or ASCII-hex format. Various packet filters can be applied. The data sniffed can be saved in a separate file. As an analysis tool, it can check for other NICs on the network which are set in promiscuous mode, build a list of all hosts on a LAN, find a gate­way, perform port scanning on a multiple hosts, catch daemon banners, follow the TCP data stream, reset a connection, and determine whether a link type is a hub or switch.

VI. SPONSOR INFORMATION

FREE White Paper: “How A Hacker Launches A Web App Attack!” Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation, and Parameter Manipulation. All undetectable by Firewalls and IDS!

Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

http://www.securityfocus.com/SPIDynamics-linux-secnews2