Linux Security Week September 4 - In this issue: Our feature this week, "Setting up a Linux Log Server to enhance System Security," provides clear step-by-step information on how to setup a log server. Also includes papers on Intrusion Detection Level Analysis of Nmap and Queso, PAM - Pluggable Authentication Modules, Anyone with a Screwdriver Can Break In (physical linux security), Inexpensive measures to solve security problems, Attacking Linux, Firewalls - Placement, The Emotional Side of Cryptography, Ain't no network strong enough, Encryption Could Starve Carnivore, The next era for Internet security, Review of Debian 2.2 Security, Justice shops for Carnivore review, Interview with Lance Spitzner, and much more.
aefdff8aa8f24da5bd0762cdef4f41253f50fc7ba00b9c7809ec4771ee7a0b13Remote Nmap is a python client/server package which allows many clients to connect to a centralized nmap server to do their port scanning. This could be useful for security companies who want to have all thier scans come from a dedicated machine.
1b6a6e8838008eeda3ffd0b8da88b8b4efda3ff0f7ce012901caeae31e958e29Auction Weaver 1.02 Lite remote proof of concept exploit. Spawns an xterm by exploiting an insecure open() call.
05490e9058e27b2b15a85eb91906bf90777cd620da83832f56681fe3570761b8The ICQ Greeting Card service allows HTML commands to be sent to the target user. Any malicious HTML such as file:///c:/con/con can crash the system or exploit other HTML based vulnerabilities.
bc5b109db4538ee867af58c61bf71e039eb3c0c10b62871eae499953483f35fcunix.txt is a unix reference guide and learners manual. Useful for beginning unix users, people who want to participate in "Hacker Wargames" or windows users who are concidering makeing the switch to unix.
66e644958f703d930f105a4ea1096aa7769eb22e1c9d7205d2179209d0969440Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.
83c6699924e682f85e77011352d621eca3f2cd04baa15492a9e72b1038adedb4Vigilante Advisory #8 - NTMail Configuration Service v5 & v6 denial of service. The web configuration running on TCP port 8000 does not flush incomplete HTTP requests, and thus it is possible to use up all the server ressources within a very short time.
c9fec19beb463e9c88ed288d26e1bc526386517c5982cb2f718dc275c18ea22bcpmdaemon is a program that runs as a daemon or a cgi which allows changing of passwords. It allows brute force dictionary attacks against user passwords without any logging. Includes exp_cpmdaemon.c proof of concept code.
3483de64828caecd47ac6a0791f690c8028feb0bc3131f6bcd8c612b01b7ba04Debian Security Advisory - A format string bug was recently discovered in screen which allows local users to obtain root access if screen is setuid. This is fixed in version 3.7.4-9.1 and 3.9.5-9.
ee354671d4f3380237a25a1901fe2c5fa6b9f4b2d4f6f502405aa2cb1a0bcc54Windows NT allows remote users to find out the SID remotely if certain conditions are met. The logs need to be viewable remotely, auditing must be enabled, and policies must block the account after a certain failure count.
058acc074b6dceaa3311a7b9d02f577660e67364ccb5a3bab68adece51f67ee0Analogx.pl is a Local / Remote GET Buffer Overflow dos exploit for AnalogX SimpleServer:WWW HTTP Server v1.1. Based on USSR Advisory #29.
7d7de8059e1c6adceb81388daff0a69a02756f41bab2fe06c96453c7db47e64dTWWWscan is a Windows based www vulnerability scanner which looks for 227 www/cgi vulnerabilities . Displays http header, server info, and tries for accurate results. Now features anti-IDS url encoding and passive mode scan. Tested on win95 osr2 win98,win98se,win nt4,win 2k/Me.
b3134147cc552ad7ec3fdfbbc6073511ee8198b168ba683a9057c49a2b866abfPIKT is a multi-functional tool for monitoring systems, reporting and fixing problems, and managing system configurations. PIKT is quickly gathering potential as a serious security management system. PIKT comprises an embedded scripting language with unique, labor-saving features. Binaries available here.
6df3002fc53335e49e6d6e74df7daae79fe15d306537717e19709a4577e1b211WFTPD/WFTPD Pro 2.41 RC12 devulges sensitive information by revealing the full path of the current directory. This is fixed in WFTPD/WFTPD Pro 2.41 RC13. Exploit details included.
193366b65a5b1cdd836be3470f4aa6808039ca44452fe3c05bb6a2925d08ca56WFTPD/WFTPD Pro 2.41 RC12 contains a remote denial of service vulnerability which does not require a valid login/password. Perl exploit code included.
2ce2075c4946300317f659cb6ce029291184ad6df10f2c8ceaee2b6620d0efc2Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
6632598825537aabb60ba9f3be5ea7b538cfba36808303ddd80141a6b3185917initd_.sh is a tool which automatically attacks local linux binaries and attempts to exploit buffer overflows in command line switches.
bf801d4b25b62dd71c893f6e3b9f46f50c6f1a529d68916e1a05c5b471e06d97bird.pl is a source code scanner which uses regular expressions to search for 12 common insecure C calls and 8 common insecure perl functions.
ecfc2feab3db209ede8d7618dbec2a07c23e18d23b6e2044b31f33e689ccd646Debian Security Advisory - Recently two local vulnerabilities have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.
3d3701f6b2368041d54be2e3f06b6df813bb30308a5056eb1b2fc090d37ae51aTelnetfp is an OS detection tool which uses do / dont requests via telnet to determine remote OS type. Contains 23 OS fingerprints.
0567b0152bd59007461af62751f10b20eabf48b7fd1831ae530a2e63fcafb436A new Distributed Denial of Service tool, Trinity v3, has been discovered in the wild. There have been reports of up to 400 hosts running the Trinity agent. In one Internet Relay Chat (IRC) channel on the Undernet network, there are 50 compromised hosts with Trinity running, with new hosts appearing every day. It is not known how many different versions of Trinity are in the wild.
ae3410dfb4415f157d96a9862a755d7384dbf4c77f8018d7149d5452d989b3e6Patch for linux kernel 2.2.17 to discard packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags.
e372ecaac931c3275b54326bd9081858a084f41c95552cc8459bf05872f8807aLandmine Fileutils is a modified fileutils package for Linux which logs the arguments used for execution to syslog. Includes patched copies of chmod, chgrp, chown, cp, dir, ln, ls, mkdir, mv, rm, rmdir, and touch.
9f11e852afc06b51af7fb9e02d8233d8d7e2f5dd98943dca6282d871e28eaa70SAINT (Security Administrator's Integrated Network Tool) is a security assessment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
8f5fe2685bf06265b6a51e76ec1831dbe9b0b1aed0f01582d60d07491ad7a3c5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed