SecurityFocus Newsletter #184

SecurityFocus Newsletter #184

This Issue is Sponsored by: GuardedNet - Transforming Security Data into Knowledge

Event Correlation - Is it Security's Holy Grail?

neuSECURE isa centralized monitoring system that correlates and analyzes event data from firewalls, IDS's, hosts and routers for real-time attack detection and response. It's proven to improve attack detection and reduce the time you spend investigating attacks.

Sign up to receive our White Paper about neuSECURE's correlation capabilities entitled "Event Correlation: Security's Holy Grail?" at

http://www.guarded.net/sfocusfebruary_correlation.html

I. FRONT AND CENTER

1. Are You Infected? Detecting Malware Infection
2. Forensics on the Windows Platform, Part Two
3. New Linux Support Policies are Ominous
4. Suing Over Slammer
5. The First Honeyd Challenge
6. SecurityFocus DPP Program
7. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL) II. BUGTRAQ SUMMARY
8. W3M Frame Enabled Browsing Cross Site Scripting Vulnerability
9. W3M Image Attribute Cross Site Scripting Vulnerability
10. HPUX Wall Message Buffer Overflow Vulnerability
11. Red Hat Linux User Mode Linux SetUID Installation Vulnerability
12. WinZip File Encryption Scheme Limited Key Space Vulnerability
13. Gupta SQLBase EXECUTE Buffer Overflow Vulnerability
14. Netgear FM114P Wireless Firewall File Disclosure Vulnerability
15. Nethack Local Buffer Overflow Vulnerability
16. Opera Username URI Warning Dialog Buffer Overflow Vulnerability
17. Gallery Insecure File Permissions Vulnerability
18. CryptoBuddy Unused Encryption Passphrase Vulnerability
19. Opera opera.PluginContext Native Method Buffer Overflow...
20. Eset Software NOD32 Antivirus Local Buffer Overflow Vulnerability
21. Alt-N MDaemon/WorldClient Form2Raw Mail Header Spoofing...
22. Cedric Email Reader Global Configuration Script Remote File...
23. Cedric Email Reader Skin Configuration Script Remote File...
24. RARLAB FAR File Manager Buffer Overflow Vulnerability
25. Cisco IOS ICMP Redirect Routing Table Modification Vulnerability
26. Ericsson HM220dp DSL Modem World Accessible Web Administration...
27. APC apcupsd Client Syslog Format String Vulnerability
28. Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow...
29. CGI Lite Perl Module Metacharacter Input Validation Vulnerability
30. HP-UX landiag/lanadmin Local Buffer Overflow Vulnerability
31. HP-UX rpc.yppasswd Unspecified Buffer Overflow Vulnerability
32. HP-UX stmkfont Unspecified Buffer Overflow Vulnerability
33. HP-UX rs.F3000 Unspecified Unauthorized Access Vulnerability III. SECURITYFOCUS NEWS ARTICLES
34. Mitnick Banned From Security Group
35. A Short History of Computer Viruses and Attacks
36. Make Love To Your IT Manager on Valentine's Day
37. P2P virus fakes nude Zeta Jones pics IV. SECURITYFOCUS TOP 6 TOOLS
38. Intrusion Detection Exchange Architecture v1.0.1
39. trollhunter v0.7
40. FWReport v1.0.1
41. CVS-SSH2 Plug-in for Eclipse v0.0.3
42. StatFreak v0.5.3 beta
43. elfsign v0.1.0
44. SECURITYJOBS LIST SUMMARY
45. Seeking Full-time InfoSec Position (Thread)
46. Computer science graduate (Thread)
47. Risk Technology & Insurance (Thread)
48. Territory Sales Manager, New York/New Jersey (Thread)
49. Security Software Engineer, San Jose, CA (Thread)
50. SCADA Security contract opportunity in Houston (Thread)
51. Opportunity for CLEARED Web Developer at Bolling AFB (Thread)
52. Exciting opportunity for CLEARED Security Administrator in...
53. WireX Contract Java/Smartcard Software Engineer (Thread)
54. WireX Systems Software Engineer (Thread)
55. 2 Security Engineer Openings in Norcross, GA! (Thread)
56. Senior and Mid-Range Security Systems Engineers - Baltimore/DC...
57. Seeking graduate/apprenticeship position (UK) (Thread)
58. Territory Manager- South Central-TX (Thread)
59. Inside Sales Account Manager- San Francisco only (Thread)
60. San Francisco-Needed: SWE-GUI developer (Thread)
61. System Security Engineer- Northern VA CONTRACT 5-18 months...
62. REPOST: Product Sales Professionals (Inside Sales) - Amherst...
63. REPOST: Senior Account Executives - Amherst, NY (Thread)
64. Florida CISSP Seeking Management or Auditing (Thread)
65. Intrusion Detection Specialist - looking for job in San...
66. Driven security professional looking for work. - CISSP...
67. Avail Now * DC metro and MN * MCSE/CSA * 5+ Yrs IT * - UPDATE...
68. Repost - 20-years' experience seeking work in US or UK (Thread)
69. Illinois - System Analyst (Thread)
70. 'Should I take the job thread' (Thread)
71. How picky should a security person be in today's economy?...
72. _How_picky_should_a_security_person_be_in_today?s_economy?...
73. How picky should a security person be in todays economy? (Thread)
74. How picky should a security person be in today?s economy?... VI. INCIDENTS LIST SUMMARY
75. ICMP Destination Unreachable, Administratively Prohibited (Thread)
76. S4T4N1C Web Defacement (Thread)
77. Summary of the responses (4 line ad) (Thread)
78. FTP/Port 1038 (Thread)
79. UDP traffic on Port 52798 (Thread)
80. webserver probes for php detection (Thread)
81. ftp server compromised (Thread)
82. The 4 line ad at the bottom of this post.. (Thread)
83. Traffic on UDP 1815 (Thread)
84. logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... (Thread)
85. Identity theft scam against eBay users (Thread)
86. ALEVRIUS! (Thread)
87. Increased Kuang2 activity (Thread)
88. Correction: www.ethereal.com not www.ethereal.org Suspicious...
89. Suspicious file on Desktop (Thread)
90. Kuang2 on the rise... (Thread)
91. email address probes (Thread) VII. VULN-DEV RESEARCH LIST SUMMARY
92. Bash Blues. (Thread)
93. New freeware tools available from WebCohort (Thread)
94. Strange IE / Windows Behaviour (Thread)
95. Re[2]: Windows reverse Shell #2 (Thread)
96. Yet another plaintext attack to ZIP encryption scheme. (Thread)
97. Windows reverse Shell #2 (Thread)
98. Fw: f-prot antivirus useless buffer overflow (Thread)
99. OpenSSH segfault (Debian distro) (Thread) VIII. MICROSOFT FOCUS LIST SUMMARY
100. Unhappy face icon on NT 4 workstation (Thread)
101. Windows 2000 Static arp not static (Thread)
102. Ye Olde OWA Topic (Was Website inside or outside domain) (Thread)
103. Website inside or outside domain (Thread)
104. website inside or outside the domain? (Thread)
105. Secure Instant Messenger for Windows? (Thread)
106. SecurityFocus Microsoft Newsletter #124 (Thread)
107. L0phtCrack and Windows 2000 LM Hashes (Thread) IX. SUN FOCUS LIST SUMMARY
108. NO NEW POSTS FOR THE WEEK ENDING 02.14.03
109. LINUX FOCUS LIST SUMMARY
110. openSSL Key generation (Thread)
111. LKM Trojan installed (Thread)
112. SSL and Kerberos (Thread)
113. IPTables stops logging after long uptime (Thread)
114. Perl administration for Linux fileserver (Thread) XI. SPONSOR INFORMATION
115. FRONT AND CENTER

     ---

116. Are You Infected? Detecting Malware Infection By Jong Purisima

Once executed, malware can perform its intended malicious function on a system. Unfortunately, it may not always be apparent to users that their system is indeed infected. This article will discuss how to determine whether or not the system has been infected and will offer some tips on to manually disinfect the system.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/infocus/1666

2. Forensics on the Windows Platform, Part Two by Jamie Morris

This is the second of a two-part series of articles discussing the use of computer forensics in the examination of Windows-based computers. In Part One we discussed the wider legal issues raised by computer forensics and the benefits of pre-investigation preparation. In this article we will concentrate on the areas of a Windows file system that are likely to be of most interest to forensic investigators and the software tools that can be used to carry out an investigation.

http://online.securityfocus.com/infocus/1665

3. New Linux Support Policies are Ominous By Jon Lasser

Red Hat and Mandrake are cutting support for older versions of their Linux distributions... The results will be a security nightmare for the Internet.

http://online.securityfocus.com/columnists/142

4. Suing Over Slammer
By Mark Rasch

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

In the aftermath of the SQL Slammer worm, companies have once again claimed massive financial losses as a result of malicious code. As with the Code Red and Nimda worms, the Melissa virus and the Mafiaboy distributed denial of service attack, the press has reported widespread system disruption with "losses" in the hundreds of millions -- if not billions -- of dollars worldwide.

http://online.securityfocus.com/columnists/141

5. The First Honeyd Challenge

With the release of Honeyd 0.5 over the weekend, Niels Provos is pleased to also announce the first Honeyd challenge!

Honeyd is a virtual honeypot running as a small daemon to create virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems.

The goal of this challenge is to develop interesting feature additions to Honeyd. Possible improvements are forensic analysis tools for Honeyd log files, passive fingerprinting of connections, realistic routing topologies, etc. Your submissions will be judged by a panel of experienced volunteers, rated, and shared with the security community.

We are able to award prizes to the best submissions. Top prizes include a free pass to CanSecWest/core03 including a free hotel room for up to four days, a $200 and a $100 Amazon gift certificate. Furthermore, the top ten entries receive a copy of Lance Spitzner's new book "Honeypots: Tracking Hackers," signed by Lance and Niels. Judges include:

• Mike Clark
• Job de Haas
• Niels Provos
• Rain Forest Puppy
• Lance Spitzner

The challenge officially begins on Monday the 17th of February. You have four weeks to complete your submissions. Please, send your results no later than 24:00 GMT, Friday, March 14th. Submissions will be judged and released on Friday the 21th of March. More information on the challenge and submission requirements can be found at

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

  http://www.citi.umich.edu/u/provos/honeyd/challenge.html

All questions, concerns, and submissions should be sent with a subject including "Honeyd Challenge" to provos-honeyd@citi.umich.edu.

6. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

7. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. W3M Frame Enabled Browsing Cross Site Scripting Vulnerability BugTraq ID: 6793 Remote: Yes Date Published: Feb 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6793 Summary:

W3M is a text-based Web browser. It is developed for several platforms including Linux and Unix variant operating systems.

A cross site scripting vulnerability has been reported for W3M if frames support is enabled. Due to inadequate sanitization of some HTML tags, it is possible for an attacker to steal another user's cookie information or other sensitive data. Specifically, W3M does not fully sanitize malicious HTML code from FRAME tags.

It should be noted that this vulnerability is exploitable only if W3M is executed with the '-F' commandline option.

This vulnerability has been reported to affect W3M 0.3.2. It is likely that earlier versions are affected.

2. W3M Image Attribute Cross Site Scripting Vulnerability BugTraq ID: 6794
Remote: Yes
Date Published: Feb 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6794
Summary:

W3M is a text-based Web browser. It is developed for several platforms including Linux and Unix variant operating systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A cross site scripting vulnerability has been reported for W3M. Due to inadequate sanitization of some HTML tags, it is possible for an attacker to steal another user's cookie information or other sensitive data. Specifically, W3M does not fully sanitize malicious HTML code from IMAGE tags.

This vulnerability has been reported to affect W3M 0.3.2.2 and earlier.

3. HPUX Wall Message Buffer Overflow Vulnerability BugTraq ID: 6800
Remote: No
Date Published: Feb 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6800
Summary:

wall is an application used to broadcast a message to all of the users on a local system.

It has been reported that the HPUX wall executable may be prone to a buffer overflow condition.

This issue is due to insufficient bounds checking of broadcast messages. When wall receives a message redirected from a file, that contains an excessive amount of data it becomes unstable. It has been reported that this vulnerability can be reproduced by redirecting a file containing greater than 9000 bytes to a vulnerable version of wall, which may cause sensitive regions of memory to be corrupted with attacker-supplied values.

It is possible that this vulnerability is an exploitable buffer overflow, and could result in the execution of attacker-supplied code. Any code executed would be in the security context of the wall process.

4. Red Hat Linux User Mode Linux SetUID Installation Vulnerability BugTraq ID: 6801
Remote: No
Date Published: Feb 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6801
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Red Hat Linux is a freely available, open source operating system distributed by Red Hat Incorporated.

A problem with a component of the kernel-utils package may make it possible for local users to perform unauthorized activities.

It has been reported that under some circumstances, Red Hat Linux may allow unauthorized actions through User-Mode-Linux compatibility. Due to permissions on some components installed with the User-Mode-Linux utilities, a local user could perform actions on the system that require privilege, potentially affecting local host security.

The problem is in the setuid bit given to the uml_net program. When installed with the kernel-utils package, the program is installed setuid root. A local user could execute this program to control network interfaces, or manipulate some network settings.

5. WinZip File Encryption Scheme Limited Key Space Vulnerability BugTraq ID: 6805
Remote: No
Date Published: Feb 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6805
Summary:

Winzip is a commercially-available file compression utility maintained and distributed by WinZip Computing, Inc.

A problem with WinZip may make possible successful brute force attacks against files compressed and encrypted with WinZip.

A problem has been reported in the encryption scheme used with WinZip files. Due to a problem in the algorithm used to password-protect files in WinZip, the encrypted key space may be reduced. This could increase the chances of a brute force attack to decrypt files compressed and encrypted with WinZip.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The problem is in the seeding. Because of a programming error, seeding used by the program is reduced from a usual 2^(12*8) number of possibilities to a total of 2^(3*8) possibilites. This reduces the resources required to successfully test the entire encrypted key space, and could lead to the successful decrypting of WinZip files.

6. Gupta SQLBase EXECUTE Buffer Overflow Vulnerability BugTraq ID: 6808
Remote: Yes
Date Published: Feb 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6808
Summary:

Gupta SQLBase is an embedded SQL Database designed for use with Microsoft Windows and Novell Netware environments.

A buffer overflow vulnerability has been reported for SQLBase when using the EXECUTE command. This command is used by the database to execute a stored command or procedure.

An attacker can exploit this vulnerability by issuing an EXECUTE command with an overly large value, consisting of at least 700 characters, as a parameter. This will cause SQLBase to crash and may result in the execution of attacker-supplied code with elevated privileges.

This vulnerability is exacerbated by the fact that the SYSADM account allows access with a blank password for the default ISLAND database.

This vulnerability was reported for SQLBase 8.1.0. It is not known whether earlier versions are affected.

7. Netgear FM114P Wireless Firewall File Disclosure Vulnerability BugTraq ID: 6807
Remote: Yes
Date Published: Feb 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6807
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Netgear FM114P Cable/DSL Prosafe 802.11b Wireless Firewall is a hardware appliance that can allow several systems to share a single broadband Internet connection. The device also includes a firewall and is managed through a web interface.

A directory traversal vulnerability exists in the FM114P's web administration interface.

The firewall does not properly sanitize URL requests. Starting from the upnp/service directory on the firewall, it is possible for an unauthenticated user to traverse out of this directory using escaped character sequences. Submitting the following request to the firewall would retrieve the configuration file:
http://<ip-or-hostname>:<port>/upnp/service/%2e%2e%2fnetgear.cfg

This could allow an unauthenticated user to retrieve the firewall's configuration file and possibly other sensitive information.

This vulnerability was reported to affect firmware version 1.4 Beta 17. Other versions may also be affected.

8. Nethack Local Buffer Overflow Vulnerability BugTraq ID: 6806
Remote: No
Date Published: Feb 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6806
Summary:

Nethack is a game included with several distributions of Linux including RedHat Linux. It has been reported that Nethack fails to drop privileges, potentially resulting in privilege escalation.

A buffer overflow has been discovered in Nethack when invoked with the '-s' command line option. By passing an overly large string, consisting of at least 1000 characters, to the '-s' command line option of /usr/games/lib/nethackdir/nethack, it is possible to corrupt memory.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

By exploiting this issue it may be possible for an attacker to overwrite values in sensitive areas of memory, resulting in the execution of arbitrary attacker-supplied code.

Nethack distributed with RedHat Linux is shipped with setgid 'games' privileges. Successful exploitation would result in the escalation of privileges to the 'games' group, which could result in the corruption of saved game data, as well as storage consumption.

9. CryptoBuddy Predictable Encrypted Passphrase Weakness BugTraq ID: 6810
Remote: No
Date Published: Feb 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6810
Summary:

CryptoBuddy is security software designed to encrypt files. It is designed for use on Microsoft Windows operating systems.

It has been reported that the passphrase encryption algorithm employed by CryptoBuddy is weak. Specifically, the passphrase is broken into 4-byte blocks and then encrypted. Furthermore, the encryption algorithm used generates predictable ciphertext for specific 4-byte sequence of characters.

An attacker can exploit this weakness to build a dictionary of encrypted passphrases and use this to decrypt stolen files.

This vulnerability was reported for CryptoBuddy 1.2 and earlier.

1. Opera Username URI Warning Dialog Buffer Overflow Vulnerability BugTraq ID: 6811 Remote: Yes Date Published: Feb 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6811 Summary:

Opera is a web client available for a number of platforms including Unix and Linux variants, and Microsoft Windows operating systems.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

For security purposes, Opera will display a warning any time a user of the client visits a link containing a username as part of the URI. Bounds checking is not performed on the length of the username when it is copied into a local buffer for display in the warning message.

An excessively long username in a link will trigger a buffer overflow condition that may overwrite the stack frame of the affected function. Attackers may exploit this vulnerability to execute instructions on client systems. This condition may be exploited from a malicious webpage. Exploitation may occur through links, image tags, frames or other means.

This issue was reported for Opera on Microsoft Windows platforms. It is not known if other platforms are affected.

1. Gallery Insecure File Permissions Vulnerability BugTraq ID: 6809 Remote: No Date Published: Feb 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6809 Summary:

Gallery is a web based photo album written using PHP. Gallery is used to create and maintain albums of photos via a web-based interface.

A problem has been reported in the Gallery application. When creating 'temp' and 'albums' directories and managing image files, Gallery uses unsafe file permissions. Specifically, Gallery creates these folders with the same group and owner permissions of the web server.

As a result anyone who may have access to local web server resources may gain access to other users' Gallery albums.

This vulnerability could lead to local users obtaining unauthorized access to sensitive files by causing the web server to execute a malicious script.

This vulnerability was reported for Gallery version 1.3.3. It is not known if earlier versions are affected by this vulnerability.

1. CryptoBuddy Unused Encryption Passphrase Vulnerability BugTraq ID: 6812 Remote: No Date Published: Feb 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6812 Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

CryptoBuddy is security software designed to encrypt files. It is designed for use on the Microsoft Windows operating environment.

A vulnerability has been reported for CryptoBuddy that may result in attackers intercepting and decoding encrypted information. The vulnerability exists because CryptoBuddy does not use the user-supplied passphrase to encrypt files. Instead, the passphrase is encrypted and stored at a known offset in the encrypted file.

An attacker can exploit this vulnerability by creating an encrypted file and passphrase. By copying the encrypted passphrase at offset 0x120 to 0x15A to the same offset of any intercepted file, an attacker may be able to decrypt the target file using the modified passphrase.

Exploitation of this vulnerability may result in the disclosure of sensitive information. Any information obtained in this manner may be used by an attacker to launch other attacks on a vulnerable system or user.

Although it has not been confirmed, it is likely that the user-supplied passphrase stored in the file is prompted for and used to initiate the decryption of the file using the CryptoBuddy algorithm.

This vulnerability was reported for CryptoBuddy 1.2 and earlier.

1. CryptoBuddy Long Passphrase Truncation Weakness BugTraq ID: 6815 Remote: No Date Published: Feb 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6815 Summary:

CryptoBuddy is security software designed to encrypt files. It is designed for use on Microsoft Windows operating systems.

It has been reported that CryptoBuddy will truncate passphrases over 55 characters in length. Furthermore, bytes 53 to 55 of the passphrase are stored in plain text. This weakness employed by the encryption algorithm of CryptoBuddy may result in a user having a false sense of security.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for CryptoBuddy 1.2 and earlier.

1. Opera opera.PluginContext Native Method Buffer Overflow Vulnerability BugTraq ID: 6814 Remote: Yes Date Published: Feb 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6814 Summary:

Opera is a web client available for a number of platforms including Unix and Linux variants, and Microsoft Windows operating systems.

Opera ships with a trusted Java class ('opera.PluginContext') that includes a native method that is reportedly vulnerable to a buffer overflow condition. This issue exists in the 'showDocument' method of the 'opera.PluginContext' class. If a URL object containing a URL String of excessive length is passed to the method, the JVM and browser will crash. This may be due to a buffer overflow condition in the native method (native methods can be written in C).

This issue was reported in versions of Opera for Microsoft Windows operating systems. It is not known if other platforms are also affected. Java support must enabled for this issue to be present and can be disabled to prevent attacks.

1. Eset Software NOD32 Antivirus Local Buffer Overflow Vulnerability BugTraq ID: 6803 Remote: No Date Published: Feb 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6803 Summary:

Eset Software's NOD32 Antivirus System is a cross-platform anti-virus application. It is available for a variety of platforms including the Microsoft Windows, Linux, and BSD-derived operating systems.

A vulnerability has been discovered in NOD32 for the Linux and Unix platforms. Due to insufficient bounds checking a buffer overflow occurs when NOD32 processes file system paths of excessive length. Specifically, a path name containing 500, or more, bytes of data will trigger memory corruption.

This vulnerability could be exploited by coaxing a user to scan a malicious location with the NOD32 Antivirus software. When the path of excessive length is processed by NOD32, sensitive memory will be corrupted. By exploiting this issue to execute code it is possible run arbitrary commands with the privileges of the user running NOD32.

This issue affects NOD32 versions 1.012 and earlier.

1. Alt-N MDaemon/WorldClient Form2Raw Mail Header Spoofing Vulnerability BugTraq ID: 6816 Remote: Yes Date Published: Feb 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6816 Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

MDaemon is a mail server for Microsoft Windows operating systems. It includes WorldClient, which is a web-based email client.

Alt-N MDaemon/Worldclient is prone to a vulnerability which may enable a remote user to send mail with spoofed headers.

The WorldClient component of MDaemon contains a utility, 'Form2Raw.exe', which may be used to construct email from data submitted in a form. Remote users may submit a malicious form through the 'Form2Raw.exe' utility (accessible from the web through the 'Form2Raw.cgi' alias), which will cause mail with attacker-supplied headers to be sent via the mail server. Access to this utility is enabled in the default configuration.

As a result, the software may be abused by unauthorized users to send email to arbitrary hosts. Spammers may potentially exploit this issue to obscure the origin of a mass mailing.

1. Cedric Email Reader Global Configuration Script Remote File Include Vulnerability BugTraq ID: 6820 Remote: Yes Date Published: Feb 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6820 Summary:

Cedric Email Reader is a web mail application. It is implemented in PHP and available for Unix and Linux variants as well as Microsoft Windows operating systems.

It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include files located on remote servers. This issue is present in the 'emailreader_execute_on_each_page.inc.php' script.

Under some circumstances, it is possible for remote attackers to influence the include path for a configuration file to point to an external file on a remote server. The attacker may cause this to occur by submitting a path to an external file as the '$emailreader_ini' URI parameter.

If the remote file is a PHP script, this may be exploited to execute arbitrary system commands in the context of the web server.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has also been reported that it is possible to cause local files to be included, resulting in disclosure of webserver readable files to the attacker. This has not been confirmed.

1. Cedric Email Reader Skin Configuration Script Remote File Include Vulnerability BugTraq ID: 6818 Remote: Yes Date Published: Feb 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6818 Summary:

Cedric Email Reader is a web mail application. It is implemented in PHP and available for Unix and Linux variants as well as Microsoft Windows operating systems.

It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include files located on remote servers. This issue is present in the 'email.php' script.

Under some circumstances, it is possible for remote attackers to influence the include path for a configuration file to point to an external file on a remote server. The attacker may cause this to occur by submitting a path to an external file as the '$cer_skin' URI parameter.

If the remote file is a PHP script, this may be exploited to execute arbitrary system commands in the context of the web server.

It has also been reported that it is possible to cause local files to be included, resulting in disclosure of webserver readable files to the attacker. This has not been confirmed.

1. RARLAB FAR File Manager Buffer Overflow Vulnerability BugTraq ID: 6822 Remote: No Date Published: Feb 11 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6822 Summary:

FAR is a file manager developed for Microsoft Windows environments. It is developed by RARLAB.

A buffer overflow vulnerability has been reported for FAR that may result in a denial of service condition. The vulnerability exists due to insufficient bounds checking performed by FAR when parsing directory paths. Specifically, when FAR attempts to parse paths consisting of more than 260 characters it will crash.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A local attacker can exploit this vulnerability by nesting several folders such that the total length is greater than 260 characters. When an unsuspecting victim user attempts to view the contents of these folders, the buffer overflow condition is triggered and will result in FAR crashing.

20. Cisco IOS ICMP Redirect Routing Table Modification Vulnerability BugTraq ID: 6823
Remote: Yes
Date Published: Feb 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6823
Summary:

Internet Operating System (IOS) is the firmware used on Cisco routers. It is distributed and maintained by Cisco.

It has been reported that it is possible to make arbitrary remote modifications to the Cisco IOS routing table.

If IP routing is disabled on a vulnerable router, the router will accept malicious ICMP redirect packets and modify its routing table accordingly. ICMP redirect messages are normally sent to indicate inefficient routing, a new route or a routing change. An attacker may specify a default gateway on the local network that does not exist this would effectively deny service to any destination that is outside the local subnet. This vulnerability requires that IP routing be explicitly disabled on the system using an affected version of Cisco IOS, thus making the router a host on the network.

The attacker may also intercept network data by making routing table modifications to redirect network communications through the attacker's machine.

21. Ericsson HM220dp DSL Modem World Accessible Web Administration Interface Vulnerability BugTraq ID: 6824
Remote: Yes
Date Published: Feb 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6824
Summary:

The Ericsson HM220dp DSL Modem is a broadband modem used in homes and small office environments.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The modem uses a web interface to allow remote administration and configuration. This interface does not require users to authenticate in any way in order to access it. The modem also does not allow users to enable any form of authentication.

Remote attackers may connect to the interface and change configuration settings to render the modem unusable until it is reset or reconfigured.

22. APC apcupsd Client Syslog Format String Vulnerability BugTraq ID: 6828
Remote: Unknown
Date Published: Feb 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6828
Summary:

Apcupsd provides UPS power management under Linux and BSD systems for APC Products.

A vulnerability has been reported for apcupsd client that may result in an attacker obtaining elevated privileges on the vulnerable system.

The 'log_event' function in 'apclog.c' contains an insecure instance of a syslog() call. Due to this programming error, it may be possible to exploit a format string vulnerability in the apcupsd 'log_event' function.

When the program is invoked using the vulnerable function, it may be possible to exploit a format string vulnerability through the generation of a malicious log event that contains attacker-supplied format strings. In the event that this vulnerability is exploited, an attacker could cause arbitrary locations in memory to be corrupted with attacker-specified data and execute code with the privileges of the apcupsd user.

23. Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow Vulnerability BugTraq ID: 6829
Remote: No
Date Published: Feb 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6829
Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Microsoft Windows NT 4.0 and Windows 2000 use cmd.exe as their command interpreter.

There are reported problems in the Windows API that prevent paths containing more than 256 characters from being handled properly. The cd command in the command interpreter cmd.exe fails to handle these long paths properly, resulting in a denial of service to the cmd.exe session, or potential code execution.

On Windows NT 4.0 systems, if the cd command was issued to change to a directory whose name contained 200 characters (ie. C:\<200 A's>), followed by another cd command to change to a subdirectory containing 57 or more characters (ie. C:\<200 A's>\<57 B's>), cmd.exe would fail. This is reportedly caused by overflowing a buffer when the second cd command is issued. EIP may be overwritten, potentially allowing for code execution.

On Windows 2000 systems, using the cd command to change to the second directory would cause cmd.exe to become 'jailed' in that directory. Using the cd command (ie. cd..) will not be able to change the directory.

Automated scripts that traverse and preform operations on arbitrary directories are particularly vulnerable.

24. CGI Lite Perl Module Metacharacter Input Validation Vulnerability BugTraq ID: 6833
Remote: Yes
Date Published: Feb 11 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6833
Summary:

CGI Lite is a freely available Perl module that is used to decode form and query information, including file uploads and cookies.

A vulnerability has been reported in the escape_dangerous_chars() function, which is a part of the CGI Lite Perl module.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The function does not sufficiently sanitize all instances of potentially dangerous characters. As the end result, externally supplied input may not be adequately sanitized before being used in other Perl functions. This will create a false sense of security and may allow an attacker to execute arbitrary commands via a CGI program which depends on the vulnerable function.

The following characters are not sanitized by the function:

\, ?, ~, ^, \n, \r

If the function is used as part of a CGI application to sanitize externally supplied input before passing it to Perl functions such as system() or open(), it may be possible to execute commands on the underlying shell of the host. It should be noted that these other functions would need to be called in an unsafe manner for this issue to be exploited.

Commands executed as a consequence of exploiting this issue will be in the context of the webserver process.

25. HP-UX landiag/lanadmin Local Buffer Overflow Vulnerability BugTraq ID: 6834
Remote: No
Date Published: Feb 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6834
Summary:

A buffer overflow vulnerability has been reported for two utilities shipped with HP-UX systems. The vulnerabilities exist in the landiag and lanadmin programs.

The /usr/sbin/lanadmin program obsoletes the /usr/sbin/landiag program in newer versions of HP-UX systems. Both programs are used by administrators to administer and test LAN settings for network interface cards.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Although unconfirmed, a local attacker may be able to exploit these vulnerabilities to execute malicious attacker-supplied code with elevated privileges.

It should be noted that both the landiag and lanadmin programs are setuid binaries.

The precise technical nature of these vulnerabilities are currently unknown and this BID will be updated when further information is available.

26. HP-UX rpc.yppasswd Unspecified Buffer Overflow Vulnerability BugTraq ID: 6835
Remote: Yes
Date Published: Feb 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6835
Summary:

The implementation of rpc.yppasswd included with HP-UX may be prone to a buffer overflow vulnerability.

Exploitation of this vulnerability may result in a denial of service condition. As the rpc.yppasswd service is typically run with superuser privileges, this issue may be leveraged to obtain unauthorized privileged access.

The precise nature of this vulnerability is currently unknown however, this issue may be closely related to the vulnerability described in BID 2763. This BID will be updated as further information becomes available.

27. HP-UX stmkfont Unspecified Buffer Overflow Vulnerability BugTraq ID: 6836
Remote: No
Date Published: Feb 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6836
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A buffer overflow vulnerability has been reported in the stmkfont utility shipped with HP-UX systems. The utility, stmkfont, is a compiler designed to generate X and PCL fonts.

This utility has been obsoleted by the fstobdf utility in newer versions of HP-UX systems.

This vulnerability is also exacerbated by the fact that the stmkfont utility is a setuid binary. Although unconfirmed, this vulnerability may be exploited by an attacker to execute code with elevated privileges.

The precise technical nature of this vulnerability is currently unknown and this BID will be updated as further information becomes available.

28. HP-UX rs.F3000 Unspecified Unauthorized Access Vulnerability BugTraq ID: 6837
Remote: No
Date Published: Feb 12 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6837
Summary:

The rs.F3000 binary is prone to an issue that may allow attackers to obtain unauthorized access to a vulnerable system. The issue may also be exploited to cause a denial of service condition.

The issue with /usr/lib/X11/Xserver/ucode/screens/hp/rs.F3000 may result due to some permissions bits being set incorrectly. Exploitation of this vulnerability may result in the attacker obtaining privileges of the 'daemon' account.

Precise technical details of this issue are currently unknown. This BID will be updated as more information becomes available.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

III. SECURITYFOCUS NEWS AND COMMENTARY

1. Mitnick Banned From Security Group By Kevin Poulsen

The famous ex-hacker is a member of the world's largest not-for-profit computer security organization... for about two minutes.

http://online.securityfocus.com/news/2403

2. A Short History of Computer Viruses and Attacks By Brian Krebs, Washington Post

1. Rear Admiral Grace Murray Hopper discovers a moth trapped between relays in a Navy computer. She calls it a "bug," a term used since the late 19th century to refer to problems with electrical devices. Murray Hopper also coined the term "debugging" to describe efforts to fix computer problems.

http://online.securityfocus.com/news/2445

3. Make Love To Your IT Manager on Valentine's Day By John Leyden, The Register

Microsoft is appealing to computer users to save their IT Managers' heartache this Valentine's Day by...being vigilant and guarding against computer viruses.

http://online.securityfocus.com/news/2443

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. P2P virus fakes nude Zeta Jones pics
By John Leyden, The Register

A virus posing as racy pictures of Oscar-nominee Catherine Zeta Jones, or other well-known celebs, is doing the rounds on the Net. Users of file sharing networks are been lured into opening a file that promises compromising pictures of Catherine Zeta Jones and other celebrities such as Britney Spears, Sandra_Bullock and Sarah Michelle Gellar.

http://online.securityfocus.com/news/2422

IV. SECURITY FOCUS TOP 6 TOOLS

1. Intrusion Detection Exchange Architecture v1.0.1 by Ian Duffy Relevant URL: http://www.sourceforge.net/projects/idea-arch Platforms: Os Independent Summary:

IDEA is an architecture for implementing a distributed intrusion detection system on a computer network. It provides a way to incorporate many different IDS sensors into an architecture, and have them report to a central IDS server. This server collects, aggregates, and correlates data from the sensors, providing a unified view of network activity. By specifying an open API, many different clients can connect to the IDEA server and "subscribe" to the event notification service so that the client will be notified any time a new alert is received from any of the sensors.

2. trollhunter v0.7
by trollhunter project manager
Relevant URL:
http://trollhunter.sourceforge.net/
Platforms: Linux
Summary:

trollhunter offers various tools to either analyze existing logfiles or monitor firewall activity in real time. Currently standard log messages generated by a Linux 2.4 kernel netfilter/iptables firewall are supported. You can choose from a Perl/Tk interface or run in commandline standard ASCII color TTY terminal.

3. FWReport v1.0.1
by einhverfr
Relevant URL:
http://fwreport.sourceforge.net/
Platforms: Linux
Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

FWReport is a log parser and reporter for IPTables. It generates daily and monthy summaries of the log files, allowing the admin to free up substantial time, maintain better control over security of the network, and reduce unnoticed attacks.

4. CVS-SSH2 Plug-in for Eclipse v0.0.3
by ymnk ymnk@jcraft.com
Reloevant URL:
http://www.jcraft.com/eclipse-cvsssh2/
Platforms: Os Independent
Summary:

CVS-SSH2 Plug-in for Eclipse is an Eclipse plug-in to allow CVS access on an encrypted session by SSH2 protocol.

5. StatFreak v0.5.3 beta
by Pistos
Relevant URL:
http://www.catholicinfo.ca/statfreak/
Platforms: Linux, Solaris, SunOS, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

StatFreak is a Perl script which reads eggdrop and mIRC logs and outputs an XHTML file containing statistical information. StatFreak was created to appease the hunger of statistics fanatics around the world.

6. elfsign v0.1.0
by Matt Miller
Relevant URL:
http://www.hick.org
Platforms: N/A
Summary:

elfsign provides tools and an interface for signing and verifying ELF binary images with certificates. The functionality is similar to Microsoft's Authenticode technology in that binaries can be tagged with an owner as well as proof that they have not been modified or tampered with.

V. SECURITY JOBS SUMMARY

1. Seeking Full-time InfoSec Position (Thread) Relevant URL:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics