SecurityFocus Linux Newsletter #136

SecurityFocus Linux Newsletter #136

This issue brought to you by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack Step-by-Step" It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

Visit us at: http://www.securityfocus.com/SPIDynamics-linux-secnews4

I. FRONT AND CENTER

1. Penetration Test for Web Applications - Part One
2. Honeypots: Are They Illegal?
3. Bad Raps for Non-Hacks II. LINUX VULNERABILITY SUMMARY
4. GZip ZNew Insecure Temporary File Creation Symbolic Link...
5. Ethereal SPNEGO Dissector Denial Of Service Vulnerability
6. H-Sphere HTML Template Inclusion Cross-Site Scripting...
7. Ethereal OSI Dissector Buffer Overflow Vulnerability
8. FakeBO Syslog Format String Vulnerability
9. Ethereal TVB_GET_NSTRINGZ0() Memory Handling Vulnerability
10. Multiple Speak Freely Remote Boundary Condition Error...
11. Sun Microsystems Java Virtual Machine Insecure Temporary File...
12. RPM Package Manager FTP NLST Data Integer Overflow Remote...
13. Multiple Gnocatan Server Buffer Overflow Vulnerabilities
14. Ethereal DCERPC Dissector Memory Allocation Vulnerability
15. Ethereal Multiple Dissector String Handling Vulnerabilities
16. Typespeed Remote Memory Corruption Vulnerability III. LINUX FOCUS LIST SUMMARY
17. deny deleting a file for users (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORMS
18. Arkeia 5
19. BRU Desktop
20. neuSECURE
21. NEW TOOLS FOR LINUX PLATFORMS
22. PheTail v.01
23. Firewall Builder for PIX v1.0
24. Ethereal v0.9.13 VI. SPONSOR INFORMATION
25. FRONT AND CENTER

    ---

26. Penetration Test for Web Applications - Part One By Jody Melbourne

This is the first in a series of three articles on penetration testing for Web applications. The first installment provides the penetration tester with an overview of Web applications - how they work, how they interact with users, and most importantly how developers can expose data and systems with poorly written and secured Web application front-ends.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/infocus/1704

2. Honeypots: Are They Illegal?
By Lance Spitzner

As honeypots and their concepts have grown more popular, people have begun to ask what legal issues could apply. The purpose of this paper is to address the most commonly asked issues.

http://www.securityfocus.com/infocus/1703

3. Bad Raps for Non-Hacks
By Mark Rasch

A few odd cases show that you don't have be a digital desparado to be accused of a cybercrime... particularly if you embarrass the wrong bureaucrats.

http://www.securityfocus.com/columnists/167

II. BUGTRAQ SUMMARY

1. GZip ZNew Insecure Temporary File Creation Symbolic Link Vulnerability BugTraq ID: 7872 Remote: No Date Published: Jun 11 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7872 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

gzip is a freely available, open source file compression utility. It is maintained by public domain, and available for the Unix, Linux, and Microsoft operating systems.

A problem with the utility may make the local destruction of data possible.

It has been reported that gzip does not securely handle temporary files in the znew script. Because of this, a local attacker may be able to launch a symbolic link attack against sensitive files.

The problem is in the handling of checking for existing files. When the znew script executes, it does not sufficiently validate the value returned when the program checks for the existence of a file in the temporary directory. Because of this, znew could potentially write to a symbolic link that would destroy the data at the end of the symbolic link, provided the user has sufficient privileges to write to the file. This may also potentially lead to elevated privileges, though this theory is unconfirmed.

2. Ethereal SPNEGO Dissector Denial Of Service Vulnerability BugTraq ID: 7879
Remote: Yes
Date Published: Jun 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7879
Summary:

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project and is available for most Unix and Linux variants as well as Microsoft Windows operating systems.

The SPNEGO dissector of Ethereal, when parsing certain ASN.1 codes, may cause a segmentation fault.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker may be able to exploit this vulnerability by crafting a specially formed packet with an invalid ASN.1 value and sending it to a system using the vulnerable dissector.

Due to the nature of this vulnerability, it may be possible for an attacker to create a situation in which sensitive memory could be overwritten. If successful this may allow for the execution of arbitrary code with the privileges of the Ethereal process.

This vulnerability affects Ethereal 0.9.12 and earlier.

3. H-Sphere HTML Template Inclusion Cross-Site Scripting Vulnerabilities BugTraq ID: 7855
Remote: Yes
Date Published: Jun 09 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7855
Summary:

H-Sphere is a multiserver web hosting application. H-Sphere is available for Microsoft Windows, Linux, and Unix operating systems.

H-Sphere is prone to multiple cross-site scripting vulnerabilities via the HTML template feature in the Hosting Control Panel. HTML and script code will not be filtered from pages which are generated when a request for an invalid or unknown template is made.

This could be exploited if a web user follows a malicious link to a site hosting the vulnerable software that includes hostile HTML or script code. This code would be executed in the context of the site hosting the software. The link may also need to contain the username of a valid, logged in user.

Successful exploitation could permit theft of cookie-based authentication credentials from legitimate users of the Hosting Control Panel, which may in turn permit unauthorized access to resources that are managed by the software. Other attacks may also be possible.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. Ethereal OSI Dissector Buffer Overflow Vulnerability BugTraq ID: 7880
Remote: Yes
Date Published: Jun 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7880
Summary:

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project and is available for most Unix and Linux variants as well as Microsoft Windows operating systems.

The OSI dissector is prone to a buffer overflow condition when handling bad IPv4 or IPv6 prefix lengths. This is likely due to insufficient bounds checking.

It may be possible to construct an IPv4 or IPv6 packet that will, when decoded by Ethereal, trigger the overflow condition. Successful exploitation of this vulnerability may result in the attacker gaining access to the Ethereal host via execution of attacker-supplied instructions.

This BID will be updated when further technical details are disclosed.

This vulnerability affects Ethereal 0.9.12 and earlier.

5. FakeBO Syslog Format String Vulnerability BugTraq ID: 7882
Remote: Yes
Date Published: Jun 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7882
Summary:

FakeBO is a utility to log common trojan attempts in an effort to possibly emulate one. It may also be used in a honeypot setup to facilitate security monitoring. It is available for Microsoft Windows, Linux, and Unix variant operating systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported for FakeBO that may result in an attacker obtaining elevated privileges on a target system.

Due to a programming error, it may be possible to exploit a format string vulnerability in the affected utility. Specifically, a logging function in FakeBO contains insecure syslog() calls. This could result in the execution of attacker-supplied code.

The vulnerability occurs when FakeBO resolves a carefully constructed hostname that include malicious format string specifiers. In the event that this vulnerability is exploited, an attacker could cause arbitrary locations in memory to be corrupted with attacker-specified data and execute code with elevated privileges.

This vulnerability was reported for FakeBO 0.4.1.

6. Ethereal TVB_GET_NSTRINGZ0() Memory Handling Vulnerability BugTraq ID: 7883
Remote: Yes
Date Published: Jun 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7883
Summary:

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project and is available for most Unix and Linux variants as well as Microsoft Windows operating systems.

An Ethereal routine, tvb_get_nstringz0(), has been reported prone to a memory handling vulnerability. Reportedly tvb_get_nstringz0() incorrectly handles a zero-length buffer size. Although unconfirmed, it has been conjectured that this issue may be due to an incorrect allocation of memory, caused when an unsigned integer is used when calculating the size of memory to be allocated.

Exploitation of this issue may allow an attacker to cause Ethereal to behave in an unpredictable manner.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Due to the nature of this vulnerability, it may be possible for an attacker to create a situation in which sensitive memory could be overwritten. If successful this may allow for either a remotely triggered denial of service condition or ultimately in the execution of arbitrary code with the privileges of the Ethereal process.

The precise technical details of this vulnerability are currently unknown. This BID will be updated, as further information is available.

This vulnerability affects Ethereal 0.9.12 and earlier.

7. Multiple Speak Freely Remote Boundary Condition Error Vulnerabilities BugTraq ID: 7846
Remote: Yes
Date Published: Jun 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7846
Summary:

Speak Freely is a freely available Internet voice communication application. It is available for the Unix, Linux, and Microsoft platforms.

Several problems with the program may give users unauthorized access to systems.

Several security issues have been reported in Speak Freely. These issues include boundary condition errors, insecure use of temporary files, and insecure network traffic handling. These problems may allow both remote and local users to gain unauthorized access to the system.

Three boundary condition errors have been reported in the program that allow attack through UDP traffic. Two methods of attack are through either the data port (2074/UDP) or control port (2075/UDP).

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Insecure temporary file handling has been reported, although specifics about this particular instance of vulnerability have not been made available. It is also reported that this issue can permit the overwriting of any file owned by the Speak Freely user, which likely indicates the possibility of symbolic link attack through temporary files.

Finally, there are reports of the ability to circumvent network protection devices such as firewalls, and also static buffer overflows. Due to the handling UDP traffic by Speak Freely, it is possible to relay traffic into a protected network through spoofed IP headers. Information about the reported static buffer overflow conditions is not available.

These problems could permit a remote attacker to gain access to the system with the privileges of the Speak Freely user, or potentially relay traffic into a restricted network. A local attacker may also be able to exploit these problems to gain elevated privileges, or destroy data.

8. Sun Microsystems Java Virtual Machine Insecure Temporary File Vulnerability BugTraq ID: 7848
Remote: No
Date Published: Jun 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7848
Summary:

The Java Virtual Machine is a component of the Java Runtime Environment, distributed by Sun Microsystems.

A problem has been reported that may make it possible for an attacker to gain unauthorized privileges.

It has been reported that the Java Virtual Machine distributed by Sun does not safely generate temporary files. Because of this, an attacker may be able to launch a symbolic link attack.

The problem is in the handling temporary files. When the Java Virtual Machine is invoked, it creates a temporary file in the /tmp directory with the prefix of jpsock.**_*, and varying characters in the place of the asterisks. An attacker could create a range of symbolic links pointing to a specific file, attempting to predict the future name of a temporary file created by the JVM. Upon a successful guess, the file at the end of the symbolic link would be overwritten.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

9. RPM Package Manager FTP NLST Data Integer Overflow Remote Memory Corruption Vulnerability BugTraq ID: 7874
Remote: Yes
Date Published: Jun 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7874
Summary:

The RPM Package Manager is a command line utility for creating, installing and managing RPM packages. It is available for a wide range of Linux distributions.

A vulnerability has been reported for the RPM Package Manager. The problem occurs when using the application to access FTP listings on a remote server. Specifically, RPM fails to sufficiently carry out sanity checks on the size of data returned by an FTP NLST listing. The size value is subsequently shifted 2 bits to the left, effectively increasing it's size exponentially by 3, and is then used as a malloc() function parameter. The NLST data is then copied into the buffer returned by malloc().

An attacker could exploit this issue by controlling a malicious FTP server configured in such a way as to transmit NLST data in excess of 1 gigabyte. If this were to occur, when the RPM application carried out the shift procedure, the size value would overflow. As a result, an insufficient memory buffer will be allocated to store the data.

The exploitability of this vulnerability to execute code is highly implausible as copying data of this size will typically result in a page fault. However, this issue could result in the exhaustion of available system resources and would ultimately cause the RPM utility to crash.

1. Multiple Gnocatan Server Buffer Overflow Vulnerabilities BugTraq ID: 7877 Remote: Yes Date Published: Jun 12 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7877 Summary:

Gnocatan is a multiplayer game. It is available for Microsoft Windows and Linux operating systems.

The Gnocatan game server is prone to multiple remotely exploitable buffer overflow vulnerabilities. The vulnerabilities are due to insufficient bounds checking of data supplied to the server, which could result in corruption of memory with attacker-supplied values. These conditions could potentially be exploited to execute malicious code in the context of the server or to launch denial of service attacks.

Specific technical details regarding these vulnerabilities are not available at this time. This BID will be updated as more details become available.

1. Ethereal DCERPC Dissector Memory Allocation Vulnerability BugTraq ID: 7878 Remote: Yes Date Published: Jun 11 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7878 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project and is available for most Unix and Linux variants as well as Microsoft Windows operating systems.

The DCERPC dissector of Ethereal is prone to a condition whereby too much memory may be allocated when decoding certain NDR strings.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

An attacker may be able to exploit this vulnerability by crafting a specially formed packet and sending it to a system using the vulnerable dissector or by convincing a victim user to use Ethereal to read a malformed packet trace file.

This may result in the vulnerable Ethereal process allocating too much memory. Repeated decoding of malformed NDR packets may result in the consumption of all available memory resources which may lead to a denial of service condition.

This vulnerability affects Ethereal 0.9.12 and earlier.

1. Ethereal Multiple Dissector String Handling Vulnerabilities BugTraq ID: 7881 Remote: Yes Date Published: Jun 11 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7881 Summary:

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project and is available for most Unix and Linux variants as well as Microsoft Windows operating systems.

Several dissectors included with Ethereal do not properly handle strings. Exploitation of this issue may allow an attacker to cause Ethereal to behave in an unpredictable manner. The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors are vulnerable to this issue.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

An attacker may be able to exploit this vulnerability by crafting a specially formed packet and sending it to a system using the vulnerable dissectors or by convincing a victim user to use Ethereal to read a malformed packet trace file.

Due to the nature of this vulnerability, it may be possible for an attacker to create a situation in which sensitive memory could be overwritten. If successful this may allow for the execution of arbitrary code with the privileges of the Ethereal process.

This vulnerability affects Ethereal 0.9.12 and earlier.

1. Typespeed Remote Memory Corruption Vulnerability BugTraq ID: 7891 Remote: Yes Date Published: Jun 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7891 Summary:

Typespeed is a game designed to test typing skills. It is available for the Linux operating system. Typespeed is installed setgid 'games' by default on the Debian Linux distribution.

A memory corruption vulnerability has been reported for Typespeed that may result in code execution with elevated privileges. The vulnerability exists in the net_swapscore() function of the 'network.c' source file. Specifically, proper bounds checks are not performed prior to executing the 'strncpy' function.

A remote attacker may be able to exploit this vulnerability to corrupt sensitive with attacker-supplied code.

This vulnerability was reported for Typespeed 0.4.1 and earlier.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

III. LINUX FOCUS LIST SUMMARY

1. deny deleting a file for users (Thread) Relevant URL:

http://www.securityfocus.com/archive/91/324709

IV. NEW PRODUCTS FOR LINUX PLATFORMS

1. Arkeia 5 by Arkeia Platforms: AIX, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, MacOS, SCO, Solaris, SunOS, True64 UNIX, Unixware, Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL: http://arkeia.com/a5technical.html Summary:

Safeguarding a company's priceless data can create a multitude of questions for system administrators. Arkeia provides proven answers: speedy, automated backup and recovery that is a reliable industry standard for heterogeneous network backup. Arkeia is quick on its feet, easy to use and smoothly compatible with almost all combinations of computers, operating systems and storage devices. It's simple to install, configured in minutes and readily adaptable to anything from a small business network to a complex enterprise. Arkeia automatically detects SCSI hardware and recognizes tape drive types. Administrators can easily choose full or incremental backups that preserve directory structure, registry, symbolic links and special attributes. Arkeia makes it easy to program "exceptions" to your backup schedule with a convenient calendar interface.

2. BRU Desktop
by TOLIS Group
Platforms: AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, OpenBSD, SCO, Solaris, True64 UNIX
Relevant URL:
http://www.tolisgroup.com/bru_dt3.html
Summary:

BRU Desktop 17.0 Backup & Restore Utility is a very cost-effective backup solution for SOHO (Small Office/Home Office) commercial applications. Delivering the full power, reliability, and functionality of BRU Workstation without the associated cost of network components, BRU Desktop supports single systems with locally attached archive devices. Licensed for commercial use, BRU Desktop shares the same proven data verification and error detection and recovery functionality of BRU Workstation.

3. neuSECURE
by GuardedNet
Platforms: Linux, UNIX, Windows 2000, Windows NT, Windows XP Relevant URL:
http://www.guarded.net/prod/prod.html
Summary:

neuSECURE is a web-based security information management software solution designed to provide a comprehensive, coherent view of enterprise security. It correlates log data files from disparate machines such as firewalls, intrusion detection systems, computer systems and routers and automatically analyzes this data to uncover legitimate threats to the enterprise. neuSECURE allows security analysts to prioritize their investigations and focus on the mission-critical task of responding to threats as they are occurring, rather than after the damage is done. And with neuSECURE a security team can manage security threats from early detection to final resolution without ever leaving the intuitive, web-based console.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

V. NEW TOOLS FOR LINUX PLATFORMS

1. PheTail v.01 by Jesper Nøhr Relevant URL: http://code.printf.dk/~decius/phetail/ Platforms: Perl (any system supporting perl) Summary:

PheTail automatically tails an amavisd-new logfile for activity. Whenever relevant activity is found, it is written to a SQL database.

2. Firewall Builder for PIX v1.0
by Vadim Kurland
Relevant URL:
http://www.netcitadel.com/index.htm?pix_overview Platforms: BSDI, FreeBSD, Linux, MacOS, OpenBSD, POSIX, Solaris, SunOS Summary:

Firewall Builder for PIX hides the complexity of PIX command line interface and automatically configures options and parameters that usually make manual configuration a real chore. With this module, the same workstation running Firewall Builder can create and manage security policy on Cisco PIX firewalls, as well as on firewalls built with iptables, OpenBSD pf, or ipfilter.

3. Ethereal v0.9.13
by Gerald Combs, gerald@ethereal.com
Relevant URL:
http://www.ethereal.com/
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, SCO, Solaris, True64 UNIX
Summary:

Ethereal is a network protocol analyzer, or "packet sniffer", that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality packet analyzer for Unix, and the most useful packet analyzer on any platform.

VI. SPONSOR INFORMATION

ALERT: "How a Hacker Launches a SQL Injection Attack Step-by-Step" It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

Visit us at: http://www.securityfocus.com/SPIDynamics-linux-secnews4