|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: SecurityFocus.com Newsletter #72
From: Stephen Entwisle (se
SECURITYFOCUS.COM)Date: Tue Dec 26 2000 - 11:36:32 CST
- Previous message: Stephen Entwisle: "SecurityFocus.com Newsletter #71"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SecurityFocus.com Newsletter # 72
---------------------------------
I. FRONT AND CENTER
1. Solaris Kernel Tuning for Security
II. BUGTRAQ SUMMARY
1. BSD ftpd Single Byte Buffer Overflow Vulnerability
2. Sonata Local Arbitrary Command Excution Vulnerability
3. Solaris patchadd Race Condition Vulnerability
4. Stunnel Local Arbitrary Command Execution Vulnerability
5. FreeBSD procfs Access Control Vulnerability
6. FreeBSD procfs Denial of Service Vulnerability
7. FreeBSD procfs jail Breaking Vulnerability
8. Windows 2000 Directory Services Restore Mode Blank Password Vuln
9. Alt-N MDaemon 3.5.0 Denial of Service Vulnerability
10. Nano Local File Overwrite Vulnerability
11. Stunnel Weak Encryption Vulnerability
12. BEA WebLogic Server Double Dot Buffer Overflow Vulnerability
13. Itetris Privileged Arbitrary Command Execution Vulnerability
14. Infinite InterChange Denial of Service Vulnerability
15. GnuPG Detached Signature Verification False-Positive Vulnerability
16. Microsoft IIS Front Page Server Extension DoS Vulnerability
17. Korn Shell Redirection Race Condition Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
1. Cable Crypto Coming
2. Port Scans Legal, Judge Says
3. How Carnivore Works
IV.SECURITY FOCUS TOP 6 TOOLS
1. Big Brother 1.6
2. stunnel 3.10
3. Saint Jude 0.0.7
4. Ensuredmail v1.4
5. E-Lock Reader 4.0
6. Sysmon 0.90.11
V. SECURITYJOBS LIST SUMMARY
1. Great Security Engineering Opportunity (Thread)
2. Net Security Specialist Resume (VA) (Thread)
3. IS Position with a security focus (Thread)
4. looking for a security team (Thread)
5. Reposting SecurityJobs Content (Thread)
6. Security - Staff Engineer, Software (Thread)
7. Please Post (Thread)
8. Seeking opportunities (Thread)
9. WireLess Security Vulnerability Experts (NorthEast) (Thread)
VI. INCIDENTS LIST SUMMARY
1. DNS Scanning for blocking (Thread)
2. Out of Office Messages (Thread)
3. New trojan running in port 12345? (Thread)
4. Unknown web log entry - new FrontPage exploit? (Thread)
5. Happy Holidays (Thread)
6. .rpc_door, what is that? (Thread)
7. udp port 500 scans (Thread)
8. Source of Recent Distributed Pings (Thread)
9. Strange packets (Thread)
10. Christmas Eve packet (Thread)
11. Ether Broadcast (Thread)
12. Which exploit-tool is this? (Thread)
13. [CyberAbuse] New trojan, Magisterium (Thread)
14. Postmaster notify: User unknown (Thread)
15. FW: Postmaster notify: User unknown (Thread)
16. Port Scans are Legal (Thread)
17. What is a crime, WAS RE: Port Scans are Legal (Thread)
18. Netbios name scans (Thread)
19. Remote buffer overflow in Darwin server? (Thread)
20. Strange Scan (Thread)
21. Linux - Possible trojan or other? (fwd) (Thread)
22. CERT policy is not to distribute exploits Re: More info...(Thread)
23. CERT disclosure policy Re: More info regarding: std.pl...(Thread)
24. Probes for 17746 (Thread)
25. could be slice? (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Proxy stuff (Thread)
2. EMC Symmetrix SAN (Thread)
3. The NSA's Security-Enhanced Linux (Thread)
4. GATEWAY ? (Thread)
5. Scanning Web Proxy -- Preliminary Concept (Thread)
6. Overwriting ELF .dtors section to modify program execution (Thread)
7. Checkpoint' Securemote & Secureclient vuls? (Thread)
8. Bug, possible hole in nslookup, various operating systems (Thread)
9. Bug, probable DoS in http connection or just paranoia? (Thread)
10. (U) Exploiting Poor SNMP Security (Thread)
11. Router worm exploiting poor SNMP security. (Thread)
12. Apple Mac DoS (Thread)
13. cross site exploits (Thread)
14. Palm Bean Lock feature (Thread)
15. cross site scripting... is your site on this list (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. IIS/NT logging (Thread)
2. Disabling NetBIOS and IIS (Thread)
3. NTLM AND WAP (Thread)
4. tcp wrappers (Thread)
5. Microsoft Outlook 2000 9.0.0.2711 Plain Text Passwords (Thread)
6. Windows NT 4.0 SCP (Thread)
7. NT encryption (Thread)
8. Port 27374 (Thread)
9. Securing NT in a shared web hosting environment. (Thread)
10. Microsoft Internet Security and Acceleration (ISA)...(Thread)
11. Security Events (Thread)
12. Trapping NT Events in real-time (Thread)
13. Administriviapology (Thread)
14. Microsoft Internet Security and Acceleration (ISA) Server 2000 (Thread)
15. NT protected storage system... (Thread)
16. Foxing NetCraft.com (Thread)
17. SecurityFocus.com Microsoft Newsletter #13 (Thread)
IX. SUN FOCUS LIST SUMMARY
1. rstchown kernel setting (Thread)
2. SEAM, KRB5 and phrase length (Thread)
3. Solaris 8 and Windows NT... (Thread)
X. LINUX FOCUS LIST SUMMARY
1. Firewall (Thread)
2. ipfwadm or ipchains? (Thread)
3. Help requested: unable to see any logs from ipchains... (Thread)
4. Help requested: unable to see any logs from ipchains... (Thread)
XI. SUBSCRIBE/UNSUBSCRIBE INFORMATION
I. FRONT AND CENTER
-------------------
1. Solaris Kernel Tuning for Security
by Ido Dubrawsky
The Solaris kernel provides a great deal of user-configurable control over
the system TCP/IP stack. Everything from cache table lifetimes to the
number of TCP connections that the system can address are controllable.
However, without understanding the underlying need for tuning these kernel
parameters, many system administrators choose to ignore them - thereby
leaving their systems vulnerable to a resourceful assailant. This article
by Ido Dubrawsky discusses the ways in which these parameters can be
adjusted to strengthen the security posture of a system.
http://www.securityfocus.com/focus/sun/articles/kernel.html
II. BUGTRAQ SUMMARY
-------------------
1. BSD ftpd Single Byte Buffer Overflow Vulnerability
BugTraq ID: 2124
Remote: Yes
Date Published: 2000-12-18
Relevant URL:
http://www.securityfocus.com/bid/2124
Summary:
The ftp daemon derived from 4.x BSD source contains a serious
vulnerability that may compromise root access.
There exists a one byte overflow in the replydirname() function. The
overflow condition is due to an off-by-one bug that allows an attacker to
write a null byte beyond the boundaries of a local buffer and over the
lowest byte of the saved base pointer.
As a result, the numerical value of the pointer decreases (and it thus
points to a higher location (or lower address) on the stack than it
should) and when the replydirname() function returns, the modified saved
base pointer is stored in the base pointer register. When the calling
function returns, the return address is read from an offset of where the
base pointer points to. With the last byte of the base pointer zero, this
will be a location other than where it should be.
If this region of the stack is under the control of the attacker, such as
the local variable which contained the extra byte in the first place, an
arbitrary address can be placed there that will be used as the saved
return address by the function.
This is the case in ftpd. It is possible for an attacker to force the ftp
daemon to look in user-supplied data for a return address and then execute
instructions at the location as root.
This vulnerability can be exploited on systems supporting anonymous ftp if
a writeable directory exists (such as an "incoming" directory). This is
rarely in place by default.
It should noted that OpenBSD ships with ftp disabled, though it is an
extremely commonly used service.
2. Sonata Local Arbitrary Command Excution Vulnerability
BugTraq ID: 2125
Remote: No
Date Published: 2000-12-18
Relevant URL:
http://www.securityfocus.com/bid/2125
Summary:
Users of Sonata, a voice conferencing switch from Voyant Technologies, may
be vulnerable to a local compromise of root privileges.
Sonata comes with a program installed setuid root that will execute
supplied arguments. As installed, it is exectuable by all users. As a
result, host security can be readily compromised by a malicious local
user.
3. Solaris patchadd Race Condition Vulnerability
BugTraq ID: 2127
Remote: No
Date Published: 2000-12-18
Relevant URL:
http://www.securityfocus.com/bid/2127
Summary:
patchadd is the patch management tool included with the Solaris Operating
Environment, distributed by Sun Microsystems. A problem exists which could
allow a user to corrupt or append system files.
The problem exists in the creation of /tmp files by patchadd. patchadd
creates a variety of files in /tmp while installing the patches on the
operating system. The files created in /tmp are mode 0666, and are created
with the extension sh<pid of patchadd>.1, sh<pid of patchadd>.2, and so
on. Running the program requires administrative access. It is possible to
brute force guess the pid of patchadd, and create files in the /tmp
directory that are symbolic links to sensitive system files. It is
therefore possible for a user with malicious intent to gain elevated
privileges, corrupt system files, or execute arbitrary commands.
4. Stunnel Local Arbitrary Command Execution Vulnerability
BugTraq ID: 2128
Remote: No
Date Published: 2000-12-18
Relevant URL:
http://www.securityfocus.com/bid/2128
Summary:
Stunnel is an SSL encryption wrapper by Michal Trojnara. It is available
for a number of platforms including FreeBSD, Debian Linux and RedHat
Linux.
Insecurely-structured calls to syslog() found in certain versions of
Stunnel (prior to version 3.9) pass user-supplied data to the syslog()
function in such a way that maliciously embedded format specifiers in this
data can cause the process to overwrite sections of its own memory with
arbitrary data.
This user-supplied data is obtained from an identd server of a connecting
host. If an attacker controls an ident server, an arbitrary username value
containing malicious format specifiers can be sent to Stunnel.
This string would then be passed as part of the format string for the
syslog() function, where the format specifiers would be interpreted.
This can lead to remote access being gained by the attacker on the target
host with privileges of Stunnel, which can be required to run as root.
5. FreeBSD procfs Access Control Vulnerability
BugTraq ID: 2130
Remote: No
Date Published: 2000-12-18
Relevant URL:
http://www.securityfocus.com/bid/2130
Summary:
procfs is part of the FreeBSD Operating System, maintained by the FreeBSD
Project. A problem exists which could allow a user to gain elevated
privileges.
The problem occurs in the handling of access control in the
/proc/<pid>/mem and /proc/<pid>/ctl files. These files provide access to
process address space, making it possible to alter the operations of
running processes. Abusing the weakness in /proc/<pid>/mem, one could
fork() a process from a running process and use it to execute a setuid
program. After the execution of the program, the user forking the process
still retains read/write access to the memory space, and could use this
for the execution of arbitrary code or commands. Therefore, it is possible
for a user with malicious intent to abuse this weakness to gain elevated
privileges, and potentially administrative privileges.
6. FreeBSD procfs Denial of Service Vulnerability
BugTraq ID: 2131
Remote: No
Date Published: 2000-12-18
Relevant URL:
http://www.securityfocus.com/bid/2131
Summary:
procfs is the Process Filesystem, a file system interface to the process
table included with the FreeBSD Operating System. A problem exists which
could allow a local user to deny service to legitimate users of a FreeBSD
Server.
The problem occurs in the handling of /proc/<process id>/mem files. It is
possible to launch a process which executes an mmap() system call and maps
the memory address of it's own memory address space, as defined in
/proc/<process id>mem. By doing so, the kernel enters an infinite loop and
hangs, requiring a system reboot at the console. This problem with design
makes it possible for a local user with malicious intent to crash the
system, thus denying service to legitimate users.
7. FreeBSD procfs jail Breaking Vulnerability
BugTraq ID: 2132
Remote: No
Date Published: 2000-12-18
Relevant URL:
http://www.securityfocus.com/bid/2132
Summary:
procfs is the filesystem interface to the process table in the FreeBSD
Operating System. A problem exists which could allow a user restrained by
a jail to break free.
The problem occurs in the ability of jailed members of the system to load
the process filesystem. A user restricted by the jail can break free by
mounting the process filesystem, and using weaknesses within the
filesystem to execute arbitrary commands. This problem makes it possible
for a local user with superuser access in the jailed environment to
execute commands outside of the jail, and possibly gain unrestricted
access to the system.
8. Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vuln
BugTraq ID: 2133
Remote: No
Date Published: 2000-12-20
Relevant URL:
http://www.securityfocus.com/bid/2133
Summary:
During the boot process, Windows 2000 Server provides a number of
operating system modes to assist an Administrator in troubleshooting and
restoring a damaged system configuration. In the event that the
"Configure your Server" tool was implemented on a system in order to
promote it to domain controller status, a blank password will be assigned
to the operating system mode 'Directory Service Restore Mode'. This would
allow a malicious user who had physical access to the machine to log on in
Directory Service Restore Mode with administrative privileges.
The "Configure your Server" tool is used in order to promote a server to
become the first domain controller in a forest, which is set of Active
Directory domains. The vulnerability lies within the fact that during
implementation of the tool, a null password will be assigned to Directory
Service Restore Mode. Any user who could physically access the machine
would be able to log onto the machine and perform administrative duties
that can be exercised in Directory Service Restore Mode. This would also
give the user the capability to install a malicious program which would be
executed after reboot.
When the password for Directory Service Restore Mode is modified, it is
synchronized with the password of the Recovery Console. Therefore, the
Recovery Console is also designated a blank password in this situation.
The DCPROMO tool which accomplishes the same task as the "Configure your
Server" tool is not affected by this vulnerability.
Successful exploitation of this vulnerability could lead to a full
compromise of the system or the domain.
9. Alt-N MDaemon 3.5.0 Denial of Service Vulnerability
BugTraq ID: 2134
Remote: Yes
Date Published: 2000-12-19
Relevant URL:
http://www.securityfocus.com/bid/2134
Summary:
MDaemon is an email server which supports most common internet mail
protocols offered by Alt-N Technologies.
MDaemon is subject to a denial of service. Sending an unusually long
argument followed by '\r\ n' to port 143 will cause the MDaemon service to
crash. In addition, services running on ports 25, 110 and 366 will crash.
A restart is required in order to gain normal functionality.
10. Nano Local File Overwrite Vulnerability
BugTraq ID: 2135
Remote: No
Date Published: 2000-12-17
Relevant URL:
http://www.securityfocus.com/bid/2135
Summary:
nano is a free text editor similar to pico. A problem occurs with the
editor when a session terminates unexpectedly.
Upon abnormal exit, the text editor saves any changes made to the file
being edited into a new file in the current working directory labeled with
a '.save' extension.
A user editing a file in a directory writable by others could be subject
to having other files written to if a malicious user were to symbolically
link the .save file to one writable by the current nano user. This would
result in the contents of the nano session being appended to the
symbolically linked file, potentially corrupting it.
Depending on the privilege level of the current user, this could have
further serious impacts on host security.
11. Stunnel Weak Encryption Vulnerability
BugTraq ID: 2137
Remote: Yes
Date Published: 2000-12-19
Relevant URL:
http://www.securityfocus.com/bid/2137
Summary:
Stunnel is an SSL encryption wrapper by Michal Trojnara. It is available
for a number of platforms including Windows, Solaris, FreeBSD, Debian
Linux and RedHat Linux.
Due to inadequate seeding of the pseudorandom number generator, affected
versions (3.8 and earlier) may provide insufficiently robust encryption.
The vendor's advisory notes that this only affects versions which run on
systems lacking /dev/urandom, including Solaris and Windows.
This weakness could allow an attacker to more readily read protected
information, which could in turn lead to further compromises of system
security.
12. BEA WebLogic Server Double Dot Buffer Overflow Vulnerability
BugTraq ID: 2138
Remote: Yes
Date Published: 2000-12-19
Relevant URL:
http://www.securityfocus.com/bid/2138
Summary:
BEA Systems WebLogic Server is an enterprise level web and wireless
application server.
Unchecked buffers exist in a particular handler for URL requests that
begin with two dots "..". Depending on the data entered into the buffer,
WebLogic Server could be forced to crash or arbitrary code could be
executed on the system in the security context of the web server. In the
event that random data was sent in order to crash the server, restarting
the application would be required in order to regain normal functionality.
13. Itetris Privileged Arbitrary Command Execution Vulnerability
BugTraq ID: 2139
Remote: No
Date Published: 2000-12-19
Relevant URL:
http://www.securityfocus.com/bid/2139
Summary:
Itetris, or "Intelligent Tetris", is a clone of the popular Tetris puzzle
game for linux systems. The svgalib version of Itetris is installed
setuid root so that it may access video hardware when run by a regular
user. Itetris contains a vulnerability which may allow unprivileged users
to execute arbitrary commands as root.
Itetris uses the system() function to execute gunzip when uncompressing
font files. Unfortuntely it does so in a very insecure way -- relying on
gunzip being located in directories specified in the PATH environment
variable. It is possible to exploit this vulnerability if an attacker
sets PATH to include a directory under his/her control in which a "gunzip"
is found instead of or before the real location, eg:
PATH=/tmp/hacker:$PATH
Any program with the filename "gunzip" in /tmp/hacker would then be
executed with Itetris' effective privileges. This vulnerability can be
exploited to gain super user access and completely compromise the victim
host.
14. Infinite InterChange Denial of Service Vulnerability
BugTraq ID: 2140
Remote: Yes
Date Published: 2000-12-21
Relevant URL:
http://www.securityfocus.com/bid/2140
Summary:
Infinite Interchange is a multi function email server which supports most
common internet protocols. An example of various functions include an http
server and webmail interface.
Unfortunately Interchange is subject to a denial of service. By requesting
a malformed POST command to the HTTP server port comprised of approx 963
bytes, Interchange will crash. A restart of the service is required in
order to gain normal functionality.
This vulnerability may be the result of a buffer overflow, although not
verified this could lead to the execution of arbitrary code on the target
host.
15. GnuPG Detached Signature Verification False-Positive Vulnerability
BugTraq ID: 2141
Remote: No
Date Published: 2000-12-20
Relevant URL:
http://www.securityfocus.com/bid/2141
Summary:
All versions of Gnu Privacy Guard (GnuPG) have a security flaw relating to
the proper checking of detached signatures.
In certain situations, changes made to signed text detached from its
signature file, could be modified by an attacker. This is due to a bug in
GnuPG's command-line semantics. When verifying the integrity of a signed
document which has its signature in a separate file, Ggnupg can be
executed from the command line in the following manner:
gpg --verify signature.sig <signed-file.txt
The problem with this format, however, is that Gnupg's command-line
options used to verify "normal" signed documents is:
gpg --verify signed-file.txt
If the specified signature file is itself a valid signed document when
attempting to verify a document with a detached signature, GnuPG can
verify the "signature file" and will not report any errors.
Consequently, any modifications to the signed document (with the detached
signature) will not be reported because it is not checked as such. For an
attacker to exploit this bug, write access to the document's signature
file (and signed document to be modified) is required.
16. Microsoft IIS Front Page Server Extension DoS Vulnerability
BugTraq ID: 2144
Remote: Yes
Date Published: 2000-12-22
Relevant URL:
http://www.securityfocus.com/bid/2144
Summary:
Microsoft IIS ships with Front Page Server Extensions (FPSE) which enables
administrators remote and local web page and content management. Browse -
time support is another feature within FPSE which provides users with
functional web applications.
Due to the way FPSE handles the processing of web forms, IIS is subject to
a denial of service. By supplying malformed data to one of the FPSE
functions IIS will stop responding. A restart of the service is required
in order to gain normal functionality.
It should be noted that the victim only requires to have FPSE installed on
the web server to be vulnerable.
17. Korn Shell Redirection Race Condition Vulnerability
BugTraq ID: 2148
Remote: No
Date Published: 2000-12-21
Relevant URL:
http://www.securityfocus.com/bid/2148
Summary:
Korn Shell is a widely used, versatile shell distributed with most
variants of the UNIX Operating System. A problem exists which could allow
local users to append to files owned by other users.
The problem occurs in redirection using the << operator. Scripts and
command line operations using the << operator insecurely create files in
the /tmp directory, creating files with the name tmp.<pid> where pid
indicates the process id of the shell. It is possible to create symbolic
links in the /tmp directory using the aforementioned file name, which will
append the contents of a << request to the file symbolically linked. This
design issue makes it possible for a user with malicious intent to corrupt
files owned by another user, or potentially append content to other
sensitive system files.
III. SECURITYFOCUS.COM NEWS AND COMMENTARY
------------------------------------------
1. Cable Crypto Coming
By Kevin Poulsen
The cable television industry is moving ahead with a controversial plan to
implement a copy protection scheme that will allow movie studios and cable
providers to control what viewers are able to record off of future digital
cable TV networks.
Makers of televisions, video recorders and interactive set-top boxes who
want their equipment to be compatible with digital cable systems will be
forced to implement the patented Dynamic Feedback Arrangement Scrambling
Technique (DFAST), under a 42-page licensing agreement filed with the FCC
last week by Cable Television Laboratories, the industry's research and
development arm, with support from the National Cable Television
Association.
http://www.securityfocus.com/templates/article.html?id=128
2. Port Scans Legal, Judge Says
By Kevin Poulsen
A tiff between two IT contractors that spiraled into federal court ended
last month with a U.S. district court ruling in Georgia that port scanning
a network does not damage it, under a section of the anti-hacking laws
that allows victims of cyber attack to sue an attacker.
Last week both sides agreed not to appeal the decision by judge Thomas
Thrash, who found that the value of time spent investigating a port scan
can not be considered damage. "The statute clearly states that the damage
must be an impairment to the integrity and availability of the network,"
wrote the judge, who found that a port scan impaired neither.
http://www.securityfocus.com/templates/article.html?id=126
3. How Carnivore Works
By Thomas C. Greene, The Register
The FBI's notorious Internet traffic sniffer Carnivore includes a handy,
idiot-proof GUI interface enabling nosey Feds to capture and examine a
broad range of what passes through, from headers alone to full-bore
content retrieval, which is pictured in the Justice Department's final
assessment from the IIT Research Institute and the Illinois Institute of
Technology Chicago-Kent College of Law (IITRI).
The 'IP addresses' field conveniently accepts settings for particular IPs
or IP ranges; and the 'protocols' field accepts settings enabling Feds to
choose among TCP (transmission control protocol), UDP (user datagram
protocol) and ICMP (Internet control message protocol) retrieval, each one
separately configurable for 'full retrieval', 'pen mode' (headers only)
and 'off'.
http://www.securityfocus.com/templates/article.html?id=127
IV.SECURITY FOCUS TOP 6 TOOLS
-----------------------------
1. Big Brother 1.6
(AIX, BSDI, DG-UX, Digital UNIX/Alpha, FreeBSD, HP-UX, IRIX,
Linux, MacOS, NetBSD, Netware, SCO, SINIX, Solaris, SunOS, True64 UNIX,
UNICOS, UNIX, Ultrix, Unixware and Windows NT)
by Sean MacGuire (seaniti.qc.ca)
Relevant URL: http://bb4.com/download.html
Big Brother is a combination of monitoring methods. Unlike SNMP where
information is just collected and devices polled, Big Brother is designed
in such a way that each local system broadcasts its own information to a
central location. Simultaneously, Big Brother also polls all networked
systems from a central location. This creates a highly efficient and
redundant method for proactive network monitoring.
2. stunnel 3.10
(FreeBSD, Linux, Windows 2000, Windows 95/98 and Windows NT)
by Michal Trojnara (Michal.Trojnaracentertel.pl)
Relevant URL: http://www.securityfocus.com/tools/988
The stunnel program is designed to work as an SSL encryption wrapper
between remote client and local (inetd-startable) or remote server. It can
be used to add SSL functionality to commonly used inetd daemons like POP2,
POP3, and IMAP servers without any changes in the programs' code. It will
negotiate an SSL connection using the OpenSSL or SSLeay libraries. It
calls the underlying crypto libraries, so stunnel supports whatever
cryptographic algorithms you compiled into your crypto package.
3. Saint Jude 0.0.7
(Linux)
by Tim Lawless (lawlessnetdoor.com)
Relevant URL: http://www.sourceforge.com/projects/stjude
Saint Jude LKM is a Linux kernel module that implements the Saint Jude
model for improper privilege transitions. This will permit the discovery
of local, and ultimately, remote root exploits during the exploit itself.
Once discovered, Saint Jude will terminate the execution, preventing the
root exploit from occuring. This is done without checking for attack
signatures of known exploits, and thus should work for both known and
unknown exploits.
4. Ensuredmail v1.4
(Windows 2000, Windows 95/98, WIndows NT)
by Ensuredmail, Inc.
Relevant URL: http://www.ensuredmail.com/
Privacy software that: protects email, attachments, local files; supports
existing email accounts; supports Microsoft Outlook 97,98,2000, Outlook
Express 4.0, 5.0; integrates with web-mail systems, provides reliable
read-receipts,can prevent recipients from forwarding sensitive data.
5. E-Lock Reader 4.0
(Windows 95/98, Windows 2000, Windows NT)
by E-Lock Technologies
Relevant URL: http://www.elock.com/download/downreader.asp
The E-Lock Reader is a free verification tool that allows recipients of
digitally signed information to verify the associated signatures. In a
typical e-business scenario, one or few individuals conduct the actual
signing process, while the document may have to be ratified or viewed by
multiple people. The E-Lock Reader makes it possible for diverse parties
to verify digital signatures without the need for complex digital
signature products.
6. Sysmon 0.90.11
(BSDI, Digital UNIX/Alpha, FreeBSD, HP-UX, Linux, NetBSD, SCO
and Solaris)
by Jared Mauch (jaredpuck.nether.net)
Relevant URL: http://www.sysmon.org/
Sysmon is a network monitoring tool designed to provide high performance
and accurate network monitoring. Currently supported tests include
monitoring of SMTP, IMAP, HTTP, TCP, UDP, Radius, NNTP, and POP3 servers.
It also includes the ability to ping hosts and routers. Sysmon has the
ability to understand real network topologies, including the ability to
monitor multiple paths and only report the actual device that is down
instead of a router that is down, and all the hosts behind it.
V. SECURITY JOBS SUMMARY
------------------------
1. Great Security Engineering Opportunity (Thread)
Relevant URL:
2. Net Security Specialist Resume (VA) (Thread)
Relevant URL:
3. IS Position with a security focus (Thread)
Relevant URL:
4. looking for a security team (Thread)
Relevant URL:
5. Reposting SecurityJobs Content (Thread)
Relevant URL:
6. Security - Staff Engineer, Software (Thread)
Relevant URL:
7. Please Post (Thread)
Relevant URL:
8. Seeking opportunities (Thread)
Relevant URL:
electekgroup.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-12-23%26thread%3d002c01c06921$98871240$1f09a8c0electekgroup.com
9. WireLess Security Vulnerability Experts (NorthEast) (Thread)
Relevant URL:
ne.mediaone.net">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2000-12-23%26thread%3d001501c068bd$15079520$c78eda18ne.mediaone.net
VI. INCIDENTS LIST SUMMARY
-------------------------
1. DNS Scanning for blocking (Thread)
Relevant URL:
2. Out of Office Messages (Thread)
Relevant URL:
3. New trojan running in port 12345? (Thread)
Relevant URL:
4. Unknown web log entry - new FrontPage exploit? (Thread)
Relevant URL:
mail2go.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-12-23%26thread%3d001a01c06bfc$080ca170$3ae3a318mail2go.com
5. Happy Holidays (Thread)
Relevant URL:
6. .rpc_door, what is that? (Thread)
Relevant URL:
7. udp port 500 scans (Thread)
Relevant URL:
mail2go.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-12-23%26thread%3d000d01c06b9a$cad7a680$3ae3a318mail2go.com
8. Source of Recent Distributed Pings (Thread)
Relevant URL:
9. Strange packets (Thread)
Relevant URL:
10. Christmas Eve packet (Thread)
Relevant URL:
11. Ether Broadcast (Thread)
Relevant URL:
12. Which exploit-tool is this? (Thread)
Relevant URL:
13. [CyberAbuse] New trojan, Magisterium (Thread)
Relevant URL:
cybercable.fr">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-12-23%26thread%3d001f01c069dc$ad318840$318b84c3cybercable.fr
14. Postmaster notify: User unknown (Thread)
Relevant URL:
15. FW: Postmaster notify: User unknown (Thread)
Relevant URL:
16. Port Scans are Legal (Thread)
Relevant URL:
17. What is a crime, WAS RE: Port Scans are Legal (Thread)
Relevant URL:
eng.storageway.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-12-23%26thread%3d001701c0698b$83a6a100$b6ee65d8eng.storageway.com
18. Netbios name scans (Thread)
Relevant URL:
19. Remote buffer overflow in Darwin server? (Thread)
Relevant URL:
20. Strange Scan (Thread)
Relevant URL:
dubz.com.au">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d75%26date%3d2000-12-23%26thread%3d006c01c06896$b537f3e0$6500a8c0dubz.com.au
21. Linux - Possible trojan or other? (fwd) (Thread)
Relevant URL:
22. CERT policy is not to distribute exploits Re: More info regarding: std.pl, the rpc.statd linux mass rooter (Thread)
Relevant URL:
23. CERT disclosure policy Re: More info regarding: std.pl, the rpc.statd linux mass rooter (Thread)
Relevant URL:
24. Probes for 17746 (Thread)
Relevant URL:
25. could be slice? (Thread)
Relevant URL:
VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------
1. Proxy stuff (Thread)
Relevant URL:
2. EMC Symmetrix SAN (Thread)
Relevant URL:
3. The NSA's Security-Enhanced Linux (Thread)
Relevant URL:
4. GATEWAY ? (Thread)
Relevant URL:
5. Scanning Web Proxy -- Preliminary Concept (Thread)
Relevant URL:
6. Overwriting ELF .dtors section to modify program execution (Thread)
Relevant URL:
7. Checkpoint' Securemote & Secureclient vuls? (Thread)
Relevant URL:
8. Bug, possible hole in nslookup, various operating systems (Thread)
Relevant URL:
9. Bug, probable DoS in http connection or just paranoia? (Thread)
Relevant URL:
10. (U) Exploiting Poor SNMP Security (Thread)
Relevant URL:
11. Router worm exploiting poor SNMP security. (Thread)
Relevant URL:
12. Apple Mac DoS (Thread)
Relevant URL:
13. cross site exploits (Thread)
Relevant URL:
14. Palm Bean Lock feature (Thread)
Relevant URL:
15. cross site scripting... is your site on this list (Thread)
Relevant URL:
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. IIS/NT logging (Thread)
Relevant URL:
budstikken.dk">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2000-12-23%26thread%3d009801c06c26$4a6b58c0$2601a8c0budstikken.dk
2. Disabling NetBIOS and IIS (Thread)
Relevant URL:
3. NTLM AND WAP (Thread)
Relevant URL:
4. tcp wrappers (Thread)
Relevant URL:
5. Microsoft Outlook 2000 9.0.0.2711 Plain Text Passwords (Thread)
Relevant URL:
6. Windows NT 4.0 SCP (Thread)
Relevant URL:
7. NT encryption (Thread)
Relevant URL:
8. Port 27374 (Thread)
Relevant URL:
9. Securing NT in a shared web hosting environment. (Thread)
Relevant URL:
10. Microsoft Internet Security and Acceleration (ISA) Server 200 0 (Thread)
Relevant URL:
11. Security Events (Thread)
Relevant URL:
12. Trapping NT Events in real-time (Thread)
Relevant URL:
13. Administriviapology (Thread)
Relevant URL:
14. Microsoft Internet Security and Acceleration (ISA) Server 2000 (Thread)
Relevant URL:
15. NT protected storage system... (Thread)
Relevant URL:
16. Foxing NetCraft.com (Thread)
Relevant URL:
17. SecurityFocus.com Microsoft Newsletter #13 (Thread)
Relevant URL:
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. rstchown kernel setting (Thread)
Relevant URL:
2. SEAM, KRB5 and phrase length (Thread)
Relevant URL:
3. Solaris 8 and Windows NT... (Thread)
Relevant URL:
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. Firewall (Thread)
Relevant URL:
2. ipfwadm or ipchains? (Thread)
Relevant URL:
3. Help requested: unable to see any logs from ipchains rules with-l (logging) option (Thread)
Relevant URL:
4. Help requested: unable to see any logs from ipchains rules with -l (logging) option (Thread)
Relevant URL:
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
-------------------------------------
1. How do I subscribe?
Send an e-mail message to LISTSERVSECURITYFOCUS.COM with a message body
of:
SUBSCRIBE SF-NEWS Lastname, Firstname
You will receive a confirmation request message to which you will have
to anwser.
2. How do I unsubscribe?
Send an e-mail message to LISTSERVSECURITYFOCUS.COM from the subscribed
address with a message body of:
UNSUBSCRIBE SF-NEWS
If your email address has changed email aleph1securityfocus.com and I
will manualy remove you.
3. How do I disable mail delivery temporarily?
If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:
SET SF-NEWS NOMAIL
To turn back on e-mail delivery use the command:
SET SF-NEWS MAIL
4. Is the list available in a digest format?
Yes. The digest generated once a day.
5. How do I subscribe to the digest?
To subscribe to the digest join the list normally (see section 0.2.1)
and then send a message to LISTSERVSECURITYFOCUS.COM with with a message
body of:
SET SF-NEWS DIGEST
6. How do I unsubscribe from the digest?
To turn the digest off send a message to LISTSERV with a message body
of:
SET SF-NEWS NODIGEST
If you want to unsubscribe from the list completely follow the
instructions of section 0.2.2 next.
7. I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from
which you are sending commands to LISTSERV from. Either send email from
the appropiate address or email the moderator to be unsubscribed manually.
- Previous message: Stephen Entwisle: "SecurityFocus.com Newsletter #71"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]