ipchains-firewall is an easily-configurable shell script to establish masquerading and firewalling rules using ipchains. The package contains a script to establish firewalling for a single machine connected to the network without masquerading, a script to establish firewalling for a system acting as a router routing to non-private IP space, a script to establish firewalling and masquerading for a system acting as a router routing to private IP address space, and one to establish firewalling and masquerading for a system acting as a router, routing to multiple RFC1918 subnets over multiple interfaces. The distribution also includes a copy of midentd v1.6, to enable identd over the masqueraded network.
5d4362c8b0d04146e35bf5b931889a8d54acde3887c33b453a5c8caa85075aa9
iptables-firewall, like its older cousin ipchains-firewall, is an easily-configurable shell script to establish NAT and firewalling rules using iptables. The script self-configures out of the box for IP addresses, netmasks, and interfaces. All that is needed is a commandline specification of external and internal interface names. It automatically determines type of firewall to set up (standalone, routing, or NAT) based on interface IP addresses. The distribution also includes a copy of midentd, to enable identd over the masqueraded network.
06f9468af9dd2d8bc1b425969fc36b49b732e5ade37c4074ae2c28b4ae540baa
Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity.
f74e6f6af72d2a400d679d8bc93728cd434905726ea4e09f0fd0c26ba20012b7
Apache is the most popular webserver on the internet.
399b4f0924bcbd989276eabec1a4ae4084d1d18ac9d4f70b42d7731c0f6483ed
OpenPorts is a simple script which can be run as a cron job every 5 minutes, checking the open and listening ports on the local system with netstat. If there is a difference since the last time it was run, an e-mail is sent to the system administrator containing the list of new open ports.
60423aeb267755589f09cad6d8bc6946481531a2e80e144bc472f246a53e4ca8
Iptables is built on top of netfilter: the new packet alteration framework for Linux 2.4. It is an enhancement on ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects.
21d19a9f48499609176d3b086ef3803a729cb2bba65dffc926a8bfae47afbb94
11logger is a small kernel patch, a module and some userspace tools to add SIGSEGV logging and history capabilities to Linux 2.2.x. 11logger is very useful in security auditing and general debugging.
16a2deda4d7f22cac71d863f6d93c04fc6abe8da405674697924aa3cc2d3ff4b
Hacker Resource
d3373e3085eee17158efbab065b64284edf383a1820f996100892f19c3b732d6
AnalogX 1.1 contains remotely exploitable buffer overflows, as reported in USSR Advisory #29. This perl script will crash the server.
1bdccecd24f11ee629b770cad98d4f87a53a2f4ce8e4179a6711e1acf4e37d8f
GDM local root and/or denial of service attack, tested on Red Hat 6.2. Requires console access.
0152f01fe95821ca442a86d5040d00c6f94af97c5ed3d54f2c0d85ef0541b8d8
secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
f25e260715bd4a2ebcbf96ed0aa7f9a18588ee6b7f47e00811becd149b4e028c
The following problem (as discussed in this paper) has not yet been identified. Certain firewalls today, will not authenticate the validity of certain protocol fields within the packet they are processing. The risk is exposure of information, mainly unique patterns of behavior produced by the probed machines answering our crafted queries. Those patterns will help a malicious computer attacker to identify the operating systems in use. Postscript version available here.
01f95aa24a6313bdb216740349840e313f3e263f418774043ced01d6a4d91d56
Debian Security Advisory - In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server.
e031d1ac0242a6c7e919fe15518e47dc9411ec40b6e045152efdfb901bee5c15
Debian Security Advisory - In versions of the PHP 3 packages before version 3.0.17, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server, particularly if error logging was enabled.
dd9e1294b5f3f1834b54ecd3f83b50d6ee1121239f0aae1a9014b88f4d4ea474
The nis package that was distributed with Debian GNU/Linux 2.1 has a couple of problems which have been fixed in version 3.5-2. We recommend you upgrade your nis package immediately. Debian security homepage here.
e31ce655c74265d1033cb65a4ab3ff5b2e5a6f8d377f54600b58b8ad993a51f2
Microsoft Security Bulletin (MS00-077) - Microsoft has released a patch that eliminates a security vulnerability in NetMeeting, an application that ships with Windows 2000 and is also available for Windows NT 4.0. The vulnerability allows a malicious user to deny service to a NetMeeting server. Microsoft FAQ on this issue available here.
3c668e9e0ef4c2472401d28101f1e4541a99dd6185589b9f9706e5803eb6eb01
Debian Security Advisory - The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code: when it created an error message it failed to check the size of the buffer allocated for storing the message. This could be exploited by the remote machine by returning an invalid response to a request from curl which overflows the error buffer and trick curl into executing arbitrary code.
b4546e53189726ce86a3b698d2a39926c6eabfb3a4c4ab5225418a919e65a44a
FreeBSD Security Advisory FreeBSD-SA-00:57 - The muh port, an IRC bouncer, versions 2.05c and below contains a vulnerability which allows remote users to gain the privileges of the user running muh. This is accomplished by sending a carefully crafted exploit string containing string format operators to a user using muh but who is not connected. When the user reconnects and executes '/muh read', muh will allow the remote attacker to execute arbitrary code as the local user.
8f36eb60edcb01ea36fa29e159e50ecf301ee4326c181259fc41a4249d047569
FreeBSD Security Advisory FreeBSD-SA-00:56 - The LPRng port, versions prior to 3.6.24, contains a vulnerability in syslog() which allows remote and local root compromise.
383a13988913ece81c3d550a90cc2d095ebcae22e3dc9547ad51506fae541281
FreeBSD Security Advisory FreeBSD-SA-00:55 - The xpdf port, a PDF viewer for X, contains a race condition which allows local users to overwrite arbitrary files as the user running xpdf. Additionally no shell metacharacter checking is done when visiting URLs.
fffc0e765e6068b8f2afe53e82d8918165e1e3bcbe5fa3d10ea50b7380a44a68
FreeBSD Security Advisory FreeBSD-SA-00:54 - Shortly before the release of FreeBSD 4.1.1, code was added to finger(1) intended to allow the utility to send the contents of administrator-specified files in response to a finger request. However the code incorrectly allowed users to specify a filename directly, the contents of which would be returned to the user.
4b5af2dc80b56a25748f70615e7b9bee970529fb40be4967c4a47cf39c2e6d1e
Debian Security Advisory - In versions of the traceroute package before 1.4a5-3, it is possible for a local user to gain root access by exploiting an argument parsing error.
96b99378a5e3df437c75a80827f0afcb8530f3b641e7bacf61037b6d1b4673a8
Microsoft Security Bulletin (MS00-076) - Microsoft has released a patch that eliminates the "Cached Web Credentials" security vulnerability in Internet Explorer, which allows malicious users to obtain another user's userid and password to a web site. Microsoft FAQ on this issue available here.
da1c3e8d0916bf749858b704179dabc4b0d8870ddade71fd331d032ce13a8ede
Synnergy Laboratories Advisory SLA-2000-17 - A flaw in Linux/UNIX Anaconda Foundation Directory, a yahoo style search engine based on the Open Directory Project allows remote users to traverse the webservers filesystem, allowing arbitary files to be read by appending a trailing NULL byte in URL encoded format. Exploit URL included.
114471e6a48ade395cf5dd9910cfbb9ebc5b97960e372c164656001a5ddd2840
Godmessage Creator allows you to implement the Godmessage IV activeX attack with any binary you supply. Archive password is set to p4ssw0rd. Use at your own risk.
05516f6b41a3b42bf1118a69b356c3c549d89a355493f0ccc97d4bda177ac489