Hosting Provided By

SecurityFocus Newsletter #172

From: John Boletta <jboletta(at)securityfocus.com>
Date: Mon Nov 25 2002 - 11:57:06 EST

This Issue is Sponsored by: SPI Dynamics

ALERT! "Outsmart Web Application Attackers"- Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS and Cookie Manipulation. All undetectable by Firewalls and IDS! FREE 15 Day Product Trial, which delivers a Comprehensive Vulnerability Report http://www.spidynamics.com/mktg/freewebinspect19

I. FRONT AND CENTER

SQL Injection and Oracle
Complete Snort-based IDS Architecture, Part Two
Caught in a BIND
SecurityFocus DPP Program
InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. BUGTRAQ SUMMARY
Courier SqWebMail File Disclosure Vulnerability
Lonerunner Zeroo HTTP Server Remote Buffer Overflow Vulnerability
NeoSoft NeoBook 4 ActiveX Control Arbitrary File Type Inclusion...
Perception LiteServe Malformed GET Request Buffer Overflow...
Nullmailer Invalid User Denial Of Service Vulnerability
AOL Instant Messenger Screen Name Buffer Overflow Vulnerability
PHPBB2 ViewTopic.PHP Cross Site Scripting Vulnerability
Macromedia Flash SWRemote Heap Corruption Vulnerability
MailEnable Email Server Buffer Overflow Vulnerability
TFTPD32 Arbitrary File Download/Upload Vulnerability
TFTPD32 Long Filename Buffer Overflow Vulnerability
DHCPCD Character Expansion Remote Command Execution Vulnerability
Linksys Router Unauthorized Management Access Vulnerability
iPlanet Admin Server Cross Site Scripting Vulnerability
iPlanet Admin Server Insecure Open Call Vulnerability
Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone...
QNX Multiple Program Insecure Default Permissions Vulnerability
Mhonarc Mail Header HTML Injection Vulnerability
QNX Photon MicroGUI Clipboard Insecure Data Storage Vulnerability III. SECURITYFOCUS NEWS ARTICLES
Comdex's Secure Side
Lawyers Fear Misuse of Cyber Murder Law
On the Microsoft FTP server leak
Internet Provisions in Homeland Security Bill
Sex, Text, Revenge, Hacking and Friends Reunited IV. SECURITYFOCUS TOP 6 TOOLS
guard bash v1.0
Paketto Keiretsu v1.0
mod_authenticache v2.0.6
SNMP Trap Translator v0.4
slurm v0.0.7
irclog-xml v0.07a
SECURITYJOBS LIST SUMMARY
NO NEW POSTS FOR THE WEEK ENDING 11.25.02 VI. INCIDENTS LIST SUMMARY
Port 1080 (Thread)
Compromised FBSD/Apache (Thread)
FTP and Win2K changed security policy (Thread)
Proxy server hit... Any ideas? (Thread)
More info about found Win2K "rootkit" (Thread)
New scanner? (Thread)
Fraudulent use of ebay's name (Thread)
DeepSight Analyzer 4.0 Announcement (Thread)
Strange apache logs: CONNECT maila.microsoft.com:25 (Thread)
Help - a possible bot (Thread)
030 igetnet ignkeywords (Thread)
Spoofed RFC1918 Network Source Addresses... (Thread)
Unicode Attack (Thread)
Strange Apache logs - maybe DDOS? (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
PHP (Thread)
shell script cgi (summary?) (Thread)
Remote service shutdown in mailenable (newest) Follow up (Thread)
Remote service shutdown in mailenable (newest) (Thread)
Paketto Keiretsu 1.0 Released (Thread)
shell script cgi (Thread)
ColdFusion Heap Overflow -continued (Thread)
[Division 7 Security Systems]-Multiple Vulnerabilities Found in... VIII. MICROSOFT FOCUS LIST SUMMARY
outlook 2000 vs latest outlook express deployment (Thread)
How to secure Internet Explorer (Thread)
SecurityFocus Microsoft Newsletter #113 (Thread)
re: Unknown Workgroup in Network Neighborhood (Thread)
Active Directory network security (Thread) IX. SUN FOCUS LIST SUMMARY
Anti Virus on Sun Solaris (Thread)
Anti Virus on Sun Solaris (Pre-summary) (Thread)
LINUX FOCUS LIST SUMMARY
iptables REJECT types for UDP (if any) (Thread)
DeepSight Analyzer 4.0 Announcement (Thread) XI. SPONSOR INFORMATION
FRONT AND CENTER
SQL Injection and Oracle By Pete Finnigan

This is the first article in a two-part series that will examine SQL injection attacks against Oracle databases. The objective of this series is to introduce Oracle users to some of the dangers of SQL injection and to suggest some simple ways of protecting against these types of attack.

http://online.securityfocus.com/infocus/1644

2. Complete Snort-based IDS Architecture, Part Two by Anton Chuvakin, Ph.D. and Vladislav V. Myasnyankin

Do you need help?

Many companies find it hard to justify acquiring the IDS systems due to their perceived high cost of ownership. However, not all IDS systems are prohibitively expensive. This is second part of a two-part article that will provide a set of detailed directions to build an affordable intrusion detection architecture from hardware and freely available software. In this installment we shall discuss Web interface configuration, summaries and daily reporting, automated attack response, sensor installation, installation of the central station, and big distributed IDS systems.

http://online.securityfocus.com/infocus/1643

3. Caught in a BIND
By Jon Lasser

How did one of the Internet's most ubiquitous software packages grow up to be chronically insecure? History offers a lesson.

http://online.securityfocus.com/columnists/125

4. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

Do you need more help?

5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

Courier SqWebMail File Disclosure Vulnerability BugTraq ID: 6189 Remote: Yes Date Published: Nov 15 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6189 Summary:

Courier SqWebMail is a CGI application used to send and receive email using 'Maildir' mailboxes.

An information disclosure vulnerability has been reported for SqWebMail. In some circumstances, it has been reported that SqWebMail does not drop privileges fast enough upon startup.

An attacker can exploit this vulnerability to execute SqWebMail and obtain access to potentially sensitive files.

Can we help you?

Precise technical details regarding this vulnerability are not yet known. This BID will be updated as more information becomes available.

2. Lonerunner Zeroo HTTP Server Remote Buffer Overflow Vulnerability BugTraq ID: 6190
Remote: Yes
Date Published: Nov 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6190
Summary:

Zeroo HTTP server is a freely available, open source web server. It is available for the Linux and Microsoft Windows platforms.

A problem with Zeroo HTTP server could lead to remote code execution.

It has been reported that Zeroo HTTP server does not sufficiently check bounds on some requests. This occurs when a string of excessive length is received by the server. This can result in the overwriting of stack memory, and potential code execution.

It is not required that this data be sent in HTTP request format. Sending a string of 1024 bytes or greater to the server without structure has been reported to reproduce this issue.

Previous versions of the software may also be affected.

3. NeoSoft NeoBook 4 ActiveX Control Arbitrary File Type Inclusion Vulnerability BugTraq ID: 6191
Remote: Yes
Date Published: Nov 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6191
Summary:

Can't find what you're looking for?

NeoBook is a commercially available multimedia authoring software package. It is available for Microsoft Windows.

A problem with NeoBook 4 could lead to arbitrary file inclusion, and command execution.

It has been reported that the ActiveX control used by NeoBook does not sufficiently filter types of files that are included in NeoBook content. This may allow the packaging of malicious files in NeoBook content. When interpretted by the ActiveX control, the placement and execution of files could occur.

This vulnerability requires the NeoBook ActiveX control. This control is not distributed with default implementations of web browsers.

4. Perception LiteServe Malformed GET Request Buffer Overflow Vulnerability BugTraq ID: 6192
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6192
Summary:

Perception LiteServe provides web, email, and ftp server functionality. It is available for the Microsoft Windows operating system.

A buffer overflow vulnerability has been reported for Perception LiteServe HTTP server. The vulnerability occurs when the web server attempts to process malformed GET requests. Reportedly, when processing overly long GET requests consisting of illegal '%' sequences, the web server will crash.

An attacker can exploit this vulnerability by issuing a long, malformed GET request consisting of at least 290,759 '%' characters. This will cause the LiteServe HTTP server to crash.

Don't know where to look next?

Although unconfirmed, it may be possible to cause the web server to execute malicious attacker-supplied code.

5. Nullmailer Invalid User Denial Of Service Vulnerability BugTraq ID: 6193
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6193
Summary:

Nullmailer is a simple relay-only mail transport agent. It is available for the Unix and Linux operating systems.

A denial of service vulnerability has been discovered in nullmailer.

When attempting to deliver an email message to a non-existent user, an unknown user error will occur. Upon processing this error nullmailer will cease to deliver any pending mail in the mail queue.

By crafting a malicious email to a non-existent user on a vulnerable system, it is possible for an attacker to exploit this issue. This will result in a denial of service as nullmailer will fail to deliver any email.

This issue was reported in v1.00RC5 of nullmailer. It is not yet known whether earlier versions are affected.

6. AOL Instant Messenger Screen Name Buffer Overflow Vulnerability BugTraq ID: 6194
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6194
Summary:

Confused? Frustrated?

AOL Instant Messenger (AIM) is an instant messenging client for Microsoft Windows, MacOS, and other platforms.

AIM contains an unchecked buffer which could result in a denial of service or arbitrary code execution.

When viewing the information for a user with a screen name containing 88 characters or more, a buffer in AIM will be overrun, causing the client to terminate with an error reading memory. Although not yet confirmed, arbitrary code execution may be possible.

This vulnerability was discovered in AIM v5.1.3036. It is not yet known whether other versions are affected.

There have been conflicting reports as to the existence of this vulnerability. See the Reference section for details. 7. PHPBB2 ViewTopic.PHP Cross Site Scripting Vulnerability BugTraq ID: 6195 Remote: Yes Date Published: Nov 18 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6195 Summary:

phpBB2 is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

A cross site scripting vulnerability has been discovered in the 'viewtopic.php' script included with phpBB2.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the web forum.

This may allow for theft of cookie-based authentication credentials and other attacks.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

This vulnerability was reported for phpBB 2.0.3. Other versions may also be affected.

8. Macromedia Flash SWRemote Heap Corruption Vulnerability BugTraq ID: 6196
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6196
Summary:

Macromedia Flash is a modular package designed to enhance web browsing and enables users to view various multimedia web content.

Macromedia Flash is prone to a buffer overrun condition. The issue exists in the SWRemote parameter, used by Flash objects. By entering an excessive amount of data into the SWRemote parameter, it is possible to overrun a buffer in a vulnerable flash player.

By exploiting this issue to modify sensitive heap values, it may be possible to execute arbitrary attacker supplied code, with the privileges of the vulnerable browser.

This vulnerability was discovered in Macromedia Flash ActiveX 6.0.47. It is not yet known if earlier versions are affected.

9. MailEnable Email Server Buffer Overflow Vulnerability BugTraq ID: 6197
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6197
Summary:

MailEnable is a commercially available POP3 and SMTP server available for the Microsoft Windows operating systems.

Do you need help?

A buffer overflow vulnerability has been reported for MailEnable's POP3 server. The vulnerability is due to insufficent bounds checking of the USER login field.

An attacker can exploit this vulnerability by connecting to a vulnerable MailEnable server and sending an overly long string, consisting of more than 512 characters, as the value for the USER login prompt. This will trigger the buffer overflow condition.

Although unconfirmed, an attacker may be able to exploit this vulnerability to cause MailEnable to execute malicious attacker-supplied code.

TFTPD32 Arbitrary File Download/Upload Vulnerability BugTraq ID: 6198 Remote: Yes Date Published: Nov 18 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6198 Summary:

Tftpd32 is a freely available TFTP (Trivial FTP) server designed for use with Microsoft Windows operating systems.

A vulnerability has been discovered in Tftpd32, which allows a remote attacker to download and/or upload files. By exploiting this vulnerability it is possible for an attacker to disclose arbitrary system files, by using the GET command, which may contain sensitive user credentials. It may also be possible for an attacker to replace key system files with trojaned copies, using the PUT command, which could be used to open backdoors into a target system.

This vulnerability affects Tftpd32 2.50.2 and earlier.

TFTPD32 Long Filename Buffer Overflow Vulnerability BugTraq ID: 6199 Remote: Yes Date Published: Nov 19 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6199 Summary:

Tftpd32 is a freely available TFTP (Trivial FTP) server available for use on Microsoft Windows operating systems.

A buffer overflow vulnerability has been reported for Tftpd32. The vulnerability is due to insufficient checks on user supplied input. Specifically, proper bounds checking is not implemented on requested filenames.

Do you need more help?

A remote attacker is able to exploit this vulnerability by supplying a long string, consisting of at least 116 characters, as a name of the file to retrieve. This will trigger the buffer overflow condition. Successful exploitation of this issue will result in the execution of attacker-supplied code, with the privileges of the Tftpd32 process.

This vulnerability affects Tftpd32 2.50.2 and earlier.

DHCPCD Character Expansion Remote Command Execution Vulnerability BugTraq ID: 6200 Remote: Yes Date Published: Nov 18 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6200 Summary:

dhcpcd is an RFC2131 and RFC1541 compliant DHCP client daemon. It is available for the Linux operating system. dhcpcd must be run with root privileges.

When assigning an IP address to a network interface, dhcpcd may execute an external script, '/sbin/dhcpd-<interface>.exe'. This is an optional configuration that must be setup manually on Conectiva systems (others are not confirmed) by copying the script into /sbin/.

The script 'dhcpcd-<interface>.exe' uses values from '/var/lib/dhcpcd/dhcpcd-<interface>.info', which originate from the DHCP server. A lack of input validation on this data may make it possible for commands injected by a malicious DHCP server to be executed through the use of shell metacharacters such as ';' and '|'. These commands may run with root privileges.

This issue was discovered in dhcpd-1.3.22-pl1.

Linksys Router Unauthorized Management Access Vulnerability BugTraq ID: 6201 Remote: Yes Date Published: Nov 18 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6201 Summary:

Linksys DSL routers are high-speed internet access solutions distributed by the Linksys Group. Linksys DSL routers offer features such as high-speed internet access, switching built into some routers, and Voice-over-IP.

A vulnerability has been reported in various Linksys routers, during the initial negotiation stage. It has been reported that the vulnerable routers fail to handle XML-related data transmitted by clients during initialization of a session with the management server (on TCP port 8080 of the internal interface). According to the report, authentication is bypassed completely when the browser Lynx is used to connect to the management interface and a mailcap entry exists for "application/foo.xml". It is not clear why or how this occurs and the details have not been verified by Linksys.

Can we help you?

It should be noted that this issue must be exploited within an internal network, unless the remote management feature is enabled on the router.

iPlanet Admin Server Cross Site Scripting Vulnerability BugTraq ID: 6202 Remote: Yes Date Published: Nov 19 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6202 Summary:

A cross-site scripting vulnerability has been discovered in iPlanet web servers.

The vulnerability exists when an administrator views error logs in the iPlanet Admin Server.

This may allow for theft of cookie-based authentication credentials and other attacks.

This vulnerability, when used in conjunction with the vulnerability described in BID 6203, may be used to execute malicious attacker-supplied commands with elevated privileges on a vulnerable system.

This vulnerability affects iPlanet Web Server 4.1 SP11 and earlier.

iPlanet Admin Server Insecure Open Call Vulnerability BugTraq ID: 6203 Remote: Yes Date Published: Nov 19 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6203 Summary:

iPlanet web server is prone to command execution vulnerability due to insecure calls to the open() function.

Can't find what you're looking for?

The vulnerability exists in the Admin Server's PERL pages used for administrative tasks. Specifically, the 'importInfo' script is vulnerable to this issue. It is possible to manipulate the value for the 'dir' parameter to include malicious system commands.

This vulnerability may be exploited to execute arbitrary commands on the vulnerable system with, potentially, elevated privileges.

This vulnerability has been reported for iPlanet Web Server 4.1 SP11 and earlier.

Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability BugTraq ID: 6205 Remote: Yes Date Published: Nov 19 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6205 Summary:

Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions accept a URL location for the dialog content, and an option argument parameter to allow data to be passed to the dialog from the calling page.

A vulnerability has been reported in Explorer that may allow for script code to be executed in the Local Zone. When an IFRAME in a dialog changes its location or Zone, the dialogArguments object provided by the calling content should not be accessible. It has been reported that this is not the case. The dialogArguments object is accessible despite the fact that its originating location/Zone is different from the parent.

In some circumstances, this may result in code being executed in the Local Zone. One method of accomplishing this is by exploiting the local "res://shdoclc.dll/privacypolicy.dlg", which happens to write the dialogArguments property "cookieUrl" to the document body. If the value of this property is set to script code, the code will execute when the document is rendered. This technique is demonstrated by the discoverer of this vulnerability.

Using the method developed by Andreas Sandblad, attackers may also exploit this vulnerability to execute commands on victim hosts.

QNX Multiple Program Insecure Default Permissions Vulnerability BugTraq ID: 6206 Remote: No Date Published: Nov 19 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6206 Summary:

QNX is a real-time operating system available both freely and for commercial use. It is distributed and maintained by QNX Software Systems Limited.

Don't know where to look next?

A problem with some versions of QNX could allow a local user to perform unauthorized local actions.

QNX is distributed with several programs that have insecure default permissions. These programs may be written to by any user of the system in a typical implementation.

/sbin/io-audio
/bin/shutdown
/sbin/fs-pkg
/usr/photon/bin/phshutdown
/usr/photon/bin/cpim
/usr/photon/bin/vpim
/usr/photon/bin/phrelaycfg
/usr/photon/bin/columns
/usr/photon/bin/othello
/usr/photon/bin/peg
/usr/photon/bin/solitaire
/usr/photon/bin/vpoker

Some of these programs may not be insecure by default, but affected after patches to resolve other security issues are applied. Information on these issues is unconfirmed, but reports indicate the io-audio, shutdown, fs-pkg, and phshutdown programs are affected.

Mhonarc Mail Header HTML Injection Vulnerability BugTraq ID: 6204 Remote: Yes Date Published: Nov 19 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6204 Summary:

MHonArc is a Perl program designed to automatically parse email into a HTML based archive format.

A vulnerability has been discovered in MHonArc when configured to display full message headers in HTML format.

It may be possible for an attacker to trigger this vulnerability by constructing a malicious email containing malicious HTML code in a message header. When messages are converted, by MHonArc, to HTML and displayed via the web, arbitrary attacker-supplied HTML code will be executed within the context of the displayed web page.

QNX Photon MicroGUI Clipboard Insecure Data Storage Vulnerability BugTraq ID: 6207 Remote: No Date Published: Nov 19 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6207 Summary:

QNX Photon microGUI is a graphical interface for real-time operating system (RTOS), as well as other operating systems. It is distributed and maintained by QNX Software Systems Limited.

Confused? Frustrated?

A problem with microGUI could make it possible for local users to gain access to potentially sensitive information.

Photon does not securely store data when it is copied to the clipboard. When data is copied to the clipboard, it is insecurely stored on the local file system. This could allow local users to view the contents of another user's clipboard.

When data is copied to the clipboard while using the microGUI system, this data is stored in the file /var/clipboard/localhost/0/1.TEXT where the number zero represents the executing user's userid in hex. The problem is due to directory permissions, and may be resolved by changing the default directory permissions for the respective user.

III. SECURITYFOCUS NEWS AND COMMENTARY

Comdex's Secure Side By Michael Fitzgerald

A sampling of the information security products on the menu at Comdex.

http://online.securityfocus.com/news/1713

2. Lawyers Fear Misuse of Cyber Murder Law By Kevin Poulsen

Defense attorneys say the new threat of life imprisonment for hackers who try to "cause death" by computer will be used to squeeze quick guilty pleas from even non-lethal cyberpunks.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

http://online.securityfocus.com/news/1702

3. On the Microsoft FTP server leak
By John Leyden, The Register

Microsoft made customer details - along with numerous confidential internal documents - freely available from a deeply insecure FTP server earlier this month.

http://online.securityfocus.com/news/1714

4. Internet Provisions in Homeland Security Bill By Ted Bridis, The Associated Press

Internet providers such as America Online could give the government more information about subscribers and police would gain new Internet wiretap powers under legislation creating the new Department of Homeland Security.

http://online.securityfocus.com/news/1701

5. Sex, Text, Revenge, Hacking and Friends Reunited By Drew Cullen, The Register

Do you need help?

Sometimes, you come across a court case that is simply perfect. And this one, a tale of two-timing, intercepted text messages, computer hacking, and publication of sex pictures on Friends Reunited, scores a big fat nine out of 10.

http://online.securityfocus.com/news/1700

IV. SECURITYFOCUS TOP 6 TOOLS

guard bash v1.0 by Alboaie Sînicã Relevant URL: http://www.iprogrammers.ro/guard/ Platforms: Linux, POSIX Summary:

guard bash is a shell wrapper that will execute an authentication phase before any command is executed. It uses a secret (user owned) algorithm method, and has a per user customizable procedure. If you need to connect to your computer from outside of your safe environment, even if you use SSH, you are vulnerable to simple attacks like key sniffing or to more complex attacks against SSH. If you have more than just one authentication method, you can more safely log in your account from an insecure Internet host.

2. Paketto Keiretsu v1.0
by Effugas
Relevant URL:
http://www.doxpara.com
Platforms: POSIX
Summary:

The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system, Minewt, a user space NAT/MAT router, linkcat, which presents a Ethernet link to stdio, Paratrace, which traces network paths without spawning new connections, and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space.

3. mod_authenticache v2.0.6
by anthonyu
Relevant URL:
http://original.killa.net/infosec/mod_authenticache/ Platforms: UNIX
Summary:

mod_authenticache provides a simple and generic method for caching authentication information on the client side in order to enhance performance. It has been tested with several Basic HTTP authentication modules, and has an Apache 2.0.x optional function exporter for caching credentials from any custom authentication module.

Do you need more help?

4. SNMP Trap Translator v0.4
by Alex Burger
Relevant URL:
http://snmptt.sourceforge.net
Platforms: Os Independent
Summary:

SNMPTT is an SNMP trap handler written in Perl for use with the NET-SNMP/UCD-SNMP snmptrapd program. Received traps are translated into friendly messages using variable substitution. Output can be to STDOUT, text log file, syslog, MySQL (Linux/Windows), or a Windows ODBC database. User defined programs can also be executed.

5. slurm v0.0.7
by Hendrik Scholz
Relevant URL:
http://www.raisdorf.net/slurm/
Platforms: FreeBSD
Summary:

slurm started as a port of pppstatus to FreeBSD and now is a generic network load monitor. It features three different modes with real-time ASCII graphs and interface statistics for all kinds of network interfaces on FreeBSD, NetBSD, OpenBSD, and Linux.

6. irclog-xml v0.07a
by Ruf
Relevant URL:
http://sourceforge.net/projects/irclog-xml/ Platforms: Os Independent
Summary:

irclog-xml parses IRC logs, and converts those logs into XML and HTML. Currently supported formats include BitchX, mIRC, XChat, and Eggdrop (via Mel).

V. SECURITY JOBS SUMMARY