Date: 19 Apr 2004 22:41:36 -0000
From:"John Boletta" <jboletta@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #180
SecurityFocus Linux Newsletter #180
------------------------------------

This Issue is Sponsored By: SecurityFocus staff

Want to keep up on the latest security vulnerabilities? Don't have time 
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see 
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Solaris 10 Security
     2. Basic Web Session Impersonation
     3. Forensic Analysis of a Live Linux System, Part Two
II. LINUX VULNERABILITY SUMMARY
     1. Scorched 3D Server Memory Corruption Vulnerabilities
     2. RSniff Remote Denial of Service Vulnerability
     3. Linux Kernel Sigqueue Blocking Denial Of Service Vulnerabili...
     4. Citadel/UX Insecure File Permissions Vulnerability
     5. KDE Konqueror Bitmap File Processing Denial of Service Vulne...
     6. PHP-Nuke CookieDecode Cross-Site Scripting Vulnerability
     7. TUTOS Multiple Input Validation Vulnerabilities
     8. PHP-Nuke Multiple SQL Injection Vulnerabilities
     9. Neon WebDAV Client Library Format String Vulnerabilities
     10. CVS Client RCS Diff File Corruption Vulnerability
     11. CVS Server Piped Checkout Access Validation Vulnerability
     12. Linux Kernel ISO9660 File System Buffer Overflow 
Vulnerabili...
     13. MySQL MYSQLD_Multi Insecure Temporary File Creation 
Vulnerab...
     14. Linux Kernel JFS File System Information Leakage 
Vulnerabili...
     15. PostNuke Pheonix Multiple Module SQL Injection 
Vulnerabiliti...
     16. Red Hat Linux GNU Mailman Remote Denial Of Service 
Vulnerabi...
     17. Xonix X11 Game Insecure Privilege Dropping Vulnerability
     18. ssmtp Mail Transfer Agent Multiple Format String 
Vulnerabili...
     19. Linux Kernel XFS File System Information Leakage 
Vulnerabili...
     20. Linux Kernel EXT3 File System Information Leakage 
Vulnerabil...
     21. Cisco IPsec VPN Client Group Password Disclosure 
Vulnerabili...
     22. Gemitel Affich.PHP Remote File Include Command Injection 
Vul...
III. LINUX FOCUS LIST SUMMARY
     1. decent loadbalancing with 2 different ISP's with min... 
(Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Immunity CANVAS
     2. SecretAgent
     3. Cyber-Ark  Inter-Business Vault
     4. EnCase Forensic Edition
     5. KeyGhost SX
     6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Samhain v1.8.6
     2. C-Kermit v8.0.211
     3. p3pmail v1.1
     4. Astaro Security Linux (Stable 5.x) v5.000
     5. NSA Security-enhanced Linux v2004040714
     6. Telconi Terminal for Cisco IOS v0.6a 
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Solaris 10 Security
By Ravi Iyer
This article discusses the many new security features in Sun's Solaris 
10 
operating system, as well as Sun's holistic approach to security. 

http://www.securityfocus.com/infocus/1776

2. Basic Web Session Impersonation
By Rohyt Belani 

This article gives a basic introduction to common flaws in web 
applications that allow a malicious user to hijack a legitimate user's 
web 
session. Some practical countermeasures that reduce this threat are 
also 
discussed.

http://www.securityfocus.com/infocus/1774

3. Forensic Analysis of a Live Linux System, Part Two 
by Mariusz Burdach 

Last month in the first part of this article series, we discussed some 
of 
the preparation and steps that must be taking when analyzing a live 
Linux 
system that has been compromised. Now we'll continue our analysis by 
looking for malicious code on the running system, and then discuss some 
of 
the searches that can be done with the data once it has been 
transferred 
to our remote host.

http://www.securityfocus.com/infocus/1773

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Scorched 3D Server Memory Corruption Vulnerabilities
BugTraq ID: 10086
Remote: Yes
Date Published: Apr 09 2004
Relevant URL: http://www.securityfocus.com/bid/10086
Summary:
The Scorched 3D server component has been reported prone to multiple 
memory corruption vulnerabilities.  One of the issues is reportedly a 
heap-based buffer overrun that is exposed when a client supplies an 
excessive number of format string characters in the server chat box text 
input field.  

Other unspecified issues related to bounds checking were also reported.

These issues could be exploited to crash the server or potentially 
execute arbitrary code.

2. RSniff Remote Denial of Service Vulnerability
BugTraq ID: 10093
Remote: Yes
Date Published: Apr 09 2004
Relevant URL: http://www.securityfocus.com/bid/10093
Summary:
It has been reported that RSniff may be prone to a remote denial of 
service issue when a client repeatedly connects to the RSniff daemon and 
does not issue the 'AUTHENTICATE' command to log in or simply closes the 
connection.  The server fails to accept new connections after about 
1024 malicious connection attempts have been made.

RSniff 1.0 has been reported to be prone to this issue.

3. Linux Kernel Sigqueue Blocking Denial Of Service Vulnerabili...
BugTraq ID: 10096
Remote: No
Date Published: Apr 12 2004
Relevant URL: http://www.securityfocus.com/bid/10096
Summary:
A vulnerability has been reported in the Linux Kernel that may permit a 
malicious local user to affect a system-wide denial of service 
condition.  This issue may be triggered via the Kernel signal queue (struct 
sigqueue) and may be exploited to exhaust the system process table by 
causing an excessive number of threads to be left in a zombie state.

4. Citadel/UX Insecure File Permissions Vulnerability
BugTraq ID: 10102
Remote: No
Date Published: Apr 12 2004
Relevant URL: http://www.securityfocus.com/bid/10102
Summary:
Citadel/UX has been reported prone to a weak file permissions 
vulnerability. The issue is reported to present itself because Citadel/UX sets 
insecure permissions on the "data" directory and files contained within, 
during installation.

As a direct result of this, any user who has interactive shell access 
to a system may disclose potentially sensitive data that is contained in 
the Citadel/UX database and data files.

5. KDE Konqueror Bitmap File Processing Denial of Service Vulne...
BugTraq ID: 10107
Remote: Yes
Date Published: Apr 13 2004
Relevant URL: http://www.securityfocus.com/bid/10107
Summary:
It has been reported that Konqueror may be prone to a denial of service 
vulnerability when processing malformed bitmap files.  An attacker can 
cause a denial of service condition in the system by specifying a large 
value for a bitmap file to be loaded by the browser.

This attack may lead to a denial of service condition in the system to 
the exhaustion of memory resources.

This vulnerability has been tested on KDE 3.2.1 running on a 
Freebsd5.2-CURRENT system, however, it is possible that other versions running on 
different platforms are vulnerable as well.  It is likely that this 
issue is present in a shared KDE bitmap processing component, presenting 
attack vectors in other applications that use the component.

This vulnerability is similar to the issue described in BID 10097 
(Microsoft Internet Explorer Bitmap File Processing Denial of Service 
Vulnerability).

6. PHP-Nuke CookieDecode Cross-Site Scripting Vulnerability
BugTraq ID: 10128
Remote: Yes
Date Published: Apr 13 2004
Relevant URL: http://www.securityfocus.com/bid/10128
Summary:
Reportedly PHP-NuKe is prone to a remote cross-site scripting 
vulnerability.  This issue is due to a failure of the 'cookiedecode()' function 
to properly sanitize user supplied cookie parameters.

These issues could permit a remote attacker to create a malicious link 
to the vulnerable application that includes hostile HTML and script 
code. If this link were followed, the hostile code may be rendered in the 
web browser of the victim user. This would occur in the security 
context of the affected web site and may allow for theft of cookie-based 
authentication credentials or other attacks.

7. TUTOS Multiple Input Validation Vulnerabilities
BugTraq ID: 10129
Remote: Yes
Date Published: Apr 13 2004
Relevant URL: http://www.securityfocus.com/bid/10129
Summary:
Multiple vulnerabilities have been identified in various modules of 
TUTOS.  These vulnerabilities may allow a remote attacker to carry out 
various attacks such as path disclosure, cross-site scripting, and 
possibly SQL injection.

8. PHP-Nuke Multiple SQL Injection Vulnerabilities
BugTraq ID: 10135
Remote: Yes
Date Published: Apr 13 2004
Relevant URL: http://www.securityfocus.com/bid/10135
Summary:
Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities.  
These issues are due to a failure of the application to properly 
sanitize user supplied input.

As a result of these issues an attacker could modify the logic and 
structure of database queries. Other attacks may also be possible, such as 
gaining access to sensitive information.

9. Neon WebDAV Client Library Format String Vulnerabilities
BugTraq ID: 10136
Remote: Yes
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10136
Summary:
It has been reported that the Neon client library is prone to multiple 
remote format string vulnerabilities.  This issue is due to a failure 
of the application to properly implement format string functions.

Ultimately this vulnerability could allow for execution of arbitrary 
code on the system implementing the affected client software, which would 
occur in the security context of the server process.

10. CVS Client RCS Diff File Corruption Vulnerability
BugTraq ID: 10138
Remote: Yes
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10138
Summary:
A vulnerability has been discovered in the CVS client. It is reported 
that a problem in the revision control system (RCS) diff files may allow 
an attacker to create an arbitrary file on a remote system. The file 
will be created with the privileges of the user who is invoking the CVS 
client.

11. CVS Server Piped Checkout Access Validation Vulnerability
BugTraq ID: 10140
Remote: Yes
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10140
Summary:
CVS server has been reported prone to an access validation 
vulnerability. It is reported that the CVS server does not sufficiently validate 
piped checkouts. The CVS server may honor a request for a piped checkout 
for a path that resides outside of the cvsroot.

Data that is harvested in this manner may be used to aid in further 
attacks that are launched against the target server.

12. Linux Kernel ISO9660 File System Buffer Overflow Vulnerabili...
BugTraq ID: 10141
Remote: No
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10141
Summary:
It has been reported that the Linux Kernel is prone to a local ISO9660 
file system buffer overflow vulnerability.  This issue is due to a 
failure of the application to properly validate buffer boundaries when 
processing file system information.  An attacker must have adequate 
permissions to mount the malicious file system to exploit the issue.  This is 
not enabled by default on a number of available Linux distributions.

This issue may be exploited by an attacker to overflow and modify 
kernel memory, potentially allowing the attacker to create an arbitrary data 
structure in kernel memory.  This issue may be leveraged to gain kernel 
level access to the affected system.

13. MySQL MYSQLD_Multi Insecure Temporary File Creation Vulnerab...
BugTraq ID: 10142
Remote: No
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10142
Summary:
mysqld_multi is reported prone to insecure temporary file handling. The 
script likely creates temporary files with predictable filenames.

An attacker may exploit this issue to launch symbolic link attacks that 
will most likely result in corruption of files when the vulnerable 
script is launched.

This issue would only affect Unix/Linux-based operating systems.

14. Linux Kernel JFS File System Information Leakage Vulnerabili...
BugTraq ID: 10143
Remote: No
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10143
Summary:
A vulnerability has been reported in the Linux Kernel that is related 
to how JFS file systems are cleaned up.  In particular, a root user may 
potentially gain access to private or sensitive information on these 
file systems.  

This really only poses a security risk if the root user is not intended 
to access this information already.

15. PostNuke Pheonix Multiple Module SQL Injection Vulnerabiliti...
BugTraq ID: 10146
Remote: Yes
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10146
Summary:
It has been reported that PostNuke Pheonix is prone to a remote SQL 
injection vulnerability in multiple modules.  This issue is due to a 
failure of the application to properly sanitize user supplied URI input.

This may allow a remote attacker to manipulate query logic, potentially 
leading to unauthorized access to sensitive information such as the 
administrator password hash or corruption of database data. SQL injection 
attacks may also potentially be used to exploit latent vulnerabilities 
in the underlying database implementation.

16. Red Hat Linux GNU Mailman Remote Denial Of Service Vulnerabi...
BugTraq ID: 10147
Remote: Yes
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10147
Summary:
An update that was released by Red Hat(RHSA-2004:019) to address the 
issue described in BID 9620 (GNU Mailman Malformed Message Remote Denial 
Of Service Vulnerability), is reported to introduce a denial of service 
vulnerability.

A remote attacker may exploit this vulnerability to cause the mailman 
to crash, effectively denying service to legitimate users.

17. Xonix X11 Game Insecure Privilege Dropping Vulnerability
BugTraq ID: 10149
Remote: No
Date Published: Apr 15 2004
Relevant URL: http://www.securityfocus.com/bid/10149
Summary:
It has been reported that Xonix is prone to a vulnerability that may 
allow an attacker to gain elevated privileges.  This issue occurs because 
the application fails to drop privileges.  Successful exploitation of 
this issue may result in a local attacker gaining gid 'games' 
privileges.

This issue has been reported to affect Xonix version 1.4, however, it 
is possible that other versions are affected as well.

Due to a lack of details, further information is not available at the 
moment. This BID will be updated as more information becomes available.

18. ssmtp Mail Transfer Agent Multiple Format String Vulnerabili...
BugTraq ID: 10150
Remote: Yes
Date Published: Apr 15 2004
Relevant URL: http://www.securityfocus.com/bid/10150
Summary:
It has been reported that ssmtp may be prone to multiple format string 
vulnerabilities that could allow a remote attacker to execute arbitrary 
code in the context of the vulnerable process.  A successful attack may 
allow an attacker to gain root privileges.

19. Linux Kernel XFS File System Information Leakage Vulnerabili...
BugTraq ID: 10151
Remote: No
Date Published: Apr 15 2004
Relevant URL: http://www.securityfocus.com/bid/10151
Summary:
An information leakage vulnerability has been reported to exist in the 
Linux kernel when writing to an XFS file system.  This issue is due to 
a design error that causes some kernel information to be leaked.

It has been reported that this issue requires that the attacker be able 
to read the raw device; an action which is restricted to privileges 
users.  Due to the nature of the issue, this really only poses a security 
risk if the privileged user is not intended to access this information 
already.

20. Linux Kernel EXT3 File System Information Leakage Vulnerabil...
BugTraq ID: 10152
Remote: No
Date Published: Apr 15 2004
Relevant URL: http://www.securityfocus.com/bid/10152
Summary:
An information leakage vulnerability has been reported to exist in the 
Linux kernel when writing to an ext3 file system.  This issue is due to 
a design error that causes some kernel information to be leaked.

It has been reported that this issue requires that the attacker be able 
to read the raw device; an action which is restricted to privileged 
users.  Due to the nature of the issue, this really only poses a security 
risk if the privileged user is not intended to access this information 
already.

21. Cisco IPsec VPN Client Group Password Disclosure Vulnerabili...
BugTraq ID: 10155
Remote: No
Date Published: Apr 15 2004
Relevant URL: http://www.securityfocus.com/bid/10155
Summary:
The Cisco IPsec VPN client has been reported prone to a vulnerability, 
which may result in the compromise of the Group Password. The issue is 
reported to present itself because the Group Password is not encrypted 
or obfuscated in any way when it is stored in process memory.

22. Gemitel Affich.PHP Remote File Include Command Injection Vul...
BugTraq ID: 10156
Remote: Yes
Date Published: Apr 15 2004
Relevant URL: http://www.securityfocus.com/bid/10156
Summary:
A vulnerability has been identified in the handling of input by 
Gemitel.  Because of this, it may be possible for a remote user to gain 
unauthorized access to a system using the vulnerable software.

It is possible to influence the include path of certain files, which 
could lead to an attacker including arbitrary PHP files from an external 
system.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/360618

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary: 

Immunity CANVAS is 100% pure Python, and every license includes full 
access to the entire CANVAS codebase. Python is one of the easiest 
languages to learn, so even novice programmers can be productive on the 
CANVAS API, should they so chose. 

Immunity CANVAS is both a valuable demonstration tool for enterprise 
information security teams or system adminstrators, and an advanced 
development platform for exploit developers, or people learning to become 
exploit developers.

2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, 
Windows XP
Relevant URL: 
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary: 

SecretAgent is a file encryption and digital signature utility, 
supporting cross-platform interoperability over a wide range of platforms: 
Windows, Linux, Mac OS X, and UNIX systems.

It's the perfect solution for your data security requirements, 
regardless of the size of your organization.

Using the latest recognized standards in encryption and digital 
signature technology, SecretAgent ensures the confidentiality, integrity, and 
authenticity of your data.

3. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: 
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary: 

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business 
Vault, an information security solution that enables organizations to 
safely overcome traditional network boundaries in order to securely share 
business information among customers, business partners, and remote 
branches. It provides a seamless, LAN-like experience over the Internet 
that includes all the security, performance, accessibility, and ease of 
administration required to allow organizations to share everyday 
information worldwide. To learn more about these core attributes of the 
Inter-Business Vault click on the relevant link below:

4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Samhain v1.8.6
By: rainer
Relevant URL: http://la-samhna.de/samhain/
Platforms: AIX, Digital UNIX/Alpha, FreeBSD, HP-UX, Linux, Solaris, 
Unixware
Summary: 

samhain is a daemon that can check file integrity, search the file tree 
for SUID files, and detect kernel module rootkits (Linux only). It can 
be used either standalone or as a client/server system for centralized 
monitoring, with strong (192-bit AES) encryption for client/server 
connections and the option to store databases and configuration files on 
the server. For tamper resistance, it supports signed 
database/configuration files and signed reports/audit logs. It has been tested on Linux, 
FreeBSD, Solaris, AIX, HP-UX, and Unixware.

2. C-Kermit v8.0.211
By: Frank da Cruz 
Relevant URL: http://www.columbia.edu/kermit/ckermit.html
Platforms: AIX, FreeBSD, HP-UX, Linux, MacOS, NetBSD, OpenBSD, SCO, 
Solaris, SunOS
Summary: 

C-Kermit is a combined serial and network communication software 
package offering a consistent, medium-independent, cross-platform approach to 
connection establishment, terminal sessions, file transfer, 
character-set translation, numeric and alphanumeric paging, and automation of 
communication tasks. Recent versions include FTP and HTTP clients as well 
as an SSH interface, all of which can be scripted and aware of 
character-sets. It supports built-in security methods, including Kerberos IV, 
Kerberos V, SSL/TLS, and SRP, FTP protocol features such as MLSD, and 
source-code parity with Kermit 95 2.1 for Windows and OS/2.

3. p3pmail v1.1
By: laitcg
Relevant URL: http://p3scan.sourceforge.net/
Platforms: Linux
Summary: 

p3pmail will remove dangerous HTML tags from email messages to make 
them safer for viewing. It does this by skipping the header of the email 
message before parsing it for dangerous HTML tags. It will only parse 
HTML email.

4. Astaro Security Linux (Stable 5.x) v5.000
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary: 

Astaro Security Linux is a firewall solution. It does stateful packet 
inspection filtering, content filtering, user authentication, virus 
scanning, VPN with IPSec and PPTP, and much more. With its Web-based 
management tool, WebAdmin, and the ability to pull updates via the Internet, 
it is pretty easy to manage. It is based on a special hardened Linux 
2.4 distribution where most daemons are running in change-roots and are 
protected by kernel capabilities.

5. NSA Security-enhanced Linux v2004040714
By: National Security Agency
Relevant URL: http://www.nsa.gov/selinux/
Platforms: Linux
Summary: 

NSA Security-enhanced Linux is a set of patches to the Linux kernel and 
some utilities to incorporate a strong, flexible mandatory access 
control architecture into the major subsystems of the kernel. It provides a 
mechanism to enforce the separation of information based on 
confidentiality and integrity requirements, which allows threats of tampering and 
bypassing of application security mechanisms to be addressed and 
enables the confinement of damage that can be caused by malicious or flawed 
applications. It includes a set of sample security policy configuration 
files designed to meet common, general-purpose security goals.

6. Telconi Terminal for Cisco IOS v0.6a 
By: Stywiz
Relevant URL: http://www.telconi.com/
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows NT, Windows XP
Summary: 

Telconi Terminal is an unique network management application with 
interactive full-screen configuration editing, browsing, help facility 
support, debugging, and more. It focuses on common Cisco IOS functionality 
present with any hardware or software configuration, and complements the 
command line interface with a rich set of features. It is intended for 
users with knowledge of Cisco IOS, and is designed to work with any 
IOS-based device, such as routers and switches.

VII. SPONSOR INFORMATION
-----------------------

This Issue is Sponsored By: SecurityFocus staff

Want to keep up on the latest security vulnerabilities? Don't have time 
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see 
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------