Date: 28 Dec 2004 20:41:35 -0000
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #216
SecurityFocus Linux Newsletter #216
------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Spam Punishment Doesn't Fit the Crime
     2. Why Open Source Solaris?
II. LINUX VULNERABILITY SUMMARY
     1. HTGET URI Buffer Overflow Vulnerability
     2. PHP Shared Memory Module Offset Memory Corruption Vulnerabil...
     3. KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabil...
     4. CHPOX Unspecified Vulnerability
     5. GNU Troff (Groff) Insecure Temporary File Creation Vulnerabi...
     6. MIT Kerberos 5 Administration Library Add_To_History Heap-Ba...
     7. LibVNCServer Multiple Unspecified Vulnerabilities
     8. Rosiello Security RFTPD Multiple Remote And Local Vulnerabil...
     9. Perl RMTree Local Race Condition Vulnerability
     10. Rosiello Security RPF Multiple Remote And Local 
Vulnerabilit...
     11. libTIFF Heap Corruption Integer Overflow Vulnerabilities
     12. MPlayer And Xine PNM_Get_Chunk Multiple Remote Client-Side 
B...
     13. Debian Debmake Local Insecure Temporary File Creation 
Vulner...
     14. Linux Kernel 32 Bit Compatibility System Call Handler AMD64 
...
     15. Skype Technologies Skype Internet Telephony Insecure 
Default...
     16. Snort DecodeTCPOptions Remote Denial Of Service 
Vulnerabilit...
     17. SSLTelnetd Unspecified Format String Vulnerability
     18. NetWin SurgeMail Webmail Unspecified Vulnerability
     19. Linux Security Modules Process Capabilities Design Error
     20. Nullsoft SHOUTcast File Request Format String Vulnerability
     21. Linux Kernel ELF Binary Loading Denial Of Service 
Vulnerabil...
III. LINUX FOCUS LIST SUMMARY
     1. Honeynet KYE paper (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. CoreGuard Core Security System
     2. EnCase Forensic Edition
     3. KeyGhost SX
     4. SafeKit
     5. Astaro Linux Firewall
     6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
     1. pasmal 1.5
     2. PatchLink Update 6.01.78
     3. AutoScan b0.92 R6
     4. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
     5. rootsh 0.2
     6. Maillog View  v1.03.3
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Spam Punishment Doesn't Fit the Crime
By Mark Rasch

When spammers are treated more harshly than those who commit war crimes 
in
Rwanda, and are fined more than companies that destroy the environment,
it's time to revisit our strategy.

http://www.securityfocus.com/columnists/287


2. Why Open Source Solaris?
By Daniel Hanson

Sun is getting into the open-source business with Solaris, but will 
this
automatically translate into better sales?

http://www.securityfocus.com/columnists/286

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. HTGET URI Buffer Overflow Vulnerability
BugTraq ID: 12039
Remote: Yes
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12039
Summary:
HTGET is prone to a buffer overflow vulnerability.  This vulnerability 
is exposed when the software handles a malformed URI.

Successful exploitation may result in execution of arbitrary code in 
the context of the client user.

2. PHP Shared Memory Module Offset Memory Corruption Vulnerabil...
BugTraq ID: 12045
Remote: No
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12045
Summary:
PHP shared memory module (shmop) is reported prone to an integer 
handling vulnerability. The issue exists in the PHP_FUNCTION(shmop_write) 
function and is as a result of a lack of sufficient sanitization performed 
on 'offset' data.

This vulnerability may be exploited to make an almost arbitrary write 
into process memory. It is reported that the vulnerability may be 
leveraged to disable PHP 'safe mode', this may result in further compromise 
in a shared-server environment.

3. KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabil...
BugTraq ID: 12046
Remote: Yes
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12046
Summary:
KDE Konqueror is a freely available, open source web browser 
distributed and maintained by the KDE project. It is available for the UNIX and 
Linux operating systems.

Multiple remote Java sandbox bypass vulnerabilities affect KDE 
Konqueror.  These issues are due to a failure of the application to properly 
secure the Java web plug-in.

The first issue is a failure of the application to restrict access to 
sensitive Java classes from the Java browser plug-in.  The second issue 
is a failure of the application to restrict access to sensitive Java 
classes from JavaScript scripts.

These issues may be leveraged to carry out a variety of unspecified 
attacks including sensitive information disclosure and denial of service 
attacks. Any successful exploitation would take place with the 
privileges of the user running the affected browser application.

4. CHPOX Unspecified Vulnerability
BugTraq ID: 12055
Remote: Unknown
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12055
Summary:
chpox is affected by an unspecified vulnerability; it is not known if 
this issue is local or remote.  The underlying cause of this issue is 
currently unknown.

The potential impact of this issue is also unknown.  Users are advised 
to upgrade to the latest version of the affected software.

More information is not currently available.  This BID will be updated 
as more details are released.

5. GNU Troff (Groff) Insecure Temporary File Creation Vulnerabi...
BugTraq ID: 12058
Remote: No
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12058
Summary:
GNU Troff (groff) is affected by multiple insecure temporary file 
creation vulnerabilities.  These issues are due to a design error that 
causes the application to fail to verify the existence of a file before 
writing to it. 

An attacker may leverage these issues to overwrite arbitrary files with 
the privileges of an unsuspecting user that activates the vulnerable 
application. 

GNU Troff (groff) 1.18 is reported vulnerable to these issues.  Other 
versions are likely to be vulnerable as well.  This BID will be updated 
when more information becomes available.

6. MIT Kerberos 5 Administration Library Add_To_History Heap-Ba...
BugTraq ID: 12059
Remote: No
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12059
Summary:
It is reported that the MIT Kerberos 5 administration library is 
affected by a heap-based buffer overflow vulnerability. The vulnerability 
presents itself in the 'add_to_history()' function of the  
'svr_principal.c' source file. The vulnerability exists due to an indexing error that 
occurs under certain circumstances. 

An authenticated attacker may potentially exploit this vulnerability on 
a Key Distribution Center (KDC) to execute arbitrary code in the 
context of the vulnerable service, ultimately resulting in the compromise of 
an entire Kerberos realm.

7. LibVNCServer Multiple Unspecified Vulnerabilities
BugTraq ID: 12068
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12068
Summary:
Multiple, unspecified vulnerabilities reportedly affect LibVNCServer.  
The underlying cause of these issues is currently unknown.

The potential impacts of these issues are unknown.  Due to the nature 
of the affected software it is possible that these issues may be 
leveraged to conduct denial of service and even system compromise, although 
this is not confirmed.

8. Rosiello Security RFTPD Multiple Remote And Local Vulnerabil...
BugTraq ID: 12071
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12071
Summary:
Multiple remote vulnerabilities reportedly affect Rosiello Security's 
rftpd.  These issues are due to buffer mismanagement and failures to 
handle certain network data.

The first issue is a failure of the application to properly implement 
an authentication scheme. Multiple information leaks reportedly affects 
the application due to a failure to properly NULL terminate strings 
created with the 'strncpy()' function. Multiple remote buffer overflows 
are reported to affect various commands of the affected server 
application. A local buffer overflow exists in the processing of the Message Of 
The Day (MOTD) file. Finally, the affected application is affected by an 
access validation vulnerability.

These issues may be exploited to gain unauthorized access to the FTP 
server, reveal potentially sensitive memory, trigger a denial of service 
condition, bypass file and directory permissions, and execute arbitrary 
code with the privilege of the affected server process.

9. Perl RMTree Local Race Condition Vulnerability
BugTraq ID: 12072
Remote: No
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12072
Summary:
Perl is reported prone to a local race condition. The vulnerability is 
present in the 'rmtree()' function provided by the 'File::Path' module.

A local attacker may exploit this condition to disclose potentially 
sensitive data, or to launch other attacks against an application that 
employs the vulnerable function.

10. Rosiello Security RPF Multiple Remote And Local Vulnerabilit...
BugTraq ID: 12073
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12073
Summary:
A remote buffer overflow and a local symbolic link vulnerability 
reportedly affect Rosiello Security rpf.  These issues are due to a failure 
of the application to properly validate user-supplied string lengths and 
a design error facilitating local symbolic link attacks.

The buffer overflow will allow a remote attacker execute arbitrary code 
with the privileges of a user running the vulnerable application, 
facilitating unauthorized access and privilege escalation. An attacker may 
leverage the symbolic link issue to corrupt arbitrary files with the 
privileges of the user that activated the affected application.

11. libTIFF Heap Corruption Integer Overflow Vulnerabilities
BugTraq ID: 12075
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12075
Summary:
It has been reported that libtiff is affected by two heap corruption 
vulnerabilities due to integer overflow errors that can be triggered when 
malicious or malformed image files are processed.  Theoretically, an 
attacker can exploit the vulnerabilities to execute arbitrary code in the 
context of an application linked to the library, when TIFF image data 
is processed (i.e. displayed).  Because image data is frequently 
external in origin, these vulnerabilities are considered remotely exploitable.

12. MPlayer And Xine PNM_Get_Chunk Multiple Remote Client-Side B...
BugTraq ID: 12076
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12076
Summary:
Multiple buffer overflow vulnerabilities are reported to exist in the 
xine and MPlayer utilities. The following issues are reported:

Several buffer overflow vulnerabilities are reported to exist in the 
'pnm_get_chunk()' function.

Reports indicate that the vulnerabilities present themselves in the 
RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of 
'pnm_get_chunk()'.

A remote attacker may potentially leverage this memory corruption to 
execute arbitrary code in the context of a user that uses the vulnerable 
utility to connect to a malicious PNM server.

An additional buffer overflow vulnerability is reported to exist in the 
PNA_TAG handling code of the 'pnm_get_chunk()' function. 

It is reported that supplied PNA_TAG data is copied into a finite 
buffer without sufficient boundary checks. This results in memory 
corruption. A remote attacker may potentially leverage this memory corruption to 
execute arbitrary code in the context of a user that uses the 
vulnerable utility to connect to a malicious PNM server.

13. Debian Debmake Local Insecure Temporary File Creation Vulner...
BugTraq ID: 12078
Remote: No
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12078
Summary:
A local insecure file creation vulnerability affects Debian's debmake.  
This issue is due to a design error that causes the affected 
application to create temporary files insecurely.

An attacker may leverage this issue to corrupt arbitrary files with the 
privileges of the user that activates the affected application.

14. Linux Kernel 32 Bit Compatibility System Call Handler AMD64 ...
BugTraq ID: 12079
Remote: No
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12079
Summary:
Linux Kernel is reported prone to a local privilege escalation 
vulnerability.  This issue may allow an attacker to gain elevated privileges 
leading to a complete compromise of a vulnerable computer.

It is reported that this issue arises as the 32 bit compatibility 
system call handler fails to verify an unspecified argument properly.  This 
vulnerability only presents itself on the AMD64 platform.

This issue reportedly affects 2.4.x versions of the kernel.

Further details about this issue are currently unavailable.  This BID 
will be updated if more information is released.

15. Skype Technologies Skype Internet Telephony Insecure Default...
BugTraq ID: 12081
Remote: No
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12081
Summary:
An insecure default installation vulnerability reportedly affects Skype 
Technologies Skype. This issue is due to a failure of the application 
to properly secure files and directories that are installed.

This issue is only reported to affect Skype for the Linux platform.

An attacker may leverage this issue to create, delete, and write to 
arbitrary files and create files in the insecure directory.

16. Snort DecodeTCPOptions Remote Denial Of Service Vulnerabilit...
BugTraq ID: 12084
Remote: Yes
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12084
Summary:
Snort is reported prone to a remote denial of service vulnerability. 
The vulnerability is reported to exist in the DecodeTCPOptions() function 
of 'decode.c', and is as a result of a failure to sufficiently handle 
malicious TCP packets.

A remote attacker may trigger this vulnerability to crash a remote 
Snort server and in doing so may prevent subsequent malicious attacks from 
being detected.

17. SSLTelnetd Unspecified Format String Vulnerability
BugTraq ID: 12085
Remote: Yes
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12085
Summary:
Reportedly SSLTelnetd is affected by an unspecified format string 
vulnerability.  This issue is due to an improper implementation of a 
formatted string function. 

Specific technical details about this issue were not disclosed.  It is 
conjectured that due to the nature of the affected application, this 
issue is remotely exploitable.

This vulnerability is reported to affect Linux Netkit netkit-telnet-ssl 
0.17.17, however, it is likely that other versions are affected as 
well.

This BID will be updated when more information becomes available.

18. NetWin SurgeMail Webmail Unspecified Vulnerability
BugTraq ID: 12086
Remote: Yes
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12086
Summary:
SurgeMail is reported prone to an unspecified vulnerability.  This 
issue affects the Webmail functionality of the SurgeMail server.  Further 
details were not released in the report by the vendor.  It is 
conjectured that due to the nature of this application, this vulnerability may 
result from an input validation error.  Although unconfirmed, this issue 
is considered to be remotely exploitable.

SurgeMail releases prior to 2.2c9 are affected by this vulnerability.

Due to a lack of details, further information is not available at the 
moment.  This BID will be updated when more information becomes 
available.

19. Linux Security Modules Process Capabilities Design Error
BugTraq ID: 12093
Remote: No
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12093
Summary:
It has been reported that Linux Security Modules suffers from a design 
error that could result in host compromise.  According to the report, 
when LSM is loaded as a kernel module, existing processes on the system 
will be granted unauthorized capabilities.  This includes non-root 
processes.  A malicious user on the system at this time will have 
effectively gained administrative access.

Reported affected are versions of LSM for Linux kernels 2.5.x and 
2.6.x.  LSM on Linux 2.4.x is reportedly not vulnerable.

20. Nullsoft SHOUTcast File Request Format String Vulnerability
BugTraq ID: 12096
Remote: Yes
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12096
Summary:
Nullsoft SHOUTcast is prone to a remotely exploitable format string 
vulnerability.  The vulnerability is exposed when the server attempts to 
handle a client request for a file.

Successful exploitation may allow execution of arbitrary code in the 
context of the server process.  This could also be exploited to crash the 
server and, possibly, to read process memory (which could increase 
reliability of an exploit).

This issue was reported to exist in version 1.9.4 on Linux.  It is 
likely that versions for other platforms are also affected by the 
vulnerability, though it is not known to what degree they are exploitable.  
Earlier versions of the software are also likely affected.

21. Linux Kernel ELF Binary Loading Denial Of Service Vulnerabil...
BugTraq ID: 12101
Remote: Yes
Date Published: Dec 24 2004
Relevant URL: http://www.securityfocus.com/bid/12101
Summary:
The Linux kernel is affected by an ELF binary loading vulnerability.  
This issue is due to a failure of the affected kernel to properly handle 
malformed ELF binaries.

An attacker may leverage this issue to cause the affected kernel to 
crash, denying service to legitimate users.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Honeynet KYE paper (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/385316

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary: 

CoreGuard System profile

The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates 
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.

CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets 
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits

2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary: 

Astaro Linux Firewall: All-in-one firewall, virus protection, content 
filtering and spam protection internet security software package for 
Linux. 
Free download for home users.

6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, 
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary: 

Low cost, easy to use Two Factor Authentication One Time Password token 
using the Cellular. Does not use SMS or communication, manages multiple 
OTP accounts - new technology. For any business that want a safer 
access to its Internet Services. More information at our site.
 
We also provide eAuthentication service for businesses that will not 
buy an Authentication product but would prefer to pay a monthly charge 
for authentication services from our our CAT Server.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. pasmal 1.5
By: James Meehan
Relevant URL: http://www.elitelabs.org/
Platforms: Linux
Summary: 

pasmal 1.5 is a port knocking authentification system using simple or 
encrypted tcp/udp/icmp packets. pasmal can be used with 
iptables/ipchains (firewall purposes) or any other program (remote shell, reboot, 
etc)It is packaged with a php web admin, a command line client 
pasmal.client, start/stop rc.d scripts.pasmal 1.5 also feature an intrusion/attempts 
detection system due to its sniffers capabilities, running with syslogd 
and custom log files.

2. PatchLink Update 6.01.78
By: PatchLink Corporation
Relevant URL: 
http://www.patchlink.com/products_services/plu_evaluationrequest.html
Platforms: AIX, DG-UX, Digital UNIX/Alpha, DOS, HP-UX, Java, Linux, 
MacOS, Net, NetBSD, Netware, OpenVMS, PalmOS, POSIX, SecureBSD, SINIX, 
Solaris, SunOS, True64 UN, True64 UNIX, Ultrix, UNICOS, UNIX, Unixware, 
Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary: 

With PATCHLINK UPDATE, patch management is the secure, proactive, and 
preventative process it should be. PATCHLINK UPDATE scans networks for 
security holes and closes them with the click of a mouse, no matter the 
operating system, the vendor applications, the mix, or the size of the 
environment. From 5K nodes to 20+K nodes, PATCHLINK UPDATE works 
quickly, accurately and safely to ensure desktops and servers are patched 
correctly and completely the first time around.

3. AutoScan b0.92 R6
By: Lagarde Thierry
Relevant URL: http://autoscan.free.fr/
Platforms: Linux
Summary: 

AutoScan is an application designed to explore and to manage your 
network. Entire subnets can be scanned simultaneously without human 
intervention. It features OS detection, automatic network discovery, a port 
scanner, a Samba share browser, and the ability to save the network state.

4. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary: 

KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects 
full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26 
uses a character device to pass socks5 and target ips to the Linux 
Kernel. I have choosen to write in kernel space to enjoy myself [I know 
that there are easier and safer ways to write this in userspace].

5. rootsh 0.2
By: Gerhard Lausser
Relevant URL: http://sourceforge.net/projects/rootsh/
Platforms: AIX, HP-UX, Linux, POSIX, SINIX, Solaris, UNIX
Summary: 

Rootsh is a wrapper for shells which logs all echoed keystrokes and 
terminal output to a file and/or to syslog. It's main purpose is the 
auditing of users who need a shell with root privileges. They start rootsh 
through the sudo mechanism. I's in heavy use here at a big bavarian car 
manufacturer (three letters, fast, cool,...) for project users whom you 
can't deny root privileges.

6. Maillog View  v1.03.3
By: Angelo 'Archie' Amoruso
Relevant URL: http://www.netorbit.it/modules.html
Platforms: Linux
Summary: 

Maillog View is a Webmin module that allows you to easily view all your 
/var/log/maillog.* files. It features autorefresh, message size 
indication, ascending/descending view order, compressed file support, and a 
full statistics page. Sendmail, Postfix, Exim, and Qmail (partially) are 
supported. Courier MTA support is experimental.

VII. SPONSOR INFORMATION
-----------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------