SecurityFocus Linux Newsletter #129

SecurityFocus Linux Newsletter #129

This issue is sponsored by: FastTrain

FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT.

Log onto http://www.fasttraincamp.com.

I. FRONT AND CENTER

1. Anti-Virus Defence In Depth
2. Al-Jazeera, the First Amendment, and Security Professionals
3. SecurityFocus DPP Program II. LINUX VULNERABILITY SUMMARY
4. Rinetd Connection List Resizing Denial of Service Vulnerability
5. Central Command Vexira Antivirus Buffer Overflow Vulnerability
6. YaBB SE Language Remote File Include Vulnerability
7. OpenBB Index.PHP Remote SQL Injection Vulnerability
8. Mod_NTLM Authorization Format String Vulnerability
9. PT News Unauthorized Administrative Access Vulnerability
10. OpenBB Board.PHP Remote SQL Injection Vulnerability
11. SAP Database Development Tools INSTDBMSRV INSTROOT...
12. Xinetd Rejected Connection Memory Leakage Denial Of Service...
13. Mod_NTLM Authorization Heap Overflow Vulnerability
14. SAP Database Development Tools INSTLSERVER INSTROOT...
15. MIME-Support Package Insecure Temporary File Creation...
16. OpenBB Member.PHP Remote SQL Injection Vulnerability III. LINUX FOCUS LIST SUMMARY
17. Linux Security Courses (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORMS
18. AppAudit
19. FloodGuard
20. Sourcefire Intrusion Management System
21. NEW TOOLS FOR LINUX PLATFORMS
22. Crash Core Analysis Suite v3.3
23. In Memory Core Dump v3.1.4
24. FloodGuard Alert v2_2p3 VI. SPONSOR INFORMATION
25. FRONT AND CENTER

    ---

26. Anti-Virus Defence In Depth by Ken Bechtel

Lately it seems I can't open my inbox with out seeing a new article on defence in depth. This is fine: defence in depth is crucial to anti-virus protection. Unfortunately, most of the articles are missing two crucial components. To understand what is being missed, we need to look at what is meant by defence in depth as it applies in the malicious software world. For the purpose of this paper, when referring to defence in depth, we will be specifically talking about the utilization of anti-virus software, and other methods to provide a multi-layered anti-malware defence in a corporate environment.

http://www.securityfocus.com/infocus/1687

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Al-Jazeera, the First Amendment, and Security Professionals By Scott Granneman

While attempts to disrupt Web broadcasts of Al-Jazeera may seem like a distant concern, they reflect the problems that should concern security professionals everywhere.

http://www.securityfocus.com/columnists/156

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

II. BUGTRAQ SUMMARY

1. Rinetd Connection List Resizing Denial of Service Vulnerability BugTraq ID: 7377 Remote: Yes Date Published: Apr 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7377 Summary:

rinetd is a small server designed to redirect connections from one IP address and port to another. It is available for the Microsoft Windows and Linux operating system.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

By default rinetd allocations space for a list of 64 connections. When this 64-connection boundary has been reached, the program attempts to reallocate the buffer, to accommodate additional connections. A flaw has been discovered in the reallocation process that may open an opportunity for an attacker to trigger a denial of service.

Specifically, a buffer overflow may be triggered after attempting to reallocate memory. This is due to the buffer being reallocated incorrectly. As a result, when a new connection is established the information will be written past the buffer. This may result in a segmentation violation and cause the process to crash.

It should be noted that, although unconfirmed, if data written passed the buffer can be controlled by an attacker it could be possible to exploit this issue to execute arbitrary code.

This vulnerability affects rinetd 0.61 and earlier.

2. Central Command Vexira Antivirus Buffer Overflow Vulnerability BugTraq ID: 7383
Remote: No
Date Published: Apr 18 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7383
Summary:

Vexira Antivirus is an antivirus solution for Linux variant systems distributed by Central Command.

A buffer overflow vulnerability has been reported for Vexira Antivirus which may result in privilege escalation.

A local attacker can exploit this vulnerability by supplying an overly long commandline argument to the /usr/lib/Vexira/vexira binary, consisting of at least 280 characters. When the binary attempts to process this input, it will trigger the buffer overflow condition and cause the application to crash.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Although unconfirmed, it may be possible to exploit this vulnerability to execute malicious attacker-supplied code.

This vulnerability was reported for Vexira Antivirus 2.1.7 for Linux.

3. YaBB SE Language Remote File Include Vulnerability BugTraq ID: 7399
Remote: Yes
Date Published: Apr 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7399
Summary:

YaBB SE is a freely available, open source port of Yet Another Bulletin Board (YaBB). It is available for a number of platforms include Unix, Linux, and Microsoft Windows operating systems.

YaBB may allow malicious bulletin board users to influence the include path for language files. Registered users may influence the include path of language files through the "Change Profile" option. A malicious user could set an include path that points to a malicious PHP script on an external host. This could result in execution of commands in the context of the web server.

4. OpenBB Index.PHP Remote SQL Injection Vulnerability BugTraq ID: 7401
Remote: Yes
Date Published: Apr 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7401
Summary:

OpenBB is a freely available, open source bulletin board software package. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with the software may make it possible for remote users to modify database query logic.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that OpenBB does not properly check input passed via the 'index.php' script. Because of this, it may be possible for a remote user to inject malicious arbitrary SQL queries in the context of the database user for the bulletin board software. The consequences of successful exploitation will vary depending on the underyling database implementation, but may allow for disclosure of sensitive information or remote compromise of the bulletin board or database itself.

This vulnerability has been reported in OpenBB version 1.1.0. The currently available version reported by the vendor is 1.0.5. This vulnerability may affect the reported version, and previous versions of the affected software.

5. Mod_NTLM Authorization Format String Vulnerability BugTraq ID: 7393
Remote: Yes
Date Published: Apr 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7393
Summary:

mod_ntlm is an Apache module which implements NLTM authentication. It is available for Apache 2.0.x and 1.3.x on the Linux operating system.

A format string vulnerability has been discovered in the mod_ntlm Apache module. The issue occurs when processing authorization information located in HTTP headers.

The problem occurs in a call to ap_log_rerror(), by the log() function, without including format specifier arguments. As a result, it may be possible for a remote attacker to embed their own specifiers within authorization data. This may allow for an attacker to write to sensitive locations in memory.

It should be noted that the exploitability of this issue to execute arbitrary code may be hindered by various system specific limitations. As a result, exploitation may only result in a denial of service.

This vulnerability was reported in mod_ntlm <= 0.4 and mod_ntlm2 0.1.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. PT News Unauthorized Administrative Access Vulnerability BugTraq ID: 7394
Remote: Yes
Date Published: Apr 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7394
Summary:

PT News is a web based news system. It is implemented in PHP and available for Microsoft Windows operating systems and Linux/Unix variants.

PT News does not adequately prevent remote users from gaining unauthorized access to administrative functions. The source of this issue is that the 'index.php' script includes the 'news.inc' file, which contains various administrative functions for PT News. Remote users may access the administrative functions of 'news.inc' through the 'index.php' script.

Exploitation could allow remote attackers to manipulate content.

7. OpenBB Board.PHP Remote SQL Injection Vulnerability BugTraq ID: 7404
Remote: Yes
Date Published: Apr 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7404
Summary:

OpenBB is a freely available, open source bulletin board software package. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with the software may make it possible for remote users to modify database query logic.

It has been reported that OpenBB does not properly check input passed via the 'board.php' script. Because of this, it may be possible for a remote user to inject malicious arbitrary SQL queries in the context of the database user for the bulletin board software. The consequences of successful exploitation will vary depending on the underyling database implementation, but may allow for disclosure of sensitive information or remote compromise of the bulletin board or database itself.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability has been reported in OpenBB version 1.1.0. The currently available version reported by the vendor is 1.0.5. This vulnerability may affect the reported version, and previous versions of the affected software.

8. SAP Database Development Tools INSTDBMSRV INSTROOT Environment Variable Vulnerability BugTraq ID: 7407
Remote: No
Date Published: Apr 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7407
Summary:

SAP DB is a free database software package for Unix, Linux, and Microsoft Operating Systems.

It has been reported that a vulnerability exists in the SAP Database program instdbmsrv. Because of this, a local attacker may be able to gain elevated privileges.

The problem is in the handling of input from untrusted sources. When executed, the instdbmsrv program checks the INSTROOT environment variable for the location of the pgm/dbmsrv program. The permissions of the dbmsrv program are changed to give the program setuid root privileges when the instdbmsrv is executed. An attacker could modify the INSTROOT environment variable locally to point to an arbitrary directory. When the instdbmsrv program is executed, an attacker-supplied version of the dbmsrv program would be changed to setuid root.

This could result in an attacker gaining local administrative privileges.

9. Xinetd Rejected Connection Memory Leakage Denial Of Service Vulnerability BugTraq ID: 7382
Remote: Yes
Date Published: Apr 18 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7382
Summary:

Xinetd is intended as a secure replacement for inetd. It is designed for use with Linux and Unix variant operating environments.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A denial of service vulnerability has been reported for Xinetd. The vulnerability exists due to memory leaks occuring when connections are rejected. This issue was reported to occur in the svc_request() function of the service.c source file where some allocated memory is not properly freed when a connection is rejected.

An attacker can exploit this vulnerability by repeatedly connecting to a Xinetd server and having the connection rejected. This will result in a memory exhaustion issue that will result in a denial of service condition.

This vulnerability was reported for Xinted prior to 2.3.11.

1. Mod_NTLM Authorization Heap Overflow Vulnerability BugTraq ID: 7388 Remote: Yes Date Published: Apr 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7388 Summary:

mod_ntlm is an Apache module, which implements NLTM authentication. It is available for Apache 2.0.x and 1.3.x on the Linux operating system.

The mod_ntlm Apache module has been reported prone to a heap overflow vulnerability.

The vulnerability is due to a lack of sufficient bounds checking performed on user-supplied data, stored in a 2048 byte buffer within heap memory.

Specifically, an insecure 'vsprintf()' function call is made within the mod_ntlm 'log()' function. The call to 'vsprintf()' copies user-supplied authorization data without carrying out sufficient bounds checking. As a result, excessive data may be copied into the 2048 byte buffer, resulting in the corruption of sensitive memory management information.

By modifying an adjacent malloc header to contain malicious values, it may be possible for an attacker to overwrite sensitive locations in memory when a subsequent call to free() is made. As a result, it may be possible for an attacker to execute arbitrary instructions, with the privileges of the Apache server.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability is reported to affect mod_ntlm v0.4 for Apache 1.3 and mod_ntlmv2 version 0.1 for Apache 2.0. Although unconfirmed, previous versions may also be affected.

1. SAP Database Development Tools INSTLSERVER INSTROOT Environment Variable Vulnerability BugTraq ID: 7408 Remote: No Date Published: Apr 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7408 Summary:

SAP DB is a free database software package for Unix, Linux, and Microsoft Operating Systems.

It has been reported that a vulnerability exists in the SAP Database program instlserver. Because of this, a local attacker may be able to gain elevated privileges.

The problem is in the handling of input from untrusted sources. When executed, the instlserver program checks the INSTROOT environment variable for the location of the pgm/lserver program. The permissions of the lserver program are changed to give the program setuid root privileges when the instlserver is executed. An attacker could modify the INSTROOT environment variable locally to point to an arbitrary directory. When the instlserver program is executed, an attacker-supplied version of the lserver program would be changed to setuid root.

This could result in an attacker gaining local administrative privileges.

1. MIME-Support Package Insecure Temporary File Creation Vulnerability BugTraq ID: 7403 Remote: No Date Published: Apr 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7403 Summary:

The mime-support package contains a variety of MIME applications and tools. It is available for the Linux operating system.

A vulnerability has been discovered in the run-mailcap application included with mime-support. The problem occurs due to invalid sanity checks when creating temporary files.

By populating the /tmp directory with symbolic links which point to sensitive system files, it may be possible for an unprivileged user to corrupt arbitrary files. As a result, an unprivileged user may be capable of rendering a target system unusable or possibly gain elevated privileges.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability affects run-mailcap included in mime-support verison 3.21 and earlier.

1. OpenBB Member.PHP Remote SQL Injection Vulnerability BugTraq ID: 7405 Remote: Yes Date Published: Apr 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7405 Summary:

OpenBB is a freely available, open source bulletin board software package. It is available for Unix, Linux, and Microsoft Windows operating systems.

A problem with the software may make it possible for remote users to modify database query logic.

It has been reported that OpenBB does not properly check input passed via the 'member.php' script. Because of this, it may be possible for a remote user to inject malicious arbitrary SQL queries in the context of the database user for the bulletin board software. The consequences of successful exploitation will vary depending on the underyling database implementation, but may allow for disclosure of sensitive information or remote compromise of the bulletin board or database itself.

This vulnerability has been reported in OpenBB version 1.1.0. The currently available version reported by the vendor is 1.0.5. This vulnerability may affect the reported version, and previous versions of the affected software.

III. LINUX FOCUS LIST SUMMARY

1. Linux Security Courses (Thread) Relevant URL:

http://www.securityfocus.com/archive/91/319322

IV. NEW PRODUCTS FOR LINUX PLATFORMS

1. AppAudit by Sanctum, Inc. Platforms: N/A Relevant URL: http://www.sanctuminc.com/solutions/appaudit/index.html Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Sanctum's AppAudit will help you find the holes in your Web site before somebody else does. AppAudit is a remote audit on your Web site conducted by Sanctum, to determine the general security of your site at the application level. AppAudit reveals Web application vulnerabilities, including: Hidden Manipulation, Parameter Tampering, Cookie Poisoning, Stealth Commanding, Forceful Browsing, Backdoors and Debug options, Configuration Subversion, Buffer Overflow and Vendor-assisted Hacking.

2. FloodGuard
by Reactive Network
Platforms: N/A
Relevant URL:
http://www.reactivenetwork.com/products/products.htm Summary:

FloodGuard, from Reactive Network Solutions, is dedicated to detecting - and mitigating - all types of flooding attacks. By distributing intelligence through the network, FloodGuard? is the most effective hardware-software solution for shutting down flooding attacks before they shut down your business.

3. Sourcefire Intrusion Management System by Sourcefire
Platforms: N/A
Relevant URL:
http://www.securityfocus.com/www.sourcefire.com/products/products.htm Summary:

Sourcefire Intrusion Management System (IMS) delivers all of the capabilities needed to proactively defend against intruders. Unlike current intrusion detection systems, Sourcefire offers a comprehensive system that gives one granular flexibility, scalability, and complete data management. Sourcefire IMS offers the best protection and allows users to customize every aspect of the system to suit their specific environment and security needs.

V. NEW TOOLS FOR LINUX PLATFORMS

1. Crash Core Analysis Suite v3.3 by Mission Critical Linux webmaster@missioncriticallinux.com Relevant URL: http://oss.missioncriticallinux.com/projects/crash/ Platforms: Linux, POSIX Summary:

The Crash Core Analysis Suite utility is a self-contained tool, loosely based on the SVR4 crash command but completely merged with gdb, thereby combining the kernel-specific nature of crash with the source level debugging capabilities of gdb. The utility can be used to investigate live systems, kernel core dumps created from the Kernel Core Dump patch offered by Mission Critical Linux, and kernel core dumps created from the Linux Kernel Crash Dumps (LKCD) patch offered by SGI.

2. In Memory Core Dump v3.1.4
by Mission Critical Linux webmaster@missioncriticallinux.com Relevant URL:
http://oss.missioncriticallinux.com/projects/mcore/ Platforms: Linux, POSIX
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

In Memory Core Dump uses system memory to save crash information. On a subsequent reboot of the system, the crash information can be recovered.

3. FloodGuard Alert v2_2p3
by Reactive Network Solutions, Inc. jagan@reactivenetwork.com Relevant URL:
http://www.reactivenetwork.com/downloads/ Platforms: Linux, POSIX
Summary:

FloodGuard Alert is designed to detect all forms of flooding and bandwidth attacks, including DDoSes and worms. The software initially trains on ingress traffic directed at your protection domain that it uses to statistically identify anomalous traffic. It also suggests initial mitigation steps (ACLs/filters) that can be taken to stop the attack while letting legitimate traffic through. It comes with a comprehensive Java-based GUI that facilitates traffic visualization, configuration, control, analysis, report generation, and SYSLOG- and email-based communications.

VI. SPONSOR INFORMATION

FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT.

Log onto http://www.fasttraincamp.com.