|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SecurityFocus Microsoft Newsletter #158
From: Marc Fossi (mfossi
securityfocus.com)
Date: Mon Oct 13 2003 - 17:00:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SecurityFocus Microsoft Newsletter #158
----------------------------------------
This Issue is Sponsored By: SecurityFocus staff
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Demonstrating ROI for Penetration Testing (Part Four)
2. SPECIAL ANNOUNCEMENT - RSS feeds
II. MICROSOFT VULNERABILITY SUMMARY
1. Gamespy 3d IRC Client Remote Buffer Overflow Vulnerability
2. Invision Power Board Insecure Permissions Vulnerability
3. IBM DB2 Remote LOAD Command Buffer Overrun Vulnerability
4. IBM DB2 Invoke Stored Procedure Buffer Overflow Vulnerabilit...
5. MPNews PRO Directory Traversal Information Disclosure Vulner...
6. Mutant Penguin MPWeb PRO Directory Traversal Vulnerability
7. Microsoft Windows PostThreadMessage() Arbitrary Process Kill...
8. EarthStation 5 Search Service Remote File Deletion Vulnerabi...
9. Microsoft Internet Explorer Absolute Position Block Denial O...
10. Microsoft Word Malformed Document Denial of Service Vulnerab...
11. Netscreen ScreenOS DHCP Packet Buffer Padding Information Le...
12. XShisen '-KCONV' Local Buffer Overflow Vulnerability
13. PrimeBase SQL Database Server Insecure Installation Temporar...
14. PrimeBase SQL Database Server Insecure Default Binary Permis...
15. JBoss HSQLDB Remote Command Injection Vulnerability
16. XShisen 'XSHISENLIB' Local Buffer Overflow Vulnerability
17. File Sharing Software Easy File Sharing Web Server Informati...
18. MiniHTTPServer File-Sharing for NET Forum HTML Injection Vul...
19. MiniHTTPServer WebForums Forum HTML Injection Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Windows 2000 Server hardening (Thread)
2. Tool for 026/ 039 (Thread)
3. SecurityFocus Microsoft Newsletter #157 (Thread)
4. MS03-040 MS Internet Explorer Cumulative Patch (Thread)
5. Wasn't someone looking for a Group Policy collection... (Thread)
6. R: Registry Settings for Group Policy Security Optio... (Thread)
7. Article Announcement: Linux vs. Windows Viruses (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. East-Tec Eraser 2003 v4.0
2. ZoneAlarm Pro 4.0
3. ActiveScout Enterprise
4. Immunity CANVAS
5. Password Creator Pro
6. Advanced Cisco Security Agent
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. COMbust v07.30.03
2. OpenSSL 0.9.7c
3. Glub Tech Secure FTP v2.0.10
4. mrtg v2.10.5
5. ACID-XML v1.0
6. borZoi v1.0.2
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Demonstrating ROI for Penetration Testing (Part Four)
By Marcia Wilson
The last article in this series discusses the Penetration Testing process
and makes final assertions about how ROSI (Return on Security Investment)
can be shown.
http://www.securityfocus.com/infocus/1736
2. SPECIAL ANNOUNCEMENT
SecurityFocus is pleased to announce the relaunch of our RSS feeds.
http://www.securityfocus.com/rss/index.shtml
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Gamespy 3d IRC Client Remote Buffer Overflow Vulnerability
BugTraq ID: 8734
Remote: Yes
Date Published: Sep 30 2003
Relevant URL: http://www.securityfocus.com/bid/8734
Summary:
Gamespy 3D is a Microsoft Windows based application used to find game
servers for various games. The software also has a built in IRC client
for chat and file sharing.
A vulnerability has been reported to exist in the Gamespy 3D IRC client
that may allow a remote attacker to gain unauthorized access by executing
arbitrary code on a vulnerable system. The condition is present due to
insufficient boundary checking.
It has been reported that during the connection process the IRC client
sends USER and NICK requests to the IRC server to receive the user
information. This process may lead to a buffer overflow condition if the
server responds to the request with a string that is larger than or equal
to 262 bytes. An attacker may leverage the issue by exploiting an
unbounded memory copy operation to overwrite the saved return address/base
pointer, causing the affected procedure to return to an address of their
choice.
Successful exploitation of this issue may allow an attacker to execute
arbitrary code in the context of the client in order to gain unauthorized
access to a vulnerable system.
Gamespy 3D versions 2.63015 and prior have been reported to be prone to
this issue, however other versions may be affected as well.
2. Invision Power Board Insecure Permissions Vulnerability
BugTraq ID: 8737
Remote: No
Date Published: Sep 30 2003
Relevant URL: http://www.securityfocus.com/bid/8737
Summary:
Invision Power Board is web forum software. It is implemented in PHP and
is available for Unix and Linux variants and Microsoft Windows operating
systems.
Invision Power Board has been reported prone to a configuration issue that
could allow attackers with local interactive access to modify Invision
Power Board '.php' source files. The issue has been reported to present
itself because Invision Power Board does not correctly set permissions on
folders during the installation process. Specifically all folders are
created with group write permissions. Any local user who is a member of
the same group as Invision Power Board may make modifications to Invision
Power Board source files.
A local attacker may exploit this condition to execute arbitrary code with
the privileges of the web server.
It should be noted that although this vulnerability has been reported to
affect Invision Power Board versions 1.1.1 and 1.1.2, other versions might
also be affected.
3. IBM DB2 Remote LOAD Command Buffer Overrun Vulnerability
BugTraq ID: 8742
Remote: Yes
Date Published: Oct 01 2003
Relevant URL: http://www.securityfocus.com/bid/8742
Summary:
IBM DB2 is a commercial relational database implementation that is
available for a number of operating systems including Microsoft Windows
and Unix/Linux variants.
IBM DB2 includes the LOAD command, which allows for data located in files,
pipes or devices to be stored within a database table. It has been
discovered that the application fails to carry out sufficient bounds
checking when handling the LOAD command.
An attacker with 'Connect' privileges could exploit this vulnerability
remotely, likely by passing excessive data as an argument to the LOAD
command. This would allow for sensitive stack variables adjacent to the
affected memory buffer to be overrun. An attacker could leverage this
memory corruption to influence the execution flow of IBM DB2, possibly
redirecting execution into a malicious payload.
All code executed in this manner will be run with the privileges of the
IBM DB2 process. This is typically the 'Administrators' group on Microsoft
Windows environments and either the 'db2as' or 'db2inst1' users on Linux
systems.
It should be noted that IBM has confirmed that the affected code is shared
amongst IBM DB2 v7 and v8, making both vulnerable to this condition.
4. IBM DB2 Invoke Stored Procedure Buffer Overflow Vulnerabilit...
BugTraq ID: 8743
Remote: Yes
Date Published: Oct 01 2003
Relevant URL: http://www.securityfocus.com/bid/8743
Summary:
DB2 is the database implementation maintained and distributed by IBM. It
is available for the UNIX, Linux, and Microsoft Windows platforms.
A problem in IBM DB2 has been reported when specific queries are passed to
the INVOKE stored procedure. Because of this, an attacker may be able to
gain unauthorized access to system resources.
The problem is in the checking of bounds on the INVOKE stored procedure.
By passing a maliciously crafted string to the procedure, it is possible
to overwrite sensitive regions of stack memory. An attacker could take
advantage of this issue to execute code at an arbitrary location in memory
with the privileges of the database process.
This problem has been reported to occur in version 7.2 for Microsoft
Windows only.
5. MPNews PRO Directory Traversal Information Disclosure Vulner...
BugTraq ID: 8744
Remote: Yes
Date Published: Oct 01 2003
Relevant URL: http://www.securityfocus.com/bid/8744
Summary:
MPNews PRO is a news server available for the Microsoft Windows operating
system.
It has been reported that MPNews PRO is prone to an information disclosure
vulnerability. The problem is believed to occur due to MPNews PRO failing
to sufficiently filter specific dot-dot-slash sequences (../).
Specifically, making a request for a file prefixed by a sequence of
"./../" may cause the request to be interpreted outside of the web root.
As a result, an attacker may be capable of viewing the contents of
arbitrary files on the local system.
Access to these files my expose sensitive information to the attacker that
could potentially be used in launching further attacks against the target
system.
6. Mutant Penguin MPWeb PRO Directory Traversal Vulnerability
BugTraq ID: 8745
Remote: Yes
Date Published: Oct 01 2003
Relevant URL: http://www.securityfocus.com/bid/8745
Summary:
Mutant Penguin MPWeb PRO is a Microsoft Windows based web server. It
allows users to create and host dynamic web sites.
A vulnerability has been reported to exist in the software that may allow
a remote attacker to traverse outside the server root directory in order
to access sensitive server readable files. The issue presents itself due
to insufficient sanitization of user-supplied input and may allow an
attacker to access unauthorized information by issuing '/./../' character
sequences.
This vulnerability may be successfully exploited to gain sensitive
information about a vulnerable host that could be used to launch further
attacks against the system.
MPWeb PRO version 1.1.2 has been reported to be affected by this issue,
however other versions may be vulnerable as well.
7. Microsoft Windows PostThreadMessage() Arbitrary Process Kill...
BugTraq ID: 8747
Remote: No
Date Published: Oct 02 2003
Relevant URL: http://www.securityfocus.com/bid/8747
Summary:
The Microsoft Windows operating system includes a wide variety of API
function calls. One such call is the PostThreadMessage() function, which
can be used to send a variety of messages to a specified thread. This
function will fail if the specified thread does not include a message
queue. A queue will only be created if the thread has issued a Win32 USER
or GDI function call.
Included in the various messages that can be sent to a process are the
WM_QUIT, WM_DESTROY, and WM_CLOSE messages. These messages are
specifically designed to notify a process that it should subsequently be
terminated.
It has been discovered that processes sent these messages fail to
sufficiently verify their origin, and proceed to terminate. As a result,
an unprivileged program running with the privileges of any local user may
be capable of sending one of the three messages to an arbitrary process
and cause it to terminate. This will occur no matter what security level
the target process may be running at. As mentioned above, the targeted
process must include a message queue at the time of exploitation.
This vulnerability could be exploited by a local attacker to disable
various security-related software designed to limit a local users ability
to carry out various actions. Other processes may also be targeted.
8. EarthStation 5 Search Service Remote File Deletion Vulnerabi...
BugTraq ID: 8753
Remote: Yes
Date Published: Oct 03 2003
Relevant URL: http://www.securityfocus.com/bid/8753
Summary:
EarthStation 5 is a peer-to-peer file sharing application for Microsoft
Windows platform.
A vulnerability has been reported to exist in the software that may allow
a remote attacker to delete arbitrary files on a vulnerable system. The
problem is reported to be caused by the software's "Search Service" packet
handler.
It has been reported that the vulnerability presents itself when an
attacker sends packet 0Ch and sub-function 07h to a client running the
vulnerable version of the software. This may allow the attacker to delete
any files shared by the vulnerable host. An attacker may also delete
sensitive files on the host by using a relative path such as
"..\..\..\WINDOWS\NOTEPAD.EXE". This attack would occur in the context of
the user running the vulnerable software.
Successful exploitation of this issue may allow a remote attacker to
delete arbitrary files on a vulnerable system, which could lead to a
denial of service.
It has also been reported that the software is prone to other denial of
service and buffer overflow vulnerabilities, however explicit details have
not been specified.
EarthStation 5 build 1266 and 2180 have been reported to be vulnerable to
this issue, however other versions may be affected as well.
9. Microsoft Internet Explorer Absolute Position Block Denial O...
BugTraq ID: 8758
Remote: Yes
Date Published: Oct 03 2003
Relevant URL: http://www.securityfocus.com/bid/8758
Summary:
A problem has been reported in Microsoft Internet Explorer when absolute
positioning is used. Because of this, it may be possible to deny service
to users of the browser.
When variables are created using the absolute position within a page and
an absolute positioned block is opened after an absolute positioned tag,
previously opened, hasn't been closed properly, the browser becomes
unstable. The issue may be due to memory corruption, though this is
conjecture and has not been confirmed. However, it is known that this
issue can reliably reproduce a denial of service attack.
This problem has also been reported to affect Microsoft Outlook, which may
indicate a problem in the HTML interpreting engine used by both products.
It has been reported that the exploit code for this issue may also cause
Eudora to crash. This may simply be due to Internet Explorer being set to
render HTML content for Eudora. This BID will be updated when more
information becomes available.
10. Microsoft Word Malformed Document Denial of Service Vulnerab...
BugTraq ID: 8761
Remote: Yes
Date Published: Oct 03 2003
Relevant URL: http://www.securityfocus.com/bid/8761
Summary:
Microsoft Word is a word processing software that is part of the Microsoft
Office suite and other Microsoft products.
A vulnerability has been reported to exist in Microsoft Word that may
allow an attacker to cause a denial of service condition in the software.
The problem may present itself if an attacker modifies a Word document and
corrupts its memory structure. If opened by a user, the malformed
document may cause the vulnerable software to crash. The software appears
to crash on a divide by zero operation, but there is also a possibility
that this could be exploited to corrupt process memory. Though
unconfirmed, this could result in execution of arbitrary code.
11. Netscreen ScreenOS DHCP Packet Buffer Padding Information Le...
BugTraq ID: 8762
Remote: Yes
Date Published: Oct 03 2003
Relevant URL: http://www.securityfocus.com/bid/8762
Summary:
NetScreen is a line of Internet security appliances integrating firewall,
VPN and traffic management features. ScreenOS is the software used to
manage and configure the firewall. NetScreen supports Microsoft Windows
95, 98, ME, NT and 2000 clients.
A vulnerability has been discovered in Netscreen ScreenOS when the
associated device is acting as a DHCP server. Appliances that are not
hosting DHCP services are not affected by this issue.
The problem specifically lies in that fact that the application fails to
re-initialize or zero out a specific memory buffer prior to using the
memory to generate DHCP response packets. It has been discovered that this
buffer may have previously been used to store HTTP management session
information.
An attacker could exploit this issue by making a DHCP request and
recording the sensitive data located within the packet. This could
ultimately expose encoded authentication credentials to the attacker that
could be used to launch further attacks against the appliance.
12. XShisen '-KCONV' Local Buffer Overflow Vulnerability
BugTraq ID: 8770
Remote: No
Date Published: Oct 06 2003
Relevant URL: http://www.securityfocus.com/bid/8770
Summary:
XShisen is a puzzle game that is played with 144 mahjong pieces. The
software runs on the Linux platform and a Microsoft Windows binary is
available as well.
It has been reported that XShisen is prone to a buffer overflow issue that
may allow an attacker to gain unauthorized access to a host running the
vulnerable software.
The problem is present due to improper handling of user-supplied data from
'-KCONV' command line parameter. A buffer overflow condition may be
caused by supplying more than 100 bytes of data. The conditions are
present due to insufficient boundary checking. An attacker may leverage
the issues by exploiting an unbounded memory copy operation to overwrite
the saved return address/base pointer, causing the affected procedures to
return to an address of their choice.
Successful exploitation may allow an attacker to ultimately execute
arbitrary code in the context of the user who is running the vulnerable
software in order to gain unauthorized access to a system.
XShisen version 1.51 has been reported to be prone to these issue however
other versions may be affected as well.
13. PrimeBase SQL Database Server Insecure Installation Temporar...
BugTraq ID: 8771
Remote: No
Date Published: Oct 06 2003
Relevant URL: http://www.securityfocus.com/bid/8771
Summary:
PrimeBase SQL Database Server is a database implementation that is
available for Unix/Linux variants as well as Microsoft Windows platforms.
PrimeBase SQL Database Server is reported to create temporary files in an
insecure manner during installation. A malicious local user could take
advantage of this issue to cause files to be corrupted during the initial
database installation. In particular, the following temporary file is
created during installation:
/tmp/PrimeBase.log
If a local attacker can anticipate the installation of PrimeBase, this
issue can be exploited by creating a symbolic link in place of the
temporary file that points to another file on the system. When the
PrimeBase database is installed by root, the file pointed to by the
symbolic link will be corrupted.
Exploitation could result in destruction of data. A potential for
privilege escalation attacks also exists if files can be corrupted with
custom data.
This issue was reported for PrimeBase running on Unix/Linux variants.
14. PrimeBase SQL Database Server Insecure Default Binary Permis...
BugTraq ID: 8772
Remote: No
Date Published: Oct 06 2003
Relevant URL: http://www.securityfocus.com/bid/8772
Summary:
PrimeBase SQL Database Server is a database implementation that is
available for Unix/Linux variants as well as Microsoft Windows platforms.
The PrimeBase SQL Database Server binary is installed with world-writeable
permissions by default. This binary is typically installed as
/usr/local/primebase. A local attacker could take advantage of this issue
to execute arbitrary code by replacing or modifying the binary,
potentially allowing for privilege escalation. If the binary is modified
or replaced, it will be executed when the database is restarted.
This issue was reported for PrimeBase running on Unix/Linux variants.
15. JBoss HSQLDB Remote Command Injection Vulnerability
BugTraq ID: 8773
Remote: Yes
Date Published: Oct 06 2003
Relevant URL: http://www.securityfocus.com/bid/8773
Summary:
JBoss is a freely available, open source Java Application server. It is
distributed and maintained by JBoss Group and is available for a number of
platforms including Microsoft Windows and Unix/Linux variants.
A remote command injection vulnerability has been reported in JBoss. The
issue is reportedly exposed via the HSQLDB component, which is a SQL
database server that manages JMS connections. A number of unspecified
flaws cause this condition, including programming errors in the sun.*
classes, logic errors in the org.apache.* classes of the JDK and the
default configuration settings. As a result, it is possible to pass
commands to the HSQLDB component via the port it listens on. It should be
noted that the port may vary between versions, by default it is 1701/TCP
for version 3.2.1 and 1476/TCP for 3.0.8.
It has been reported that this issue could be exploited to mount a number
of attacks, including execution of database commands, denial of service
attacks, log manipulation, information disclosure and execution of
operating system commands on some supported platforms.
This issue is reported to exist with JBoss 3.2.1/3.0.8 on any Java
1.4.x-enabled platforms. Other versions may be similarly affected.
The consequences may vary depending on the capabilities of the underlying
operating system, but it is believed that this could be exploited to
execute arbitrary operating system commands on Windows 2000 and XP
systems.
16. XShisen 'XSHISENLIB' Local Buffer Overflow Vulnerability
BugTraq ID: 8776
Remote: No
Date Published: Oct 06 2003
Relevant URL: http://www.securityfocus.com/bid/8776
Summary:
XShisen is a puzzle game that is played with 144 mahjong pieces. The
software runs on the Linux platform and a Microsoft Windows binary is
available as well.
It has been reported that XShisen is prone to a buffer overflow issue that
may allow an attacker to gain unauthorized access to a host running the
vulnerable software.
The problem present in 'XSHISENLIB' envrionment variable is due to
improper handling of user-supplied data. A buffer overflow condition may
be caused by supplying more than 100 bytes of data. The conditions are
present due to insufficient boundary checking. An attacker may leverage
the issues by exploiting an unbounded memory copy operation to overwrite
the saved return address/base pointer, causing the affected procedures to
return to an address of their choice.
Successful exploitation may allow an attacker to ultimately execute
arbitrary code in the context of the user who is running the vulnerable
software in order to gain unauthorized access to a system.
XShisen version 1.51 has been reported to be prone to these issue however
other versions may be affected as well.
17. File Sharing Software Easy File Sharing Web Server Informati...
BugTraq ID: 8777
Remote: Yes
Date Published: Oct 06 2003
Relevant URL: http://www.securityfocus.com/bid/8777
Summary:
File Sharing Software Easy File Sharing Web Server is an application
designed to provide peer-to-peer file sharing functionality for Microsoft
Windows platforms.
Easy File Sharing Web Server has been reported prone to an information
disclosure vulnerability. The issue presents itself due to insecure
default permissions set on folders that contain Easy File Sharing Web
Server log and configuration files. It has been reported that a remote
attacker may make a HTTP request for affected log and configuration files
and disclose potentially sensitive information contained therein.
Although this vulnerability has been reported to affect Easy File Sharing
Web Server version 1.2, previous versions may also be affected.
18. MiniHTTPServer File-Sharing for NET Forum HTML Injection Vul...
BugTraq ID: 8781
Remote: Yes
Date Published: Oct 06 2003
Relevant URL: http://www.securityfocus.com/bid/8781
Summary:
MiniHTTPServer File-Sharing for NET is a commercially available web server
mainly designed for file sharing. It is available for Microsoft Windows
operating systems.
File Sharing for NET has been reported prone to a HTML Injection
Vulnerability. The issue has been reported to exist in the Forum that
ships with the product. A malicious remote attacker may use the "Subject:"
and "Your message:" fields when creating a new forum post to inject
arbitrary HTML into dynamically generated content. This issue is due to a
lack of sufficient sanitization performed on the affected form fields.
An attacker may exploit this vulnerability to execute arbitrary HTML and
script code in the browser of an unsuspecting user who views the malicious
forum post. Code execution will occur in the context of the vulnerable
site. This issue may be exploited to steal cookie based credentials.
Other attacks are also possible.
It should be noted that although this vulnerability has been reported to
affect MiniHTTPServer File-Sharing for NET version 1.5, previous versions
might also be affected.
19. MiniHTTPServer WebForums Forum HTML Injection Vulnerability
BugTraq ID: 8782
Remote: Yes
Date Published: Oct 06 2003
Relevant URL: http://www.securityfocus.com/bid/8782
Summary:
MiniHTTPServer WebForums Server is a commercially-available HTTP server.
It is available for the Microsoft Windows platform.
MiniHTTPServer WebForums Forum has been reported prone to a HTML Injection
Vulnerability. A malicious remote attacker may use the "Subject:" field
when creating a new forum post to inject arbitrary HTML into dynamically
generated content. This issue is due to a lack of sufficient sanitization
performed on the affected form field.
An attacker may exploit this vulnerability to execute arbitrary HTML and
script code in the browser of an unsuspecting user who views the malicious
forum post. Code execution will occur in the context of the vulnerable
site. This issue may be exploited to steal cookie based credential. Other
attacks are also possible.
It should be noted that although this vulnerability has been reported to
affect MiniHTTPServer WebForums Forum version 1.5, previous versions might
also be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Windows 2000 Server hardening (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/341001
2. Tool for 026/ 039 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/341000
3. SecurityFocus Microsoft Newsletter #157 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/340419
4. MS03-040 MS Internet Explorer Cumulative Patch (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/340349
5. Wasn't someone looking for a Group Policy collection... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/340330
6. R: Registry Settings for Group Policy Security Optio... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/340104
7. Article Announcement: Linux vs. Windows Viruses (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/340103
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. East-Tec Eraser 2003 v4.0
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application
for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate
sensitive data from your computer and protect your computer and Internet
privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now
means wiping its contents beyond recovery, scrambling its name and dates
and finally removing it from disk. When you want to get rid of sensitive
files or folders beyond recovery, add them to the Eraser list of doomed
files and ask Eraser to do the job. Eraser offers tight integration with
the Windows shell, so you can drag files and folders from Explorer and
drop them in Eraser, or you can erase them directly from Explorer by
selecting Erase beyond recovery from the context menu.
2. ZoneAlarm Pro 4.0
By: Zone Labs
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.zonelabs.com
Summary:
Hackers lurk everywhere on the Internet, waiting for an "in" into your
personal and financial information. Even legitimate Web sites have
sophisticated methods of snooping, such as cookies that track your
identity and browsing habits. You need nothing less than the industry's
best protection?ZoneAlarm Pro. It offers you the award-winning firewall
that Zone Labs is famous for. Plus, it stops annoying and potentially
malicious cookies and pop-ups from invading your system.
3. ActiveScout Enterprise
By: ForeScout Technologies
Platforms: Linux, Solaris, Windows 2000, Windows 95/98, Windows NT
Relevant URL: http://www.forescout.com/enterprise.html
Summary:
ActiveScout Enterprises actively protects a network with multiple access
points. In addition to the identification of attackers and automatic
action to stop them, this solution offers full management capabilities,
from configuration and reporting, to the sharing of threat information
between multiple deployed scouts.
4. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to become
exploit developers.
5. Password Creator Pro
By: TransDigital Solutions
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: https://www.transdig.com/products/pcp/pcp.cfm
Summary:
Password Creator Professional is an extremely full featured password
generator utility for Windows.
6. Advanced Cisco Security Agent
By: Cisco Systems
Platforms: Solaris, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html
Summary:
The advanced Cisco Security Agent product provides threat protection for
server and desktop computing systems, also known as endpoints. The Cisco
Security Agent goes beyond conventional host and desktop security
solutions by identifying and preventing malicious behavior before it can
occur, thereby removing potential known and unknown ("Day Zero") security
risks that threaten enterprise networks and applications. The Cisco
Security Agent aggregates and extends multiple endpoint security functions
by providing host intrusion prevention, distributed firewall, malicious
mobile code protection, operating system integrity assurance, and audit
log consolidation all within a single agent package.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. COMbust v07.30.03
By: Frederic Bret-Mounet
Relevant URL: http://atstake.com/research/tools/vulnerability_scanning/
Platforms: Windows 2000, Windows XP
Summary:
COMbust is a tool for testing ActiveX/COM/DCOM components on the Windows
platform. It enumerates the interfaces provided by the components and uses
intelligent fuzzing to automatically exercise component functionality for
testing. It can quickly find security vulnerabilities due to improper
input validation.
2. OpenSSL 0.9.7c
By: The OpenSSL Project Team <opensslopenssl.org>
Relevant URL: http://www.openssl.org/
Platforms: UNIX, Windows NT
Summary:
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as
well as a full-strength general-purpose cryptography library.
3. Glub Tech Secure FTP v2.0.10
By: glub
Relevant URL: http://secureftp.glub.com
Platforms: MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows
XP
Summary:
Glub Tech Secure FTP is a command-line utility that allows FTP connections
to be made using SSL.
4. mrtg v2.10.5
By: Tobias Oetiker
Relevant URL: http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
Platforms: POSIX, Windows 2000, Windows NT
Summary:
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic
load on network-links. MRTG generates HTML pages containing GIF/PNG images
which provide a live visual representation of this traffic.
5. ACID-XML v1.0
By: Sleepy
Relevant URL: http://www.maximumunix.org/ACID-XML/
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, Windows 2000, Windows 95/98,
Windows XP
Summary:
ACID XML is a stand alone application that can read and parse snort
xml logs. It was inspired by ACID, but was designed so you can get up and
running quickly
with your logs rather than spending hours getting ACID requirments
together and
working.it uses QT and expat and it is fully open source.
6. borZoi v1.0.2
By: Anthony Mulcahy
Relevant URL: http://dragongate-technologies.com/products.html
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
borZoi is an elliptic curve cryptography library for developers who want a
simple means of adding privacy protection to their applications. Ease of
use and a minimum risk of security problems due to incorrect use are its
strong points.
VI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus staff
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about
network analyzers. Need to share problem information with colleagues that
do not read packets?
Download ClearSight Networks Analyzer and see a new network analysis tool
that makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_focus-ms_031006
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]