|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Stephen Entwisle (se
SECURITYFOCUS.COM)Date: Mon Feb 12 2001 - 16:15:28 CST
SecurityFocus.com Newsletter #79
--------------------------------
This issue brought to you by: Aladdin Knowledge Systems
Proactive protection (eSafe Gateway) versus Reactive protection (too late)
The ILOVEYOU vandal caused damages of over $10 billion in a matter of
days, proving that reactive anti-virus solutions were useless in
preventing this attack. The key to Internet security is to be proactive -
stopping attacks and dealing with Web content, scripts and malicious
mobile code before anything ever reaches your network's critical assets.
For this, there's eSafe Gateway.
For more information go to: http://www.ealaddin.com/esafe/gateway
-----------------------------------------------------------------
I. FRONT AND CENTER
1. RestrictAnonymous: Enumeration and the Null User
2. Check Point Firewall-1 for Linux
II. BUGTRAQ SUMMARY
1. Guido Frassetto SEDUM HTTP Server Directory Traversal Vulnerability
2. Heat-On HSWeb Web Server Path Disclosure Vulnerability
3. Informs PicServer Directory Traversal Vulnerability
4. Microsoft Windows UDP Socket DoS Vulnerability
5. Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
6. AOLserver Directory Traversal Vulnerability
7. SSH1 Session Key Retrieval Vulnerability
8. SSH1 SSH Daemon Logging Failure Vulnerability
9. Soft Lite ServerWorx Directory Traversal Vulnerability
10. Microsoft Windows NT 'NTLMSSP' Privilege Escalation Vulnerability
11. Infobot fortran math Arbitrary Command Execution Vulnerability
12. IBM Net.Commerce Remote Arbitrary Command Execution Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
1. Congress tackles "cyber menace"
2. Putting viruses on the map
3. Prison email ban upheld
4. Survey: Love Letter remains seductive
IV.SECURITY FOCUS TOP 6 TOOLS
1. userdump 1.11
2. Astaro Security Linux 1.790
3. userinfo 1.5
4. EasyChains 0.9.3-4
5. Advanced Administrative Tools 4.30
6. Tripwire Open Source 2.3.0-50
V. SECURITYJOBS LIST SUMMARY
1. Network Security (Thread)
2. Resume of a white hat hacker (Thread)
3. San Jose, Ca--Sales Engineer, Security Manager (Thread)
4. Security Analyst (Thread)
5. New York City - Security Specialist (Thread)
6. Looking for a visa sponsor (Thread)
7. Security Consultant -Toronto Canada (Thread)
8. Experience working for big/small infosec companies...(Thread)
9. Looking for a challenging security position (Thread)
10. Seeking: Entry/Junior Level Security position. (Thread)
11. looking for a job (Thread)
12. United Airlines position available (Thread)
13. List Administration Ignore (Thread)
VI. INCIDENTS LIST SUMMARY
1. 1000% increase in traffic (Thread)
2. Internet worm from China (Thread)
3. Port 555 scan (Thread)
4. ICMP Source Quench + Echo (Thread)
5. Wrong protocol ID in previous message (Thread)
6. [No Subject]
7. Very Strange Attack (Thread)
8. LINK Question (Thread)
9. DNS question ? (Thread)
10. DNS server crashed (Thread)
11. IP Unknown Protocol (Thread)
12. Positive response from provider re: incident report (Thread)
13. Arp Warnings on Home Network (Thread)
14. Bad Referrals? (Thread)
15. massively long hostname for `gethostbyname' (Thread)
16. Logging named version requests (Thread)
17. Possible crack attempt against ProFTPD or a DoS? (Thread)
18. Crazy port 111 scans (Thread)
19. INCIDENTS Digest - 5 Feb 2001 to 6 Feb 2001 (#2001-33) (Thread)
20. A question of intent / DHCP poison attack? (Thread)
21. Scans TCP 21536 and UDP 37852 (Thread)
22. Anyone seen one like this? (Thread)
23. UDP IP Frag (Thread)
24. Email attack (Thread)
25. Any info on fz-sniff? (Thread)
26. Named TSIG exploit ? (Thread)
27. Ramenfind Ramen detection and removal tool, V0.3 (Thread)
28. RedHat 6.2 box exploited - analysis of attacker activity (Thread)
29. Strange packets (IDS28/probe-nmap_tcp_ping) (Thread)
30. Incident handling... (Thread)
31. Hybris Worm (Thread)
32. greeted by a file transfer (Thread)
33. Port 1033-1037 Question (Thread)
34. odd scan (Thread)
35. List Administration Ignore (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
1. Wu-ftp 2.5.0(1) vulnerable ? (Thread)
2. Cons and Security Validation (Thread)
3. Strange e-mails from Excite.com (Thread)
4. passwd seg fault (Thread)
5. buffer overflow - fundamentals (Thread)
6. /usr/bin/which overflow (Thread)
7. Potential overflow in Internet Explorer (Thread)
8. IE bug (?) (Thread)
9. FW: email wiretapping via javascript (Thread)
10. [No Subject]
11. Outlook related idiot-question (Thread)
12. .htr bug still exist after applying MS patches. (Thread)
13. Windows 2000 remote brute force (Thread)
14. email wiretapping via javascript (Thread)
15. in.comsat buffer overflow in solaris 8 (Thread)
16. Outlook Question.(Another Idiot) (Thread)
17. Buffer Overflows in Netscape6 (Thread)
18. MSSQL Server Local and Remote exploit...(Thread)
19. Buffer Overflow Fundamentals. (Thread)
20. p-smash halts Microsoft Windows 98 (Thread)
21. BIND infoleak bug details? (Thread)
22. [Fwd: Supposedly RSA has been cracked] (Thread)
23. Format String Bugs/Remote Shellcode (Thread)
24. AW: Potential overflow in Internet Explorer (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
1. Nt auto log off (Thread)
2. pcAnywhere (Thread)
3. NONE Group (Thread)
4. Easy Windows Update Question (Thread)
5. Java, ActiveX, VM security exposures (Thread)
6. R: TCP / IP filtering on WIN 2K (Thread)
7. NT logon prompt help (Thread)
8. NT: Restrict Users from Installing Software? (Thread)
9. NT/IIS hotfixes (Thread)
10. Win2000 Security - Level C2 security (Thread)
11. Win2k Telnet Service (Thread)
12. UDP 1026 (port) (Thread)
13. File Sharing Default permission (Thread)
14. ISA Server and ICSA Certification (Thread)
15. MSSQL Server Local and Remote exploit...(Thread)
16. Restrict Anonymous on W2K ? (Thread)
17. SecurityFocus.com Microsoft Newsletter #20 (Thread)
18. trobules with iis4.0 (Thread)
19. guid/sid algorithm (Thread)
20. FW: NONE Group (Thread)
21. NT/2000: Restrict Users from Installing Software? (Thread)
22. Listening ports on Windows 2000 (Thread)
IX. SUN FOCUS LIST SUMMARY
1. Configuring BSM Question (Thread)
2. sshd2 (Thread)
3. LDAP Authentication on Solaris / AIX (Thread)
4. ufsrestore(1M) For UID 0 Only? (Thread)
5. X11 / Port 6000 (Thread)
6. SunScreen Lite (Thread)
X. LINUX FOCUS LIST SUMMARY
1. vpn on linux (Thread)
2. Linux Questions (Thread)
3. binding X to loopback (Thread)
4. Snort rules (Thread)
5. portsentry and iptables (Thread)
6. named version probes (Thread)
7. Other named/firewall accessibility problem (Thread)
8. SecurityFocus.com Linux Newsletter #15 (Thread)
XI. SPONSOR INFORMATION
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
I. FRONT AND CENTER
-------------------
1. RestrictAnonymous: Enumeration and the Null User
If you are an NT administrator, or if you provide security policies and audits for clients,
then you know all about the RestrictAnonymous value in the LSA key. If not, you need to
educate yourself about this setting - not so much because of what it does, but more
importantly, what it doesn't do. This article by SecurityFocus.com writer Timothy M. Mullen
will offer an overview of RestrictAnonymous, the need for a RestrictAnonymous setting, some
inherent weaknesses in RestrictAnonymous and some developments that aim to negate these
weaknesses.
http://www.securityfocus.com/focus/ms/nt/restrict.html
2. Check Point Firewall-1 on Linux, Part One
Check Point Firewall-1 has been the market-leading firewall system since
its introduction in 1994. The main advantage of Firewall-1 is its
comprehensive and easy to understand GUI, which has made it a firewall
system of choice for many corporate IT managers. This article by David
"Del" Elson is the first in a series of three articles that will examine
Check Point Firewall-1 for Linux. This installment will consist of a brief
introductory overview of Firewall-1, and a discussion of installation,
post-installation tasks, as well as single and multi-system installations.
http://www.securityfocus.com/focus/linux/articles/checkpoint1.html
II. BUGTRAQ SUMMARY
-------------------
1. Guido Frassetto SEDUM HTTP Server Directory Traversal Vulnerability
BugTraq ID: 2335
Remote: Yes
Date Published: 2001-02-04
Relevant URL:
http://www.securityfocus.com/bid/2335
Summary:
Sedum HTTP Server is a server designed for internet and intranet
environments.
A remote user could gain read access to known files outside of the root
directory. Requesting a specially crafted URL composed of '../' or '.../'
sequences to a host running SEDUM HTTP Server will disclose the requested
file.
Successful exploitation of this vulnerability could lead to the disclosure
of sensitive information and possibly assist in further attacks against
the victim.
2. Heat-On HSWeb Web Server Path Disclosure Vulnerability
BugTraq ID: 2336
Remote: Yes
Date Published: 2001-02-04
Relevant URL:
http://www.securityfocus.com/bid/2336
Summary:
HSWeb is a Web Server offered by Heat-On Software.
It is possible for a remote attacker to disclose the physical path to the
web root and peruse the entire directory listing, this is accomplished by
requesting a specially crafted URL.
It should be noted that directory browsing must be enabled to exploit this
vulnerability.
Successful exploitation of this vulnerability could enable a remote user
to gain access to confidential information, which may assist in further
attacks against the host.
3. Informs PicServer Directory Traversal Vulnerability
BugTraq ID: 2339
Remote: Yes
Date Published: 2001-02-05
Relevant URL:
http://www.securityfocus.com/bid/2339
Summary:
Informs PicServer is a web server used specifically for remote users to
view various graphic files stored on the machine hosting PicServer. The
graphic types supported are .gif, .jpg and .htm.
A remote user could gain read access to directories outside the root
directory. Requesting a specially crafted URL composed of '../' or '.../'
sequences to a host running PicServer will disclose an arbitrary
directory. This vulnerability could enable an attacker to gain read access
to various files residing on the target machine.
Successful exploitation of this vulnerability could lead to the disclosure
of sensitive information and possibly assist in further attacks against
the victim.
4. Microsoft Windows UDP Socket DoS Vulnerability
BugTraq ID: 2340
Remote: Yes
Date Published: 2001-02-06
Relevant URL:
http://www.securityfocus.com/bid/2340
Summary:
Microsoft Windows 2000 and Windows 98 are subject to a denial of service
condition. Receiving a maliciously crafted email or visiting a malicious
web site could prevent Windows 2000 from DNS resolution and Windows 98
from accepting new TCP connections.
This bug may also cause the consumption of system resources. Windows fails
to reserve available UDP sockets for local applications. Receiving a
maliciously crafted email or visiting a malicious web site could allow the
utilization of available UDP sockets, consuming all system resources.
Closing the malicious application or a restart of the machine is required
in order to gain normal functionality.
It should be noted that upon closing the application in question, it has
been known that the machine may unexpectedly reboot.
Successful exploitation of this vulnerability could assist in further
attacks against the victim host.
5. Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
BugTraq ID: 2341
Remote: No
Date Published: 2001-02-05
Relevant URL:
http://www.securityfocus.com/bid/2341
Summary:
The Network DDE (Dynamic Data Exchange) service allows processes to share
information across a network. The client and server applications
communicate via a channel known as a "trusted share". The record of these
shares and their accompanying applications are kept by the Network DDE
DSDM (DDE Share Database Manager) service.
The DSDM runs as a service and when it start, WINLOGON creates an IPC
"window" in the logged-in user's "desktop" named "NetDDE Agent", and with
a window class of "NDDEAgnt", to be used in communications with DDE
enabled processes. Only processes in the local machine running in the same
"windows station" and "desktop" can communicate via this "window".
This distinction is not significant for workstations and servers. However
in terminal servers each user session runs in a separate "window station"
and none of them can send requests to this "window". Only the console
session can send request to the "window" as it runs in the same "window
station" and "desktop".
In previous versions of Windows NT requests to the "window" were handled
in the context of the logged-in user. In Windows 2000 requests send to the
"window" are handled in the Local System security context, as its done in
the WINLOGON process address space.
One of the requests that can be sent to this "window" is one that is
likely to be used by the system to start an application when a request is
made to a "trusted share" but the application associated with the "trusted
share" is not yet running. The application to execute is specified in the
request message and is run using the Local System security context. Thus
an attacker can start an arbitrary program by sending a request to this
"window" with the path and arguments of the application to execute.
The request is sent via a window "WM_COPYDATA" message. The message is
sent using the "SendMessage()" function, and is handled by the
Client/Server Runtime Subsystem (CSSRS). Usually "window" communications
is performed via the "PostMessage()" function. The structure sent to the
"window" has as it's first four bytes the magic number 0xDDE1DDE1,
followed by the four bytes 0x00000001, followed by the four bytes
0x00000001, followed by the 8 bytes DDE share mode ID 0x0100000009000005,
followed by the four bytes 0xCCCCCC, followed by the "trusted share" name
in ASCII and null terminated, and followed by the command to execute in
ASCII and null terminated.
A number of trusted shared exist by default in Windows 2000. This are
"Chat$" which is associated with the Microsoft Chat application, "CLPBK$"
which is associated with the Clipbook application, and "Hearts$" which is
associated with the Microsoft Hearts application. If no "trusted shares"
exist on the system an attacker can easily add new ones using the Network
DDE Share Manager application.
6. AOLserver Directory Traversal Vulnerability
BugTraq ID: 2343
Remote: Yes
Date Published: 2001-02-06
Relevant URL:
http://www.securityfocus.com/bid/2343
Summary:
AOLserver is a multithreaded web server by America Online. AOLserver is
designed for larger scale web sites and supports Tcl scripting language.
A remote user could gain read access to directories outside the root
directory. Requesting a specially crafted URL composed of '.../' sequences
to a host running AOLserver will disclose an arbitrary directory. This
vulnerability could enable an attacker to gain read access to various
files residing on the target machine.
Successful exploitation of this vulnerability could lead to the disclosure
of sensitive information and possibly assist in further attacks against
the victim.
7. SSH1 Session Key Retrieval Vulnerability
BugTraq ID: 2344
Remote: Yes
Date Published: 2001-02-06
Relevant URL:
http://www.securityfocus.com/bid/2344
Summary:
dis
8. SSH1 SSH Daemon Logging Failure Vulnerability
BugTraq ID: 2345
Remote: Yes
Date Published: 2001-02-05
Relevant URL:
http://www.securityfocus.com/bid/2345
Summary:
SSH1 is the implementation of the Secure Shell communication protocol by
SSH Communications. SSH1 is version 1 of the protocol specified by IETF
draft to protect the integrity of traffic over the network.
The commercial implementation of the SSH version 1 product distributed by
SSH Communications contains a flaw in the logging routine that could allow
remote users to brute force attack a system, and remain unlogged by system
logging utilities. The problem is manifested in the logging code for the
included authentication methods of password authentication, RSA
authentication, RhostsRSA authentication, TIS authentication, and
Kerberos4 authentication. Kerberos5 authentication logging is not
affected by this bug.
The source of the ssh 1.2.30 package does not log attempts to brute force
any of the affected authentication schemes beyond the fourth attempt by a
remote user. Therefore, a malicious user can launch a continuous brute
force password attack that can continue until success, and no information
will be logged via syslog.
9. Soft Lite ServerWorx Directory Traversal Vulnerability
BugTraq ID: 2346
Remote: Yes
Date Published: 2001-02-07
Relevant URL:
http://www.securityfocus.com/bid/2346
Summary:
ServerWorx is a web server by Soft Lite.
A remote user could gain read access to directories outside the root
directory. Requesting a specially crafted URL composed of '../' or '.../'
sequences to a host running ServerWorx will disclose an arbitrary
directory. This vulnerability could enable an attacker to gain read access
to various files residing on the target machine.
Successful exploitation of this vulnerability could lead to the disclosure
of sensitive information and possibly assist in further attacks against
the victim.
10. Microsoft Windows NT 'NTLMSSP' Privilege Escalation Vulnerability
BugTraq ID: 2348
Remote: No
Date Published: 2001-02-07
Relevant URL:
http://www.securityfocus.com/bid/2348
Summary:
The NTLM Security Support Provider (NTLMSSP) service manages
authentication requests related to the NTLM protocol. It implemented in
the "ntlmssps.dll" DLL and its hosted by the "services.exe" process. As
the "services.exe" process executes in the Local System security context
so does the NTLMSSP service.
Communication with the NTLMSSP service is accomplished via the Local
Procedure Call (LPC) IPC mechanism. The service waits for requests in the
"\NtLmSecuritySupportProviderPort" LPC port. Any local process can connect
to this port and send requests to the NTLMSSP service.
The requests to the NTLMSSP service include an integer which indicates
which of the functions offered by the NTLMSSP service the client wishes to
call. The NTLMSSP service uses this integer as an index into a table of
functions to select the appropriate function which it tend executes.
While the NTLMSSP service performs some checks on the value of the
function index supplied by the calling process it treats the index as
signed integer during these checks. Thus the checks can be bypassed by
sending the service a negative index number. This allows the client to
fool the service into executing code pointed at by some memory location in
the address space of the service in the Local System security context.
Local System privileges are equivalent or above administrator access
levels. If these privileges were gained an attacker would gain complete
control over the system.
To successfully make use of the vulnerability an attacker would need to
find the code he wishes to execute and a memory location that holds the
address of such code in the address space of the NTLMSSP service.
An attacker is aided by the fact that the NtConnectPort() function used to
establish LPC communication with the service can be used by the client to
map a shared memory segment into the address space of the server and learn
at what address in the address space of the server it was mapped. Thus an
attacker can write into the shared memory the pointer to the code he
wishes to execute, write into the shared memory segment the code he wishes
to execute, and calculate the index to use in a request to the NTLMSSP
service such that the code in the shared memory segment is executed by the
service under the Local System security context.
11. Infobot fortran math Arbitrary Command Execution Vulnerability
BugTraq ID: 2349
Remote: Yes
Date Published: 2001-02-06
Relevant URL:
http://www.securityfocus.com/bid/2349
Summary:
Infobot is a free, open source IRC bot designed to automate channel
administration tasks and give information to users. It was originally
written by Kevin Lenzo, and is actively maintained by the Infobot
Development Team.
A problem exists in the handling of commands by the fortran math functions
of Infobot. When a command is sent to the infobot such as "calc 10+10",
infobot uses the perl open() function to launch bc locally, and inputs the
numbers to bc via an echo. bc then returns the answer to infobot, which
in turn messages the answer to the user.
However, a problem occurs when a request for a calculation containing
single quotes and semicolons is passed through the fortran math function
of the bot. While white space is parsed and removed before commands get
to bc, characters are not. Upon receiving the command line, and being
input into the echo for passing to bc, the single quotes allow the passed
command to escape from the echo, and execute as a local command, rather
than as input to bc. White space can be substituted with the $IFS
environment variable, allowing a remote user to not only pass commands,
but arguments to commands as well.
Therefore, a command such as "calc 10+10" will result in normal operation,
while a command such as ';mkdir$IFS"dog";' will create a directory in the
current working directory of the bot with the user and group privileges of
the UID of the bot, providing the current working directory of the bot is
write permitted.
12. IBM Net.Commerce Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 2350
Remote: Yes
Date Published: 2001-02-05
Relevant URL:
http://www.securityfocus.com/bid/2350
Summary:
Net.Commerce is an e-commerce platform from IBM. Newer versions are called
WebSphere Commerce Suite.
A serious vulnerability exists in Net.Commerce 3.x which may grant a
remote attacker complete access to the vulnerable host. Due to a failure
to validate user-supplied input, macros (including those installed by
default) written for the Net.Commerce platform can allow a remote user to
excute arbitrary SQL commands and obtain information from the Net.Commerce
database.
This could permit an attacker to query the database and obtain
administrator account and password information, which, properly exploited,
can lead to a complete compromise of the affected host with the privilege
level of the DB2INST1 account. This includes arbitrary file reads and
writes, shell commands and database queries.
III. SECURITYFOCUS.COM NEWS AND COMMENTARY
------------------------------------------
1. Congress tackles "cyber menace"
By Kevin Poulsen
Declaring "cyberterrorism" a growing threat to national security,
congressmen James Saxton (R-NJ) and Saxby Chambliss (R-GA) introduced
legislation this week calling for a revised legal framework for
prosecuting terrorist hackers, and renewed public-private sector
cooperation in combating the "cyber menace."
House concurrent resolution twenty-two declares cyberterrorism to be "an
emerging threat to the national security of the United States which has
the potentiality to cause great harm to the Nation's critical electronic
infrastructure."
http://www.securityfocus.com/templates/article.html?id=150
2. Putting viruses on the map
By John Leyden, The Register
Consumer security firm McAfee.com has unveiled a real-time virus map which
is designed to give computer users a visual indication of the spread of
virus infections around the world.
During its research on the propagation of viruses which led to the
creation of the map, McAfee.com scanned 39 billion files and discovered
that an alarming one in five computers are infected with viruses.
http://www.securityfocus.com/templates/article.html?id=149
3. Prison email ban upheld
By Kevin Poulsen
Officials at California's most notorious prison won the right to block
inmates from receiving printed email messages though the regular U.S.
mail, in a ruling by a state appeals court Tuesday.
"We conclude that given the unique characteristics of e-mail, the ban on
receipt by regular mail of Internet-generated material was neither
arbitrary nor irrational and was logically related to the prison's
legitimate security concerns," reads the decision by the California Court
of Appeal, First Appellate District, overturning a lower court ruling.
http://www.securityfocus.com/templates/article.html?id=148
4. Survey: Love Letter remains seductive
By John Leyden, The Register
Computer users haven't learned any lessons from the spread of the Love Bug
virus last year.
According to research published by IDC this week, more than a third (37
percent) of business email users would still open the attachment of an
email titled 'ILOVEYOU' -- the same message used in emails infected with
the Love Bug.
http://www.securityfocus.com/templates/article.html?id=147
IV.SECURITY FOCUS TOP 6 TOOLS
-----------------------------
1. userdump 1.11
Platforms: Windows 2000, Windows 95/98 and Windows NT
by <thorhammerofgod.com>
Relevant URL: http://www.securityfocus.com/tools/1931
The purpose of this app is to illustrate inconsistencies in the MS
implementation of the RestrictAnonymous registry setting.
2. Astaro Security Linux 1.790
Platforms: Linux
by Astaro AG (infoastaro.de)
Relevant URL: http://www.astaro.com/products/download.html
Astaro Security Linux is a new firewall solution. It does stateful
inspection, packet filtering, content filtering, virus scanning, VPN with
IPSec, and much more. With its Web-based management tool and the ability
to pull updates over the Internet, it it is pretty easy to manage. It is
based on a special hardened Linux 2.4 distribution where most daemons are
running in change-roots and are protected by capabilities.
3. userinfo 1.5
Platforms: Windows 2000, Windows 95/98 and Windows NT
by <thorhammerofgod.com>
Relevant URL: http://www.securityfocus.com/tools/1930
The purpose of this app is to illustrate inconsistencies in the MS
implementation of the RestrictAnonymous registry setting.
4. EasyChains 0.9.3-4
Platforms: Linux and Solaris
by Dejavo (dejavoroysmail.com)
Relevant URL: http://dejavo.virtualave.net/djvlinux.html
EasyChains is a very easy-to-use GUI for the console firewall script. It
makes it easy to add custom rules or to remove rules from a numbered list.
5. Advanced Administrative Tools 4.30
Platforms: Windows 2000, Windows 95/98 and Windows NT
by G-Lock Software
Relevant URL: http://www.glocksoft.com/aatools.htm
AATools for Windows is a great set of utilities for analyzing network
properties. It will test pretty much every network operation you could
want to know about. AATools will check Email properties, Scan ports and
proxies, give network and system statuses, clean up unnecessary registry
entries in your registry, etc. The information it conveys is easy to
digest and setting up a test is likewise very simple. A worthwhile
download for anyone wanting to gather info on their network or PC. AATools
should be a part of your security toolkit and you should employ them
regularly.
6. Tripwire Open Source 2.3.0-50
Platforms: Linux
by Tripwire, Inc. (infotripwire.com)
Relevant URL: http://www.tripwire.org
Tripwire is a very popular system integrity checker, a utility that
compares properties of designated files and directories against
information stored in a previously generated database. Any changes to
these files are flagged and logged, including those that were added or
deleted, with optional email and pager reporting. Support files
(databases, reports, etc.) are cryptographically signed. Changes: Security
fixes with respect to temp file handling, as well a new global email
option.
V. SECURITY JOBS SUMMARY
------------------------
1. Network Security (Thread)
Relevant URL:
2. Resume of a white hat hacker (Thread)
Relevant URL:
3. San Jose, Ca--Sales Engineer, Security Manager (Thread)
Relevant URL:
4. Security Analyst (Thread)
Relevant URL:
5. New York City - Security Specialist (Thread)
Relevant URL:
6. Looking for a visa sponsor (Thread)
Relevant URL:
7. Security Consultant -Toronto Canada (Thread)
Relevant URL:
8. Experience working for big/small infosec companies: feedback anyone? (Thread)
Relevant URL:
9. Looking for a challenging security position (Thread)
Relevant URL:
10. Seeking: Entry/Junior Level Security position. (Thread)
Relevant URL:
11. looking for a job (Thread)
Relevant URL:
bertelsmann.de">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d77%26date%3d2001-02-10%26thread%3d001801c0908b$bf2b1720$626fe13ebertelsmann.de
12. United Airlines position available (Thread)
Relevant URL:
13. List Administration Ignore (Thread)
Relevant URL:
VI. INCIDENTS LIST SUMMARY
-------------------------
1. 1000% increase in traffic (Thread)
Relevant URL:
2. Internet worm from China (Thread)
Relevant URL:
3. Port 555 scan (Thread)
Relevant URL:
4. ICMP Source Quench + Echo (Thread)
Relevant URL:
5. Wrong protocol ID in previous message (Thread)
Relevant URL:
6. [ no subject ]
Relevant URL:
7. Very Strange Attack (Thread)
Relevant URL:
8. LINK Question (Thread)
Relevant URL:
9. DNS question ? (Thread)
Relevant URL:
10. DNS server crashed (Thread)
Relevant URL:
11. IP Unknown Protocol (Thread)
Relevant URL:
12. Positive response from provider re: incident report (Thread)
Relevant URL:
13. Arp Warnings on Home Network (Thread)
Relevant URL:
14. Bad Referrals? (Thread)
Relevant URL:
15. massively long hostname for `gethostbyname' (Thread)
Relevant URL:
16. Logging named version requests (Thread)
Relevant URL:
17. Possible crack attempt against ProFTPD or a DoS? (Thread)
Relevant URL:
18. Crazy port 111 scans (Thread)
Relevant URL:
19. INCIDENTS Digest - 5 Feb 2001 to 6 Feb 2001 (#2001-33) (Thread)
Relevant URL:
20. A question of intent / DHCP poison attack? (Thread)
Relevant URL:
21. Scans TCP 21536 and UDP 37852 (Thread)
Relevant URL:
22. Anyone seen one like this? (Thread)
Relevant URL:
23. UDP IP Frag (Thread)
Relevant URL:
24. Email attack (Thread)
Relevant URL:
25. Any info on fz-sniff? (Thread)
Relevant URL:
26. Named TSIG exploit ? (Thread)
Relevant URL:
27. Ramenfind Ramen detection and removal tool, V0.3 (Thread)
Relevant URL:
28. RedHat 6.2 box exploited - analysis of attacker activity (Thread)
Relevant URL:
29. Strange packets (IDS28/probe-nmap_tcp_ping) (Thread)
Relevant URL:
30. Incident handling... (Thread)
Relevant URL:
31. Hybris Worm (Thread)
Relevant URL:
32. greeted by a file transfer (Thread)
Relevant URL:
33. Port 1033-1037 Question (Thread)
Relevant URL:
34. odd scan (Thread)
Relevant URL:
35. List Administration Ignore (Thread)
Relevant URL:
VII. VULN-DEV RESEARCH LIST SUMMARY
----------------------------------
1. Wu-ftp 2.5.0(1) vulnerable ? (Thread)
Relevant URL:
2. Cons and Security Validation (Thread)
Relevant URL:
3. Strange e-mails from Excite.com (Thread)
Relevant URL:
4. passwd seg fault (Thread)
Relevant URL:
5. buffer overflow - fundamentals (Thread)
Relevant URL:
6. /usr/bin/which overflow (Thread)
Relevant URL:
7. Potential overflow in Internet Explorer (Thread)
Relevant URL:
8. IE bug (?) (Thread)
Relevant URL:
9. FW: email wiretapping via javascript (Thread)
Relevant URL:
10. [ no subject ]
Relevant URL:
11. Outlook related idiot-question (Thread)
Relevant URL:
12. .htr bug still exist after applying MS patches. (Thread)
Relevant URL:
13. Windows 2000 remote brute force (Thread)
Relevant URL:
14. email wiretapping via javascript (Thread)
Relevant URL:
15. in.comsat buffer overflow in solaris 8 (Thread)
Relevant URL:
16. Outlook Question.(Another Idiot) (Thread)
Relevant URL:
src.bu.edu">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-10%26thread%3d001201c09038$835be560$9a217aa8src.bu.edu
17. Buffer Overflows in Netscape6 (Thread)
Relevant URL:
18. MSSQL Server Local and Remote exploit(Proof for executing administrative commands remotely by using SA account) (Thread)
Relevant URL:
19. Buffer Overflow Fundamentals. (Thread)
Relevant URL:
20. p-smash halts Microsoft Windows 98 (Thread)
Relevant URL:
21. BIND infoleak bug details? (Thread)
Relevant URL:
22. [Fwd: Supposedly RSA has been cracked] (Thread)
Relevant URL:
23. Format String Bugs/Remote Shellcode (Thread)
Relevant URL:
24. AW: Potential overflow in Internet Explorer (Thread)
Relevant URL:
rct1.bc.wave.home.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d82%26date%3d2001-02-10%26thread%3d003d01c08f1b$aa127840$0100a8c0rct1.bc.wave.home.com
VIII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Nt auto log off (Thread)
Relevant URL:
2. pcAnywhere (Thread)
Relevant URL:
3. NONE Group (Thread)
Relevant URL:
anchorsign.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-10%26thread%3d00d701c09266$19576010$af05a8c0anchorsign.com
4. Easy Windows Update Question (Thread)
Relevant URL:
5. Java, ActiveX, VM security exposures (Thread)
Relevant URL:
6. R: TCP / IP filtering on WIN 2K (Thread)
Relevant URL:
activenetwork.net">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-10%26thread%3d010801c091bc$cf4ad140$0100007factivenetwork.net
7. NT logon prompt help (Thread)
Relevant URL:
8. NT: Restrict Users from Installing Software? (Thread)
Relevant URL:
9. NT/IIS hotfixes (Thread)
Relevant URL:
10. Win2000 Security - Level C2 security (Thread)
Relevant URL:
11. Win2k Telnet Service (Thread)
Relevant URL:
12. UDP 1026 (port) (Thread)
Relevant URL:
13. File Sharing Default permission (Thread)
Relevant URL:
hostel1.giki.edu.pk">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-10%26thread%3d000901c09037$7f9cfe10$610ca8c0hostel1.giki.edu.pk
14. ISA Server and ICSA Certification (Thread)
Relevant URL:
15. MSSQL Server Local and Remote exploit(Proof for executing administrative commands remotely by using SA account) (Thread)
Relevant URL:
16. Restrict Anonymous on W2K ? (Thread)
Relevant URL:
17. SecurityFocus.com Microsoft Newsletter #20 (Thread)
Relevant URL:
18. trobules with iis4.0 (Thread)
Relevant URL:
19. guid/sid algorithm (Thread)
Relevant URL:
20. FW: NONE Group (Thread)
Relevant URL:
21. NT/2000: Restrict Users from Installing Software? (Thread)
Relevant URL:
seifried.org">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-10%26thread%3d00f901c08f00$4a5db100$ca00030aseifried.org
22. Listening ports on Windows 2000 (Thread)
Relevant URL:
IX. SUN FOCUS LIST SUMMARY
----------------------------
1. Configuring BSM Question (Thread)
Relevant URL:
2. sshd2 (Thread)
Relevant URL:
3. LDAP Authentication on Solaris / AIX (Thread)
Relevant URL:
4. ufsrestore(1M) For UID 0 Only? (Thread)
Relevant URL:
5. X11 / Port 6000 (Thread)
Relevant URL:
6. SunScreen Lite (Thread)
Relevant URL:
X. LINUX FOCUS LIST SUMMARY
---------------------------
1. vpn on linux (Thread)
Relevant URL:
2. Linux Questions (Thread)
Relevant URL:
3. binding X to loopback (Thread)
Relevant URL:
4. Snort rules (Thread)
Relevant URL:
5. portsentry and iptables (Thread)
Relevant URL:
6. named version probes (Thread)
Relevant URL:
7. Other named/firewall accessibility problem (Thread)
Relevant URL:
8. SecurityFocus.com Linux Newsletter #15 (Thread)
Relevant URL:
XI. SPONSOR INFORMATION
-----------------------
This issue brought to you by: Aladdin Knowledge Systems
Proactive protection (eSafe Gateway) versus Reactive protection (too late)
The ILOVEYOU vandal caused damages of over $10 billion in a matter of
days, proving that reactive anti-virus solutions were useless in
preventing this attack. The key to Internet security is to be proactive -
stopping attacks and dealing with Web content, scripts and malicious
mobile code before anything ever reaches your network's critical assets.
For this, there's eSafe Gateway.
For more information go to: http://www.ealaddin.com/esafe/gateway
XII. SUBSCRIBE/UNSUBSCRIBE INFORMATION
-------------------------------------
1. How do I subscribe?
Send an e-mail message to LISTSERVSECURITYFOCUS.COM with a message body
of:
SUBSCRIBE SF-NEWS Lastname, Firstname
You will receive a confirmation request message to which you will have
to anwser.
2. How do I unsubscribe?
Send an e-mail message to LISTSERVSECURITYFOCUS.COM from the subscribed
address with a message body of:
UNSUBSCRIBE SF-NEWS
If your email address has changed email aleph1securityfocus.com and I
will manualy remove you.
3. How do I disable mail delivery temporarily?
If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:
SET SF-NEWS NOMAIL
To turn back on e-mail delivery use the command:
SET SF-NEWS MAIL
4. Is the list available in a digest format?
Yes. The digest generated once a day.
5. How do I subscribe to the digest?
To subscribe to the digest join the list normally (see section 0.2.1)
and then send a message to LISTSERVSECURITYFOCUS.COM with with a message
body of:
SET SF-NEWS DIGEST
6. How do I unsubscribe from the digest?
To turn the digest off send a message to LISTSERV with a message body
of:
SET SF-NEWS NODIGEST
If you want to unsubscribe from the list completely follow the
instructions of section 0.2.2 next.
7. I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from
which you are sending commands to LISTSERV from. Either send email from
the appropiate address or email the moderator to be unsubscribed manually.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]