Date: 25 Jan 2005 22:56:51 -0000
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #220
SecurityFocus Linux Newsletter #220
------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Unintended Consequences
     2. Blind Buffer Overflows In ISAPI Extensions
II. LINUX VULNERABILITY SUMMARY
     1. Gatos xatitv Unspecified Buffer Overflow Vulnerability
     2. PlayMidi Local Buffer Overflow Vulnerability
     3. MySQL Database MySQLAccess Local Insecure Temporary File Cre...
     4. Gallery Multiple Unspecified Input Validation Vulnerabilitie...
     5. ImageMagick Photoshop Document Parsing Remote Client-Side Bu...
     6. GNU Queue Multiple Unspecified Buffer Overflow Vulnerabiliti...
     7. XPDF MAKEFILEKEY2 Function Remote Buffer Overflow Vulnerabil...
     8. CMSimple Multiple Remote Input Validation Vulnerabilities
     9. Apache Utilities Insecure Temporary File Creation Vulnerabil...
     10. Linux Kernel Audit Subsystem Local Denial Of Service 
Vulnera...
     11. RealNetworks RealOne Player And RealPlayer ShowPreferences 
A...
     12. Konversation IRC Client Multiple Remote Vulnerabilities
     13. RealNetworks RealOne Player And RealPlayer Multiple 
Potentia...
     14. xtrlock Unspecified Local Buffer Overflow Vulnerability
     15. Sun Java Plug-in Multiple Applet Vulnerabilities
     16. Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of 
...
     17. Advanced Linux Sound Architecture Library Stack Protection 
D...
     18. Multiple Ethereal Unspecified Dissector Vulnerabilities
     19. Ghostscript Multiple Local Insecure Temporary File Creation 
...
     20. GNU Enscript Multiple Vulnerabilities
     21. Linux Kernel Unspecified Local NFS I/O Denial of Service 
Vul...
III. LINUX FOCUS LIST SUMMARY
     1. Encrypted Filesystems (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. CoreGuard Core Security System
     2. EnCase Forensic Edition
     3. KeyGhost SX
     4. SafeKit
     5. Astaro Linux Firewall
     6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Firestarter 1.0.0
     2. Network Equipment Performance Monitor 2.2
     3. BitDefender for qmail v1.5.5-2 
     4. Bilbo 0.11
     5. Ipanto Secure 2.0
     6. ROPE for IpTables 20041119
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Unintended Consequences
By Scott Granneman

The law of unintended consequences shows us how many innocent 
innovations
like email, anti-virus and DRM can become something far worse than the
inventors had ever imagined.

http://www.securityfocus.com/columnists/293


2. Blind Buffer Overflows In ISAPI Extensions
By Isaac Dawson

This paper will outline the risks ISAPI Extensions pose and how they 
can be
exploited by third parties without any binary exposure or knowledge 
using
blind stack overflows. This method can enable remote code execution in
proprietary and third party applications.

http://www.securityfocus.com/infocus/1819

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Gatos xatitv Unspecified Buffer Overflow Vulnerability
BugTraq ID: 12273
Remote: Unknown
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12273
Summary:
An unspecified buffer overflow vulnerability affects the gatos xatitv 
utility, which is setuid by default. This issue is due to a failure of 
the application to properly validate the length of user-supplied strings 
prior to copying them into static process buffers.

The details currently available surrounding this issue are insufficient 
to provide and accurate technical description.  It is not known if this 
issue is triggered by an excessively long command line argument, or by 
some configuration file parameter, or by some multimedia file 
parameter.  

This BID will be updated as more details are released.

An attacker may leverage this issue to execute arbitrary instructions 
with the privileges of the superuser.  This may potentially lead to 
privilege escalation or unauthorized access.

2. PlayMidi Local Buffer Overflow Vulnerability
BugTraq ID: 12274
Remote: No
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12274
Summary:
A local buffer overflow vulnerability affects Playmidi.  This issue is 
due to a failure of the an unspecified setuid utility that is packaged 
with the Playmidi suite to properly validate the length of 
user-supplied strings prior to copying them into static process buffers.

This BID will be updated as more information becomes available.

A local attacker may leverage this issue to execute arbitrary 
instructions with the privileges of the superuser.  This may facilitate 
privilege escalation and potentially unauthorized access.

3. MySQL Database MySQLAccess Local Insecure Temporary File Cre...
BugTraq ID: 12277
Remote: No
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12277
Summary:
A local insecure temporary file creation vulnerability affects the 
MySQL Database.  This issue is due to a failure of a script bundled with 
the application to securely create temporary files in globally accessible 
locations.

An attacker may leverage this issue to corrupt arbitrary files with the 
privileges of the user that activates the vulnerable script.

4. Gallery Multiple Unspecified Input Validation Vulnerabilitie...
BugTraq ID: 12286
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12286
Summary:
Gallery is reported prone to multiple unspecified remote input 
validation vulnerabilities. It is reported that multiple instances of 
insufficient sanitization performed on Gallery variables were fixed; reports 
indicate that these issues may be exploited to disclose Gallery passwords 
contained in the Gallery database.

5. ImageMagick Photoshop Document Parsing Remote Client-Side Bu...
BugTraq ID: 12287
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12287
Summary:
A client-side buffer overflow vulnerability affects the Photoshop 
document (PSD) parsing functionality of ImageMagick. This issue is due to a 
failure of the application to properly validate the length of 
user-supplied strings prior to copying them into static process buffers.

An attacker may exploit this issue remotely by sending a malicious file 
through email or some other means to an unsuspecting user and enticing 
them to process it with the affected application.

An attacker may exploit this issue to execute arbitrary code with the 
privileges of the user that activated the vulnerable application. This 
may facilitate unauthorized access or privilege escalation.

6. GNU Queue Multiple Unspecified Buffer Overflow Vulnerabiliti...
BugTraq ID: 12293
Remote: Unknown
Date Published: Jan 18 2005
Relevant URL: http://www.securityfocus.com/bid/12293
Summary:
Multiple unspecified buffer overflow vulnerabilities affect GNU Queue. 
This issue is due to a failure of the application to properly validate 
the length of user-supplied strings prior to copying them into static 
process buffers.

An attacker may leverage these issues to execute instructions with the 
privileges of the affected application. Although unconfirmed this may 
facilitate unauthorized access or privilege escalation.

This BID will be updated as more information becomes available.

7. XPDF MAKEFILEKEY2 Function Remote Buffer Overflow Vulnerabil...
BugTraq ID: 12302
Remote: Yes
Date Published: Jan 18 2005
Relevant URL: http://www.securityfocus.com/bid/12302
Summary:
xpdf is reported prone to a remote buffer overflow vulnerability. This 
issue exists because the applications fails to perform proper boundary 
checks before copying user-supplied data in to process buffers. A 
remote attacker may execute arbitrary code in the context of a user running 
the application. This can result in the attacker gaining unauthorized 
access to the vulnerable computer. 

It is reported that this issue presents itself in the 
'Decrypt::makeFileKey2' function residing in the 'xpdf/Decrypt.cc' file.

This issue is reported to affect xpdf 3.00, however, it is likely that 
earlier versions are prone to this vulnerability as well.  Applications 
using embedded xpdf code may be vulnerable to this issue as well.

8. CMSimple Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 12303
Remote: Yes
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12303
Summary:
Multiple input validation vulnerabilities affect CMSimple.  These 
issues are due to a failure of the application to properly sanitize 
user-supplied input prior to including it in dynamically generated Web content.

The first issue is an HTML injection vulnerability in the guestbook 
functionality of the application.  The second issue is a cross-site script 
vulnerability in the search functionality of the application. 

An attacker may leverage these issues to have arbitrary script code 
executed in the context of the vulnerable Web site.  This will facilitate 
theft of cookie based authentication credentials as well as other 
attacks.

9. Apache Utilities Insecure Temporary File Creation Vulnerabil...
BugTraq ID: 12308
Remote: No
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12308
Summary:
A local insecure temporary file creation vulnerability reportedly 
affects Apache Software Foundation Apache Utilities.  This issue is due to a 
failure of the affected utility to securely create temporary files in 
world writable locations.

An attacker may leverage this issue to corrupt, write to or create 
arbitrary files with the privileges of the user or process running the 
vulnerable script.

10. Linux Kernel Audit Subsystem Local Denial Of Service Vulnera...
BugTraq ID: 12309
Remote: No
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12309
Summary:
An unspecified local denial of service vulnerability is reported to 
affect the system call filtering code in the audit subsystem of the Linux 
kernel.

Originally, it was believed that this vulnerability was isolated to the 
kernel that is distributed with Red Hat Enterprise Linux. This is not 
the case and this BID is updated accordingly.

11. RealNetworks RealOne Player And RealPlayer ShowPreferences A...
BugTraq ID: 12311
Remote: Yes
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12311
Summary:
RealOne Player and RealPlayer are affected by a buffer overflow 
vulnerability.  This issue may be exploited by a remote attacker to execute 
arbitrary code in the context of the software.

The application fails to perfrom proper boundary checks before copying 
the arguments of the 'ShowPreferences' action to a static buffer 
through a 'sprintf()' function call.

An attacker can design a malicious Web site or skin file and trigger an 
overflow condition in the application.  This issue may be leveraged to 
execute arbitrary code in the context of the user running the 
application.

It is likely that this issue is identical the vulnerability described 
in BID 11307 (RealNetworks RealOne Player And RealPlayer Unspecified Web 
Page Code Execution Vulnerability).  This cannot be confirmed at the 
moment, however, one of the BIDs will be retired, if it turns out that 
the BIDs represent the same issue.

12. Konversation IRC Client Multiple Remote Vulnerabilities
BugTraq ID: 12312
Remote: Yes
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12312
Summary:
Konversation is a freely available IRC client for KDE windows 
environments on Linux platforms.

Multiple remote vulnerabilities affect the Konversation IRC client.  
These issues are due to input validation failures and design flaws.

The first issue is due to a failure of the application to filter 
various parameters from the IRC environment prior to including them in 
commands made to the underlying operating system.  The second issue affects 
the QuickButtons functionality of the vulnerable application. Finally a 
design error causes the quick connect dialogue to confuse a supplied 
nickname with a supplied password.

An attacker may leverage these issues to execute arbitrary shell and 
Konversation commands, potentially leading to denial of service attacks 
and system compromise.

13. RealNetworks RealOne Player And RealPlayer Multiple Potentia...
BugTraq ID: 12315
Remote: Yes
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12315
Summary:
RealNetworks RealOne Player And RealPlayer are reported prone to 
multiple potential vulnerabilities.  These issues may allow an attacker to 
potentially execute arbitrary code or disclose the presence of files on a 
vulnerable computer.

The following specific issues were identified:

The first issue presents itself when the application processes Real 
Metadata Package files containing malformed tags.  The researchers 
responsible for discovering this issue have reported that this issue may not 
be exploitable and represents a potential threat.

The second issue may allow attacker to determine the existence of files 
on a vulnerable computer.  The validity of this issue is not confirmed 
at the moment is also considered a potential threat.

It is likely that this issues were originally released as unspecified 
vulnerabilities. This cannot be confirmed at the moment, however, one of 
the BIDs will be retired, if it turns out that the BIDs represent the 
same issues.

14. xtrlock Unspecified Local Buffer Overflow Vulnerability
BugTraq ID: 12316
Remote: No
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12316
Summary:
xtrlock is reported prone to an unspecified local buffer overflow 
vulnerability.  This issue exists due to insufficient boundary checks 
performed by the application when copying user-supplied data in to process 
buffers.

xtrlock is likely to be executed with superuser privileges, allowing 
the attacker to gain elevated privileges.

Due to a lack of information, further details cannot be provided at the 
moment.  This BID will be updated when more information is available.

15. Sun Java Plug-in Multiple Applet Vulnerabilities
BugTraq ID: 12317
Remote: Yes
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12317
Summary:
The Sun Java Plug-in is prone to multiple vulnerabilities.

The first issue can allow an untrusted applet to escalate its 
privileges to access resources with the privilege level of the user running the 
applet.

This issue only exists in Internet Explorer running on Windows.

The second issue allows an untrusted applet to interfere with another 
applet embedded in the same web page.

This issue exists in Java running on Windows, Solaris, and Linux.

16. Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of ...
BugTraq ID: 12324
Remote: Yes
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12324
Summary:
Squid is reported to be susceptible to a denial of service 
vulnerability in its NTLM authentication module. 

This vulnerability presents itself when an attacker sends unspecified 
NTLM data to Squid.  The issue exists due to a memory leak that occurs 
because memory allocated to store a base64-decoded string is not freed.

It is conjectured that this issue allows an attacker to cause the NTLM 
helper application to run out of memory and fail.

17. Advanced Linux Sound Architecture Library Stack Protection D...
BugTraq ID: 12325
Remote: No
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12325
Summary:
The Advanced Linux Sound Architecture (ALSA) library contains a 
weakness that disables stack protection schemes for its children.

If a child application of the ALSA library contains an exploitable 
stack overflow, it will not be protected against by any stack protection 
schemes that may be in place, potentially allowing arbitrary code to be 
executed on the computer.

18. Multiple Ethereal Unspecified Dissector Vulnerabilities
BugTraq ID: 12326
Remote: Yes
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12326
Summary:
Ethereal is prone to multiple vulnerabilities ranging from denial of 
service to arbitrary code execution.

The first issue could cause the COPS dissector to go into an infinite 
loop.

The second issue could cause the DLSw dissector to force Ethereal to 
exit prematurely.

The third issue could cause the DNP dissector to corrupt memory.

The fourth issue could cause the Gnutella dissector to force Ethereal 
to exit prematurely.

The fifth issue could cause the MMSE dissector to free statically 
allocated memory.

The sixth issue could cause a buffer overflow in the X11 dissector.

19. Ghostscript Multiple Local Insecure Temporary File Creation ...
BugTraq ID: 12327
Remote: No
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12327
Summary:
Ghostscript is reportedly affected by multiple local insecure temporary 
file creation vulnerabilities.  These issues are likely due to a design 
error that causes the application to fail to verify the existence of a 
file before writing to it.

An attacker may leverage these issues to overwrite arbitrary files with 
the privileges of an unsuspecting user that activates a vulnerable 
application.

AFPL Ghostscript version 8.50, and GNU Ghostscript 8.01 are reportedly 
affected by these vulnerabilities. Other versions may also be affected.

20. GNU Enscript Multiple Vulnerabilities
BugTraq ID: 12329
Remote: Yes
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12329
Summary:
Multiple vulnerabilities are reported in GNU enscript.

The first issues are reportedly due to insufficient sanitization of 
user-supplied input data, leading to the possibility of arbitrary command 
execution.

There are also reportedly multiple unspecified buffer overflow 
vulnerabilities present in the utility. These issues are due to a failure of 
the application to properly bounds check user-supplied data prior to 
copying it into insufficiently sized memory buffers.

These issues are all locally exploitable, as enscript does not contain 
any network support. By combining enscript in network-based 
applications such as 'viewcvs', and possibly others, these issues could likely be 
remotely exploited.

Enscript is not installed with setuid privileges, but it may be 
utilized as a part of print spooler systems. By exploiting these issues, 
attackers may be able to execute arbitrary commands or machine code in the 
context of the affected system that is utilizing the affected utility. 
Other attacks are also possible depending on how the utility is 
utilized.

21. Linux Kernel Unspecified Local NFS I/O Denial of Service Vul...
BugTraq ID: 12330
Remote: No
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12330
Summary:
The Linux kernel is reported prone to an unspecified local denial of 
service vulnerability.  It is reported that issue exists locally and is 
exploitable through direct I/O access to NFS file systems.

Successful exploitation will lead to a kernel panic on a computer with 
NFS mounts. This would effectively deny service to legitimate users.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Encrypted Filesystems (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/388308

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary: 

CoreGuard System profile

The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates 
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.

CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets 
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits

2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary: 

Astaro Linux Firewall: All-in-one firewall, virus protection, content 
filtering and spam protection internet security software package for 
Linux. 
Free download for home users.

6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, 
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary: 

Low cost, easy to use Two Factor Authentication One Time Password token 
using the Cellular. Does not use SMS or communication, manages multiple 
OTP accounts - new technology. For any business that want a safer 
access to its Internet Services. More information at our site.
 
We also provide eAuthentication service for businesses that will not 
buy an Authentication product but would prefer to pay a monthly charge 
for authentication services from our our CAT Server.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Firestarter 1.0.0
By: Tomas Junnonen
Relevant URL: http://www.fs-security.com/
Platforms: Linux
Summary: 

Firestarter is graphical firewall tool for Linux. The program aims to 
combine
ease of use with powerful features, serving both desktop users and 
administrators.

2. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX, 
Windows 2000, Windows NT, Windows XP
Summary: 

NEPM is a very general, highly configurable, two part software system 
that monitors any type of logged data from IP networked equipment and 
reports it via E-mail and web pages. Current conditions and history from 
systems based on Windows NT/2000 and UNIX can be tracked and reported. 
Most major server, switch and router systems can be monitored, without 
running agents on the target systems.

3. BitDefender for qmail v1.5.5-2 
By: SOFTWIN <mmitu@bitdefender.com>
Relevant URL: http://www.bitdefender.com/bd/site/products.php?p_id=10
Platforms: Linux
Summary: 

BitDefender for qmail is a powerful antivirus software for Linux mail 
servers, which provides proactive protection of message traffic at the 
email server level, eliminating the risk to the entire network that 
could be caused by a negligent user. All messages, both sent and received, 
are scanned in real time, avoiding the possible infections and 
preventing anyone from sending an infected message. BitDefender claims 100% 
detection rate for all viruses in the wild (ITW) through its powerful 
scanning engines certified by the most prestigious testing labs (ICSA in 
February 2003, Virus Bulletin 100% in June 2003 and CheckMark in August 
2003).

4. Bilbo 0.11
By: Bart Somers
Relevant URL: http://doornenburg.homelinux.net/scripts/bilbo/
Platforms: FreeBSD, Linux
Summary: 

Bilbo is an automated, multithreaded nmap-scanner and reporter, capable 
of header fetching and matching the results against a database from 
previous scans.

5. Ipanto Secure 2.0
By: Ipanto
Relevant URL: http://www.ipanto.com/secure
Platforms: HP-UX, Linux, Solaris, UNIX
Summary: 

Ipanto Secure allows ISC based DHCP servers (UNIX, Linux) to send 
signed dynamic DNS updates to a Microsoft DNS, using the GSS-TSIG protocol.

6. ROPE for IpTables 20041119
By: Chris Lowth
Relevant URL: http://www.lowth.com/rope
Platforms: Linux
Summary: 

ROPE allows IpTables to block P2P and other complex protocols 
accurately.

It is a highly flexible iptables module that allows complex protocols 
(such as are used by P2P software) to be identified. It is an in-kernel 
scripting language designed for IP packet matching. A growing number of 
sample configurations (scripts) are provided, including: blocking 
Gnutella and Bittorrent clients, blocking large web downloads - etc. Plenty 
more to come.

ROPE is part of the P2PWall

VII. SPONSOR INFORMATION
-----------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------