|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: SecurityFocus.com Newsletter #71
From: Stephen Entwisle (se
SECURITYFOCUS.COM)Date: Mon Dec 18 2000 - 10:55:59 CST
- Next message: Stephen Entwisle: "SecurityFocus.com Newsletter #72"
- Previous message: Stephen Entwisle: "SecurityFocus Newsletter #70"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SecurityFocus.com Newsletter #71
--------------------------------
This issue sponsored by: RSA Security
RSA Security: The Only Fully Interoperable PKI Solution.
PKI is driving the next wave of e-business. RSA Keon PKI issues and
manages digital certificates and trust - enabling you to securely deploy
apps that feature authentication, digital signatures and encryption. For
smooth implementation that's easy to use, you need interoperability. That
means you need RSA Keon PKI. Contact RSA Security at1-800-495-1095.
http://www.rsasecurity.com/go/keon
-------------------------------------------------------------------------
I. FRONT AND CENTER
1. The Crux of NT Security Phase Four: Network D - High
Availability, High Speed, High Security, (High Cost)
2. Linux Internet Kiosks
II. BUGTRAQ SUMMARY
1. SmartStuff FoolProof Security Program Restriction Bypass Vuln
2. ssldump Format String Vulnerability
3. University of Washington Pico File Overwrite Vulnerability
4. Roaring Penguin PPPoE Denial of Service Vulnerability
5. Multiple Oops Proxy Server Buffer Overflow Vulnerability
6. Microsoft IIS Far East Edition DBCS File Disclosure Vulnerability
7. Leif M. Wright everythingform.cgi Arbitrary Command Execution Vuln
8. Leif M. Wright simplestmail.cgi Remote Command Execution Vuln
9. Leif M. Wright ad.cgi Unchecked Input Vulnerability
10. SafeWord e.Id Trivial PIN Brute-Force Vulnerability
11. Leif M. Wright simplestguest.cgi Remote Command Execution Vuln
12. CoffeeCup FTP Clients Weak Password Encryption Vulnerability
13. Subscribe-Me Lite Administration Access Vulnerability
14. Alex Heiphetz Group EZShopper Directory Disclosure Vulnerability
15. Watchguard SOHO Firewall Fragmented IP Packet DoS Vulnerability
16. Watchguard SOHO Firewall Oversized GET Request DoS Vulnerability
17. Alt-N MDaemon 'Lock Server' Bypass Vulnerabiltiy
III. SECURITYFOCUS.COM NEWS ARTICLES
1. Microsoft Hacked in the Balkans
2. FTC Mulls Wireless Privacy
3. Cybercrime Still Horrible
IV.SECURITY FOCUS TOP 6 TOOLS
1. Openwall Linux kernel patch 2.2.18-ow1
2. Drall 1.3.4.0
3. Stealth Kernel Patch 2.2.18
4. ICQr Information 1,3
5. Stealth Activity Reporter
6. LinearC Beta
V. SECURITYJOBS LIST SUMMARY
1. Security Engineer - Philadelphia, PA - #246 (Thread)
2. 2 Security Engineer positions available in RTP, NC (Thread)
3. IT Security Engineer (Thread)
4. CERT Analysts Needed (Thread)
5. Security Consultant Job Opportunity-Toronto, Canada (Thread)
6. San Francisco Job Opportunity (Thread)
7. Looking for a job in the security field. (Thread)
8. Technical Trainer - Buffalo, NY (Thread)
VI. INCIDENTS LIST SUMMARY
1. [defaced] www.eeye.com by (Thread)
2. Fw: [defaced] www.eeye.com by (Thread)
3. More info regarding: std.pl, the rpc.statd linux mass rooter(Thread)
4. possible new tool: std.pl, the rpc.statd linux mass rooter (fwd)(Thread)
5. Strange scan/connection request (Thread)
6. weird DNS logs (Thread)
7. probes for port 27374 (ASP)? (Thread)
8. possible new tool: std.pl, the rpc.statd linux mass rooter(fwd)(Thread)
9. Administrivia (Thread)
10. Troyan in port 25 ??? (Thread)
11. sendmail attack? (Thread)
12. Scan of the Month - Two Exploits (Thread)
13. For the log file collectors (Thread)
14. Probes for 17746 (Thread)
15. possible new trojan (Thread)
16. Coordinated or Spoofed Scans (Thread)
17. FW: Event ID 644 (Thread)
18. could be slice? (Thread)
19. CGI Scans on web server (Thread)
20. New toolkit (maybe) (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Naptha - New DoS (Thread)
2. Router worm exploiting poor SNMP security. (Thread)
3. (U) Exploiting Poor SNMP Security (Thread)
4. Apple Mac DoS (Thread)
5. Scanning Web Proxy -- Preliminary Concept (Thread)
6. cross site scripting... is your site on this list (Thread)
7. cache cookie stuff (Thread)
8. is this a bug ? (Thread)
9. bind hack or just bein funny??? (Thread)
10. cross site exploits (Thread)
11. Naphta - Exploit? (Thread)
12. CLARIFICATION: bind hack or just bein funny??? (Thread)
13. OpenSSH Password Question (Thread)
14. lpd exploit? (Thread)
15. Linux sparc & GOT (Thread)
16. Winamp Crash (Thread)
17. winamp newline in id3v1 tags - hell with bugtraq (Thread)
18. lpd exploit (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
NB: No entries this week
IX. SUN FOCUS LIST SUMMARY
1. Solaris 8 and Windows NT... (Thread)
2. SEAM, KRB5 and phrase length (Thread)
3. Packages Installation (Thread)
4. rc*.d directories (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Network Topology / Security Questions (Thread)
2. Firewall (Thread)
3. OpenSSH and OPIE (Thread)
4. On auditing burgled systems (was Re: root exploits) (Thread)
5. root exploits (Thread)
6. SecurityFocus.com Linux Newsletter #8 (Thread)
XI. SPONSOR INFORMATION - RSA Security
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
I. FRONT AND CENTER
-------------------
1. The Crux of NT Security Phase Four: Network D - High Availability,
High Speed, High Security, (High Cost)
By Aaron Sullivan
This is the fourth in a series on NT security by Aaron Sullivan. In the
previous article, the author discussed secure network design three
common network configurations referred to as Networks A, B and C. This
article will discuss a last design, Network D, for those with more
performance and security demands, as well as a high availability
feature, and the additional budget required to implement it. The
article will examine issues surrounding implentation, strengths and
weaknesses of the network.
http://www.securityfocus.com/microsoft/nt/crux4.html
2.Linux Internet Kiosks
by Anton Chuvakin
Recently, the Federal Government of Costa Rica approved a plan to install
publicly-accessible terminals in post offices throughout the country that
will allow all citizens to use email and access the Internet. While the
benefits of such a plan are many and valuable, such a plan is not without
concerns. In addition to costs of overhead, maintenance and operations,
the security of information transmitted along public terminals would be a
major consideration. In this article by Anton Chuvakin, we will discuss
creating a viable system of Internet kiosks using RedHat Linux. This will
include discussion of how to implement such a system, and will also touch
upon some of the various aspects of security that one should consider when
implementing such a system.
http://www.securityfocus.com/focus/linux/articles/linkiosk.html
II. BUGTRAQ SUMMARY
-------------------
1. SmartStuff FoolProof Security Program Restriction Bypass Vulnerability
BugTraq ID: 2089
Remote: No
Date Published: 2000-12-09
Relevant URL:
http://www.securityfocus.com/bid/2089
Summary:
A vulnerability exists in SmartStuff's FoolProof Security for Windows
9x/Me.
The application, which is designed to restrict the executables which can
be run on a (usually public) workstation, can be circumvented by
downloading (ie, via FTP) and renaming a copy of the disallowed
executable.
As a result, a user can execute programs, such as format, fdisk, etc.,
which were not intended to be run on the affected system.
2. ssldump Format String Vulnerability
BugTraq ID: 2096
Remote: Yes
Date Published: 2000-12-11
Relevant URL:
http://www.securityfocus.com/bid/2096
Summary:
ssldump is a traffic analyzer for monitoring network traffic in real time.
It is written and maintained by Eric Rescorla. A problem exists which
could allow the arbitrary execution of code.
The problem exists in the ssldump handling of format strings. ssldump
requires elevated privileges to listen to traffic crossing the network
interface. While monitoring traffic, the encounter of format strings in a
URL will cause the program to segmentation fault. Potentially, this could
lead to the overwriting of stack variables and arbitrary execution of code
with administrative access, if exploited by a malicious user.
3. University of Washington Pico File Overwrite Vulnerability
BugTraq ID: 2097
Remote: No
Date Published: 2000-12-11
Relevant URL:
http://www.securityfocus.com/bid/2097
Summary:
A vulnerability exists in several versions of University of Washington's
Pico, a widely-distributed text editor shipped with most versions of Linux
/ Unix.
Under very specific circumstances, it is possible to cause this version of
Pico to overwrite arbitrary files with the privilege level of the victim
user.
As a result, if the attacker is able to correctly predict the name of the
editor's temporary file, the current contents of the editor can be written
to key system files or other data to which the user has write privileges.
Depending on the user's privilege level, this could have a range of
negative impacts on the host's security and operation.
Versions 3.8 and 4.3 of Pico have been confirmed vulnerable. Other
versions are likely affected as well.
4. Roaring Penguin PPPoE Denial of Service Vulnerability
BugTraq ID: 2098
Remote: Yes
Date Published: 2000-12-11
Relevant URL:
http://www.securityfocus.com/bid/2098
Summary:
Roaring Penguin Software's PPPoE is a freeware PPP over Ethernet client
often used by ADSL subscribers running Linux or NetBSD.
PPPoE contains a possibly remotely exploitable denial of service
vulnerability in its handling of TCP packets when the Clamp_MSS option is
used. If PPPoE recieves a malformed TCP packet with a "zero-length
option", PPPoE will go into an infinite loop. As a result, the ppp
connection being supported by PPPoE will time out and be terminated. A
manual re-start is needed to regain functionality.
This bug has been fixed by Roaring Penguin Software in a new version, see
the solutions section.
5. Multiple Oops Proxy Server Buffer Overflow Vulnerability
BugTraq ID: 2099
Remote: Yes
Date Published: 2000-12-11
Relevant URL:
http://www.securityfocus.com/bid/2099
Summary:
Oops is a freely available proxy server package, written by Igor Khasilev.
A problem exists in the package which could allow for the arbitrary
execution of code.
Multiple buffer overflows exist in this product. In one instance, it is
possible to make a request with numerous quotation marks (") in the
request, which are later translated to the html tag """. The
translation of this character makes it possible to overflow and
potentially execute code on the stack. This makes it possible for a
malicious user to execute code with the privileges of the user the proxy
server is operating as.
The secondary problem involves a buffer overflow in the DNS resolution
code. It is possible to create a stack based overflow by forcing the proxy
to attempt to resolve a long host/domain name. This makes it possible to
overwrite variables on the stack, and potentially execute arbitrary code.
It is possible for a malicious user to exploit this problem and execute
commands with the privileges inherited by the proxy server process.
6. Microsoft IIS Far East Edition DBCS File Disclosure Vulnerability
BugTraq ID: 2100
Remote: Yes
Date Published: 2000-12-13
Relevant URL:
http://www.securityfocus.com/bid/2100
Summary:
The Far East editions of Microsoft IIS do not properly validate HTTP
requests containing double-byte character sets (DBCS) which may lead to
the disclosure of files contained within the web root. The editions that
are affected include Traditional Chinese, Simplified Chinese, Japanese,
and Korean (Hangeul). This vulnerability affects IIS prior to SP6. The
problem was resolved with the release of SP6, however it has resurfaced in
IIS 5.0. Non-Far East editions of IIS such as English are not affected by
this vulnerability.
In the event that IIS Far East edition receives a HTTP request containing
a double-byte character in the filename, it will verify for the presence
of a lead-byte. If a lead-byte exists, IIS will proceed to check for a
trail-byte. If a trail-byte is not present, IIS will automatically drop
the lead-byte. Problems can arise due to the exclusion of the lead-byte
because it will result in the opening of a different file from the one
specified.
A malicious user may create a specially formed HTTP request containing
DBCS to retrieve the contents of files located inside the web root. This
may lead to the disclosure of sensitive information such as usernames and
passwords.
7. Leif M. Wright everythingform.cgi Arbitrary Command Execution Vuln
BugTraq ID: 2101
Remote: Yes
Date Published: 2000-12-11
Relevant URL:
http://www.securityfocus.com/bid/2101
Summary:
An input validation vulnerability exists in Leif M. Wright's
everything.cgi, a Perl-based form design tool.
The script fails to properly filter shell commands from user-supplied
input to the 'config' field.
As a result, the script can be made to run arbitrary shell commands with
the privilege of the web server.
8. Leif M. Wright simplestmail.cgi Remote Command Execution Vulnerability
BugTraq ID: 2102
Remote: Yes
Date Published: 2000-12-11
Relevant URL:
http://www.securityfocus.com/bid/2102
Summary:
A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script
designed to coordinate email responses from web forms.
An insecurely-structured call to the open() function leads to a failure to
properly filter shell metacharacters from user supplied input. As a
result, it is possible for an attacker to cause this script to execute
arbitrary shell commands with the privilege of the webserver.
9. Leif M. Wright ad.cgi Unchecked Input Vulnerability
BugTraq ID: 2103
Remote: Yes
Date Published: 2000-12-11
Relevant URL:
http://www.securityfocus.com/bid/2103
Summary:
ad.cgi is an ad rotation script freely available, and written by Leif
Wright. A problem exists in the script which may allow access to
restricted resources.
The problem occurs in the method in which the script checks input. Due to
insufficent validation of input, the script allows a user to execute
programs on the local system by making use of the FORM method. This makes
it possible for a malicious users to remotely execute commands on the
system with the priviledges inherited by the HTTPD process.
10. SafeWord e.Id Trivial PIN Brute-Force Vulnerability
BugTraq ID: 2105
Remote: No
Date Published: 2000-12-14
Relevant URL:
http://www.securityfocus.com/bid/2105
Summary:
An attacker that obtains access to the "sceiddb.pdb" file, part of Secure
Computing's e.iD Authenticator for Palm, can determine the user's PIN.
Problem Description:
Secure Computing's SafeWord is a system of authentication services that
supports among other authentication methods one-time password. The
one-time passwords are generated by the authenticating user via a hardware
or software token device from the users PIN number and a Token Key stored
in the device. During authentication, a user-generated one-time password,
or tokencode, is sent to the authentication server and the user is
authenticated if the tokencode was generated from a valid PIN and Token
Key. In this sort of authentication system, the security of the shard
secret (the user's PIN) is critical.
Secure Computing's e.iD Authenticator for Palm is a software token device
for the SafeWord system that runs on the Palm Pilot. e.iD Authenticator
for Palm uses a palm database (PDB) file called "sceiddb.pdb" containing
an encrypted version of the user's PIN as well as the Token Key.
The encrypted version of the user's PIN is used when the user attempts to
change his PIN. Before the PIN can be changed the user must enter their
current PIN. The entered PIN is encrypted and compared to the encrypted
PIN. If they don't match the device will display a warning and refuse to
change the PIN.
PINs are from 2 to 8 digits in length. The encrypted PIN is always 16
bytes. The encrypted PIN is found starting at address 0x7A to address 0x89
in the "sceiddb.pdb" file.
As Palm Pilot and related devices are considered general purpose platforms
and are not tamper-resistant devices there exist likely scenarios in which
an attacker may obtain access to the "sceiddb.pdb" file.
An attacker with access to the "sceiddb.pdb" file can obtain the user's
PIN by encrypting every possible 8 digit PINs and comparing them with the
encrypted PIN in the "sceiddb.pdb" file. > Stake has calculated the time
required to obtain different length PIN numbers using a Pentium III
450MHz:
PIN Length Time to calculate PIN
2 0.023 seconds
3 0.23 seconds
4 2.3 seconds
5 23.3 seconds
6 3.8 minutes
7 38.8 minutes
8 6.48 hours
Once a user's PIN has been obtained an attacker can generate a valid
tokencode if he can determine the most recent tokencode used by the user
to authenticate to the SafeWord system.
Scenarios:
The are a number of likely scenarios that can allow an attacker to obtain
access to the "sceiddb.pdb" file.
* If an attacker obtains access to the user's Palm device he can copy via
IrDA (infrared), or "beam", the "sceiddb.pdb" file. By default this file
does not have the "Beam Lock" protection bit set. This bit tells the
PalmOS not to allow the beaming of the file. But the "Beam Lock"
protection can be easily disabled.
* If an attacker obtains access to a computer the user uses to HotSync or
backup his Palm device the attacker may find a copy of the "sceiddb.pdb"
file. By default this file is configured not to be backed up. However,
some third party utilities may ignore this and back it up, the user may
have configured the file to be backed up, or the file may be pending
download into the Palm device.
The are also a number of likely scenarios that can allow an attacker to
obtain the most recent tokencode used by the user to authenticate to the
SafeWord system:
* The attacker may monitor the network and extract the tokencode from
non-encrypted authentication requests (e.g. telnet).
* The attacker may obtain access to the machine the user is entering the
tokencode in and read the keyboard output.
* The attacker may view the tokencode as it is being physically entered by
the user ("shoulder surfing").
11. Leif M. Wright simplestguest.cgi Remote Command Execution Vulnerability
BugTraq ID: 2106
Remote: Yes
Date Published: 2000-12-14
Relevant URL:
http://www.securityfocus.com/bid/2106
Summary:
A vulnerabiliy exists in Leif M. Wright's simplestguest.cgi, a script
designed to coordinate guestbook submissions from website visitors.
An insecurely call to the open() function leads to a failure to properly
filter shell metacharacters from user supplied input. As a result, it is
possible for an attacker to cause this script to execute arbitrary shell
commands with the privilege of the webserver.
12. CoffeeCup FTP Clients Weak Password Encryption Vulnerability
BugTraq ID: 2107
Remote: No
Date Published: 2000-12-14
Relevant URL:
http://www.securityfocus.com/bid/2107
Summary:
A vulnerability exists in the FTP clients CoffeCupt Direct and CoffeeCup
Free.
The clients use the file FTPServers.ini to store password information for
sites to which the client has been connected. The encryption method
designed to obfuscate these passwords can be easily defeated.
As a result, a malicious user able to read the FTPServers.ini will be able
to obtain the passwords to any of the stored FTP servers, compromising
their security.
13. Subscribe-Me Lite Administration Access Vulnerability
BugTraq ID: 2108
Remote: Yes
Date Published: 2000-12-14
Relevant URL:
http://www.securityfocus.com/bid/2108
Summary:
A vulnerability exists in certain versions of Subscribe-Me Lite, the
non-commercial version of a mailing list administration script from
cgiscriptcenter.com. Windows and Unix versions are affected.
It is possible for an attacker to obtain access to the script's
administration panel, and to delete arbitrary members from the mailing
lists supported by the vulnerable script.
Further technical details were not supplied in the original advisory.
14. Alex Heiphetz Group EZShopper Directory Disclosure Vulnerability
BugTraq ID: 2109
Remote: Yes
Date Published: 2000-12-13
Relevant URL:
http://www.securityfocus.com/bid/2109
Summary:
EZShopper is a perl-based E-Commerce software package offered by Alex
Heiphetz Group, Inc.
It is possible for a remote user to gain read access to various files that
reside within the EZShopper directory. By requesting a specially crafted
URL utilizing loadpage.cgi' application with a '/' appended, EZShopper
will disclose the contents within the EZShopper directory. As a result,
it is possible for an attacker to navigate into its subdirectories and
view any file.
Successful exploitation of this vulnerability could lead to the disclosure
of sensitive information and possibly assist in further attacks against
the victim.
15. Watchguard SOHO Firewall Fragmented IP Packet DoS Vulnerability
BugTraq ID: 2113
Remote: Yes
Date Published: 2000-12-14
Relevant URL:
http://www.securityfocus.com/bid/2113
Summary:
SOHO Firewall is an appliance firewall by Watchguard Technologies Inc.
designed for Small Office/Home Office users.
Sending a large number of fragmented IP packets to SOHO Firewall will
cause the service to drop network connections and cease packetforwarding.
Restarting SOHO Firewall is required in order to regain normal
functionality.
Successful exploitation of this vulnerability could assist in the
development of further attacks due to the elimination of a firewall
defense.
16. Watchguard SOHO Firewall Oversized GET Request DoS Vulnerability
BugTraq ID: 2114
Remote: Yes
Date Published: 2000-12-14
Relevant URL:
http://www.securityfocus.com/bid/2114
Summary:
SOHO Firewall is an appliance firewall by Watchguard Technologies Inc.
designed for Small Office/Home Office users.
SOHO Firewall is susceptible to a trivial denial of service attack.
Performing an overly long GET request to the web server component will
cause SOHO Firewall to crash. Restarting the service is required in order
to regain normal functionality. Watchguard has confirmed that this
vulnerability could not be implemented to launch arbitrary code.
Successful exploitation of this vulnerability could assist in the
development of further attacks due to the elimination of a firewall
defense.
17. Alt-N MDaemon 'Lock Server' Bypass Vulnerabiltiy
BugTraq ID: 2115
Remote: No
Date Published: 2000-12-14
Relevant URL:
http://www.securityfocus.com/bid/2115
Summary:
MDaemon is an email server which supports most common internet mail
protocols offered by Alt-N Technologies. As a security feature, MDaemon
allows administrators to "lock" the administrative console on the systems
desktop. If it is locked, a password is required for anyone wishing to use
the administrative console.
The implementation of this security feature is unfortunately flawed. By
simply clicking cancel and hitting the 'enter' key when the password
prompt is displayed, the user will gain entry to the MDaemon interface
with administrative privileges.
From this point, an attacker could modify the configuration of MDaemon,
possibly causing a denial of sevice provided by it or assisting some other
compromise.
III. SECURITYFOCUS.COM NEWS AND COMMENTARY
------------------------------------------
1. Microsoft Hacked in the Balkans
By John Leyden, The Register
A Microsoft Web site has been defaced in the latest of a string of attacks
that have called into question the ability of IT companies to keep their
systems secure.
The software giant's Slovenian site, www.microsoft.si, was sprayed with
pro-Linux graffiti by a hacker who gained control of the site, which is
hosted in the former Yugoslavian country. In a reference to Mark Renton's
famous speech at the beginning of the film Trainspotting, the site was
changed to feature a tirade that equated choosing Microsoft software to
being a moron.
http://www.securityfocus.com/templates/article.html?id=125
2. FTC Mulls Wireless Privacy
By Kevin Poulsen
Government-mandated technology capable of determining a cell
phone user's physical location dominated a daylong conference about
privacy and security issues in the wireless industry, hosted by the
Federal Trade Commission here Tuesday.
"It' a level of information that hasn't heretofore been available,"
acknowledged Michael Altschul, vice president of the Cellular
Telecommunications Industry Association.
Under rules adopted by the Federal Communications Commission, wireless
carriers will begin selling phones with the tracking technology by
December, 2001. The feature is intended to help 911 operators direct
police and paramedics to the location of cellular or PCS user when they
call for help.
http://www.securityfocus.com/templates/article.html?id=123
3. Cybercrime Treaty Still Horrible
By David Banisar
This week, the Council of Europe's Experts Group on Crime in Cyberspace is
meeting in Strasbourg, France to finalize the international Cybercrime
Convention. The experts should be proud of themselves. They have managed
in the course of the last eight months to resist the pernicious influence
of hundreds if not thousands of individual computer users, security
experts, civil liberties groups, Internet service providers, computer
companies and others outside of their select circle of law enforcement
representatives who wrote, faxed and emailed their concerns about the
treaty.
http://www.securityfocus.com/templates/article.html?id=124
IV.SECURITY FOCUS TOP 6 TOOLS
-----------------------------
1. Openwall Linux kernel patch 2.2.18-ow1
(Linux)
by Solar Designer (solarfalse.com)
Relevant URL: http://www.openwall.com/linux
The Openwall Linux kernel patch is a collection of security "hardening"
features for the Linux kernel. In addition to the new features, some
versions of the patch contain various security fixes. The "hardening"
features of the patch, while not a complete method of protection, provide
an extra layer of security against the easier ways to exploit certain
classes of vulnerabilities and/or reduce the impact of those
vulnerabilities. The patch can also add a little bit more privacy to the
system by restricting access to parts of /proc so that users may not see
what others are doing.
2. Drall 1.3.4.0
(Linux and Perl)
by Henrik Edlund (henrikedlund.org)
Relevant URL: http://www.edlund.org/hacks/drall/index.html
Drall is a script which allows users to access their directories and files
remotely without the need of using insecure FTP and telnet. It enables the
user to treat the remote file system as if it was on their local hard disk
trough a normal web browser. The interface resembles the well known Norton
Commander (of DOS fame) and Midnight Commander (of UNIX fame). A
dual-frame interface makes it easy to see an overview of the file system
and the modular design means you only use the features you need. Drall is
written in Perl for easy customization and expansion.
3. Stealth Kernel Patch 2.2.18
(Linux)
by Robert Salizar (madcamelenergymech.net)
Relevant URL: http://www.energymech.net/madcamel/fm/
Stealth IP Stack is a kernel patch for Linux 2.2.18 which makes your
machine almost invisable on the network without impeding normal network
operation. Many denial of service attacks, such as stream, are much less
effective with this patch installed, and port scanners slow to a crawl. It
works by restricting TCP RST packets (no "Connection Refused"),
restricting ICMP_UNREACH on UDP (Prevents UDP portscans), and restricting
all ICMP and IGMP requests. A sysctl interface is used so these features
can be turned on and off on the fly.
4. ICQr Information 1,3
(Windows 2000, Windows 95/98 and Windows NT)
by Moritz Bartl
reads out information stored in ICQ 99a, 99b and 2000a .DAT files,
including user passwords, personal information (such as address) and even
deleted contacts.
5. Stealth Activity Reporter
(Windows 2000, Windows 95/98 and Windows NT)
by Peter Zierl
Relevant URL: http://www.securityfocus.com/tools/1862
Do you want to know what is going on on your PC while you are absent?
Stealth Activity Reporter (STAR) is the solution. STAR is a easy to use
tool to monitor the use/abuse of PCs: It logs keystrokes, user name,
passwords, visited URLS, path names, access times and windows title of the
active application. The information is stored in an encrypted text file.
In the stealth mode STAR does NOT show up in the system tray, task bar or
task list! You can also invisibly email your log file via SMTP/POP3 email
accounts.
The logging engine itself is a powerful small application that runs
invisibly in the background, and you will not notice at all that this
application runs on your PC.
6. LinearC Beta
(FreeBSD, Linux, MacOS, Windows 2000, Windows 95/98 and Windows
NT)
by KPL
Relevant URL: http://linearc.kplab.com/download.html
KPL, or Knowledge Propulsion Laboratory, has opened beta testing for
LinearC, a privacy-protecting filtering proxy. LinearC was first announced
at Toorcon Security Expo in a talk by KPL's Chief Scientist.
Privacy vulnerabilities relating to the :CueCat, images loaded through FTP
and others are taken care of. In addition, cookies are stored on the proxy
and easily expired or deleted.
V. SECURITY JOBS SUMMARY
------------------------
1. Security Engineer - Philadelphia, PA - #246 (Thread)
Relevant URL:
2. 2 Security Engineer positions available in RTP, NC (Thread)
Relevant URL:
3. IT Security Engineer (Thread)
Relevant URL:
4. CERT Analysts Needed (Thread)
Relevant URL:
5. Security Consultant Job Opportunity-Silicon Valley North-Toronto, Canada (Thread)
Relevant URL:
6. San Francisco Job Opportunity (Thread)
Relevant URL:
7. Looking for a job in the security field. (Thread)
Relevant URL:
8. Technical Trainer - Buffalo, NY (Thread)
Relevant URL:
VI. INCIDENTS LIST SUMMARY
-------------------------
1. [defaced] www.eeye.com by (Thread)
Relevant URL:
2. Fw: [defaced] www.eeye.com by (Thread)
Relevant URL:
int1.telenor.cz">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-12-16%26thread%3d004a01c0668c$23580700$dec92f86int1.telenor.cz
3. More info regarding: std.pl, the rpc.statd linux mass rooter (Thread)
Relevant URL:
4. possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) (Thread)
Relevant URL:
5. Strange scan/connection request (Thread)
Relevant URL:
6. weird DNS logs (Thread)
Relevant URL:
7. probes for port 27374 (ASP)? (Thread)
Relevant URL:
8. possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) (Thread)
Relevant URL:
9. Administrivia (Thread)
Relevant URL:
10. Troyan in port 25 ??? (Thread)
Relevant URL:
11. sendmail attack? (Thread)
Relevant URL:
12. Scan of the Month - Two Exploits (Thread)
Relevant URL:
spokn1.wa.home.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-12-16%26thread%3d00a501c065b4$2b754c00$1e01a8c0spokn1.wa.home.com
13. For the log file collectors (Thread)
Relevant URL:
14. Probes for 17746 (Thread)
Relevant URL:
15. possible new trojan (Thread)
Relevant URL:
16. Coordinated or Spoofed Scans (Thread)
Relevant URL:
17. FW: Event ID 644 (Thread)
Relevant URL:
18. could be slice? (Thread)
Relevant URL:
19. CGI Scans on web server (Thread)
Relevant URL:
20. New toolkit (maybe) (Thread)
Relevant URL:
VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------
1. Naptha - New DoS (Thread)
Relevant URL:
2. Router worm exploiting poor SNMP security. (Thread)
Relevant URL:
3. (U) Exploiting Poor SNMP Security (Thread)
Relevant URL:
na.cisco.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2000-12-16%26thread%3d03fc01c06690$a45101f0$1900010ana.cisco.com
4. Apple Mac DoS (Thread)
Relevant URL:
5. Scanning Web Proxy -- Preliminary Concept (Thread)
Relevant URL:
6. cross site scripting... is your site on this list (Thread)
Relevant URL:
7. cache cookie stuff (Thread)
Relevant URL:
8. is this a bug ? (Thread)
Relevant URL:
9. bind hack or just bein funny??? (Thread)
Relevant URL:
10. cross site exploits (Thread)
Relevant URL:
11. Naphta - Exploit? (Thread)
Relevant URL:
12. CLARIFICATION: bind hack or just bein funny??? (Thread)
Relevant URL:
13. OpenSSH Password Question (Thread)
Relevant URL:
14. lpd exploit? (Thread)
Relevant URL:
15. Linux sparc & GOT (Thread)
Relevant URL:
16. Winamp Crash (Thread)
Relevant URL:
17. winamp newline in id3v1 tags - hell with bugtraq (Thread)
Relevant URL:
18. lpd exploit (Thread)
Relevant URL:
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
No Entries This Week
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. Solaris 8 and Windows NT... (Thread)
Relevant URL:
2. SEAM, KRB5 and phrase length (Thread)
Relevant URL:
3. Packages Installation (Thread)
Relevant URL:
4. rc*.d directories (Thread)
Relevant URL:
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Network Topology / Security Questions (Thread)
Relevant URL:
outpost.net.au">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2000-12-16%26thread%3d007c01c064b7$cdec92c0$c81a0c3doutpost.net.au
2. Firewall (Thread)
Relevant URL:
3. OpenSSH and OPIE (Thread)
Relevant URL:
4. On auditing burgled systems (was Re: root exploits) (Thread)
Relevant URL:
5. root exploits (Thread)
Relevant URL:
6. SecurityFocus.com Linux Newsletter #8 (Thread)
Relevant URL:
XI. SPONSOR INFORMATION - RSA Security
--------------------------------------
RSA Security: The Only Fully Interoperable PKI Solution.
PKI is driving the next wave of e-business. RSA Keon PKI issues and
manages digital certificates and trust - enabling you to securely deploy
apps that feature authentication, digital signatures and encryption. For
smooth implementation that's easy to use, you need interoperability. That
means you need RSA Keon PKI. Contact RSA Security at1-800-495-1095.
http://www.rsasecurity.com/go/keon
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
-------------------------------------
1. How do I subscribe?
Send an e-mail message to LISTSERVSECURITYFOCUS.COM with a message body
of:
SUBSCRIBE SF-NEWS Lastname, Firstname
You will receive a confirmation request message to which you will have
to anwser.
2. How do I unsubscribe?
Send an e-mail message to LISTSERVSECURITYFOCUS.COM from the subscribed
address with a message body of:
UNSUBSCRIBE SF-NEWS
If your email address has changed email aleph1securityfocus.com and I
will manualy remove you.
3. How do I disable mail delivery temporarily?
If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:
SET SF-NEWS NOMAIL
To turn back on e-mail delivery use the command:
SET SF-NEWS MAIL
4. Is the list available in a digest format?
Yes. The digest generated once a day.
5. How do I subscribe to the digest?
To subscribe to the digest join the list normally (see section 0.2.1)
and then send a message to LISTSERVSECURITYFOCUS.COM with with a message
body of:
SET SF-NEWS DIGEST
6. How do I unsubscribe from the digest?
To turn the digest off send a message to LISTSERV with a message body
of:
SET SF-NEWS NODIGEST
If you want to unsubscribe from the list completely follow the
instructions of section 0.2.2 next.
7. I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from
which you are sending commands to LISTSERV from. Either send email from
the appropiate address or email the moderator to be unsubscribed manually.
- Next message: Stephen Entwisle: "SecurityFocus.com Newsletter #72"
- Previous message: Stephen Entwisle: "SecurityFocus Newsletter #70"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]