| Date: | 22 Feb 2005 23:50:20 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #224 |
SecurityFocus Linux Newsletter #224
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Complexity Kills Innovation
II. LINUX VULNERABILITY SUMMARY
1. BrightStor ARCserve/Enterprise Discovery Service SERVICEPC R...
2. gFTP Remote Directory Traversal Vulnerability
3. Debian Toolchain-Source Multiple Insecure Temporary File Cre...
4. AWStats Plugin Multiple Remote Command Execution Vulnerabili...
5. AWStats Debug Remote Information Disclosure Vulnerability
6. Synaesthesia Local File Disclosure Vulnerability
7. Opera Web Browser Multiple Remote Vulnerabilities
8. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne...
9. VMWare Workstation For Linux Local Privilege Escalation Vuln...
10. Linux Kernel Multiple Local Buffer Overflow And Memory
Discl...
11. ELOG Web Logbook Multiple Remote Vulnerabilities
12. CitrusDB CSV File Upload Access Validation Vulnerability
13. CitrusDB Remote Authentication Bypass Vulnerability
14. PHP-Nuke Multiple Cross-Site Scripting Vulnerabilities
15. CitrusDB Arbitrary Local PHP File Include Vulnerability
16. Lighttpd Remote CGI Script Disclosure Vulnerability
17. Typespeed Local Format String Vulnerability
18. KDE KStars FLICCD Utility Multiple Buffer Overflow
Vulnerabi...
19. AWStats Logfile Parameter Remote Command Execution
Vulnerabi...
20. Advanced Linux Sound Architecture Libasound.SO Stack-Memory
...
21. OpenLDAP SlapD Multiple Remote Unspecified Denial Of
Service...
22. GProFTPD GProstats Remote Format String Vulnerability
23. Gaim Multiple Remote Denial of Service Vulnerabilities
24. Bidwatcher Remote Format String Vulnerability
25. Tarantella Enterprise/Secure Global Desktop Remote
Informati...
III. LINUX FOCUS LIST SUMMARY
1. Samba vs NFS (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. KSB - Kernel Socks Bouncer 2.6.10
2. DigSig 1.3.2
3. Firestarter 1.0.0
4. Network Equipment Performance Monitor 2.2
5. BitDefender for qmail v1.5.5-2
6. Bilbo 0.11
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Complexity Kills Innovation
By Kelly Martin
There's more innovation coming from today's virus writers than from the
big
software companes whose core goals are to progress and innovate.
http://www.securityfocus.com/columnists/300
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. BrightStor ARCserve/Enterprise Discovery Service SERVICEPC R...
BugTraq ID: 12536
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12536
Summary:
A remote buffer overflow vulnerability reportedly affects BrightStor
ARCserve/Enterprise. This issue is due to a failure of the application
to securely copy data from the network. It should be noted that this
issue is reportedly distinct from that outlined in BID 12522 (BrightStor
ARCserve/Enterprise Backup UDP Probe Remote Buffer Overflow
Vulnerability).
A remote attacker may execute arbitrary code on a vulnerable computer,
potentially facilitating unauthorized superuser access. A denial of
service condition may arise as well.
2. gFTP Remote Directory Traversal Vulnerability
BugTraq ID: 12539
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12539
Summary:
A remote directory traversal vulnerability reportedly affects gFTP.
This issue is due to a failure of the application to sanitize input
supplied by malicious FTP server.
An attacker may leverage this issue to overwrite or create arbitrary
files on an affected computer with the privileges of an unsuspecting user
running the vulnerable application. This may lead to a compromise of
the affected computer, denial of service attacks, as well as others.
3. Debian Toolchain-Source Multiple Insecure Temporary File Cre...
BugTraq ID: 12540
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12540
Summary:
toolchain-source is reportedly affected by multiple local insecure
temporary file creation vulnerabilities. These issues are likely due to a
design error that causes the application to fail to verify the existence
of a file before writing to it. These issues affect some
Debian-specific scripts supplied with the package.
Debian toolchain-source versions prior to 3.0.4-1woody1 are reported
vulnerable to these issues.
4. AWStats Plugin Multiple Remote Command Execution Vulnerabili...
BugTraq ID: 12543
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12543
Summary:
Multiple remote command execution vulnerabilities reportedly affect
AWStats. These issues are due to an input validation error that allows a
remote attacker to specify commands to be executed in the context of
the affected application.
The first problem presents itself due to the potential of malicious use
of the 'loadplugin' and 'pluginmode' parameters of the 'awstats.pl'
script. The second issue arises from an insecure implementation of the
'loadplugin' parameter functionality.
An attacker may leverage these issues to execute arbitrary commands
with the privileges of the affected web server running the vulnerable
scripts. This may facilitate unauthorized access to the affected computer,
as well as other attacks.
Multiple sources have reported that AWStats 6.3 and subsequent versions
are not vulnerable to these issues.
5. AWStats Debug Remote Information Disclosure Vulnerability
BugTraq ID: 12545
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12545
Summary:
A remote information disclosure vulnerability reportedly affects
AWStats. This issue is due to a failure of the application to properly
validate access to sensitive data.
An attacker may leverage this issue to gain access to potentially
sensitive data, possibly facilitating further attacks against an affected
computer.
6. Synaesthesia Local File Disclosure Vulnerability
BugTraq ID: 12546
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12546
Summary:
A local file disclosure vulnerability affects Synaesthesia. This issue
is due to a failure of the application to securely access files.
An attacker may leverage this issue to read arbitrary files on an
affected computer. Information gained in this way may lead to further
attacks.
7. Opera Web Browser Multiple Remote Vulnerabilities
BugTraq ID: 12550
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12550
Summary:
Opera Web Browser is reported prone to multiple vulnerabilities that
are exploitable remotely. The following issues are reported:
Opera Web Browser is prone to a vulnerability that presents itself when
the browser handles 'data' URIs.
A remote malicious website may exploit this condition to execute
arbitrary code in the context of a user that is running a vulnerable version
of the affected browser.
Opera Web Browser is prone to an unspecified security vulnerability
that exists in the Opera Java LiveConnect class.
Few details are known in regards to this vulnerability. However, it is
believed that the issue may be exploited by a remote malicious web site
to access dangerous private Java methods. This is not confirmed.
This BID will be updated as soon as further research into these issues
is completed.
8. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne...
BugTraq ID: 12551
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12551
Summary:
A remote denial of service vulnerability is reported to exist in Squid.
The issue is reported to present itself when the affected server
performs a Fully Qualify Domain Name (FQDN) lookup and receives an unexpected
response.
The vendor reports that under the above circumstances the affected
service will crash due to an assertion error, effectively denying service
to legitimate users.
9. VMWare Workstation For Linux Local Privilege Escalation Vuln...
BugTraq ID: 12552
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12552
Summary:
It is reported that VMWare workstation on Gentoo Linux based computers
at least, is prone to a local privilege escalation vulnerability. The
issue exists because the affected binary searches for a shared library
in a world-writeable location.
A local attacker may exploit this vulnerability to execute arbitrary
code in the context of a user that runs the affected application.
10. Linux Kernel Multiple Local Buffer Overflow And Memory Discl...
BugTraq ID: 12555
Remote: No
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12555
Summary:
Multiple local buffer overflow and memory disclosure vulnerabilities
affect the Linux kernel. These issues are due to a failure to securely
copy user-controlled data, a race condition error, and a failure to
secure memory written by the kernel.
The first issue is a buffer overflow vulnerability in the procfs
functionality. The second issue is a kernel memory disclosure vulnerability.
The third issue is a race condition error in the Radeon driver that
leads to a potential buffer overflow condition. The fourth issue is a
buffer overflow vulnerability in the i2c-viapro driver.
A local attacker may leverage these issues to execute arbitrary code,
potentially facilitating privilege escalation, and to disclose sensitive
kernel memory.
11. ELOG Web Logbook Multiple Remote Vulnerabilities
BugTraq ID: 12556
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12556
Summary:
ELOG is reported prone to multiple remote vulnerabilities. These
issues may allow an attacker to disclose sensitive information and
potentially execute arbitrary code on a vulnerable computer.
The following specific issues were identified:
The application is reported prone to an unspecified buffer overflow
vulnerability. The vendor has reported that this vulnerability is
exploitable and allows attackers to gain unauthorized access to a vulnerable
computer.
Another vulnerability affecting the application can allow remote
attackers to obtain sensitive information such as authentication credentials
stored in an unspecified configuration file.
ELOG 2.5.0 and prior versions are affected by these vulnerabilities.
12. CitrusDB CSV File Upload Access Validation Vulnerability
BugTraq ID: 12557
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12557
Summary:
CitrusDB is reportedly affected by an access validation vulnerability
during the upload of CSV files. Exploitation of this issue could result
in path disclosure or SQL injection. The issue exists because the
application fails to verify user credentials during file upload and import.
These issues are reported to affect CitrusDB 0.3.6; earlier versions
may also be affected.
13. CitrusDB Remote Authentication Bypass Vulnerability
BugTraq ID: 12560
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12560
Summary:
CitrusDB is reportedly affected by an authentication bypass
vulnerability. This issue is due to the application using a static value during
the creation of user cookie information.
An attacker could exploit this vulnerability to log in as any existing
user, including the 'admin' account.
This issue is reported to affect CitrusDB 0.3.6; earlier versions may
also be affected.
14. PHP-Nuke Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12561
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12561
Summary:
It is reported that PHP-Nuke is affected by various cross-site
scripting vulnerabilities. These issues are due to a failure of the application
to properly sanitize user-supplied URI input.
These issues could permit a remote attacker to create a malicious URI
link that includes hostile HTML and script code. If this link were to be
followed, the hostile code may be rendered in the web browser of the
victim user. This would occur in the security context of the affected web
site and may allow for theft of cookie-based authentication credentials
15. CitrusDB Arbitrary Local PHP File Include Vulnerability
BugTraq ID: 12564
Remote: Unknown
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12564
Summary:
CitrusDB is reportedly affected by a vulnerability that permits the
inclusion of any local PHP file. This issue is due to the application
failing to properly sanitize user-supplied input.
This issue is reported to affect CitrusDB 0.3.6; earlier versions may
also be affected.
This issue may also allow remote file includes, although this has not
been confirmed.
16. Lighttpd Remote CGI Script Disclosure Vulnerability
BugTraq ID: 12567
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12567
Summary:
lighttpd is reported prone to an information disclosure vulnerability.
Reports indicate that a NULL sequence appended to the filename of a CGI
or FastCGI script will result in the script contents being served to
the requestor.
Information that is harvested by exploiting this vulnerability may be
used to aid in further attacks launched against the target computer.
This vulnerability is reported to affect lighttpd 1.3.7 and previous
versions.
17. Typespeed Local Format String Vulnerability
BugTraq ID: 12569
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12569
Summary:
typespeed is prone to a local format string vulnerability. Successful
could allow privilege escalation.
18. KDE KStars FLICCD Utility Multiple Buffer Overflow Vulnerabi...
BugTraq ID: 12570
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12570
Summary:
Multiple buffer overflow vulnerabilities affect KDE KStar fliccd.
These issues are due to a failure of the utility to securely copy
user-supplied data into process memory.
An attacker may leverage these issues to gain escalated privileges
locally and, if the affected utility is run as a daemon, may facilitate
remote code execution with superuser privileges.
19. AWStats Logfile Parameter Remote Command Execution Vulnerabi...
BugTraq ID: 12572
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12572
Summary:
AWStats is reported prone to a remote arbitrary command execution
vulnerability. This issue presents itself due to insufficient sanitization
of user-supplied data.
Specifically, the user-specified 'logfile' URI parameter is supplied to
the Perl open() routine. It is beleived that this issue is distinct
from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation
Vulnerability).
AWStats versions 5.4 to 6.1 are reported vulnerable to this issue.
20. Advanced Linux Sound Architecture Libasound.SO Stack-Memory ...
BugTraq ID: 12575
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12575
Summary:
A security weakness is reported to affect the Advanced Linux Sound
Architecture (ALSA) 'libasound.so' module; specifically the issue is
reported to be present in the ALSA mixer code. It is reported that the
weakness can be leveraged to disable stack-based memory code execution
protection on binaries that are linked to the library.
21. OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service...
BugTraq ID: 12584
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12584
Summary:
OpenLDAP is reported prone to multiple unspecified remotely exploitable
denial of service vulnerabilities. The vulnerabilities are reported to
exist in the 'slapd' daemon.
A remote attacker may exploit these vulnerabilities to deny LDAP
service for legitimate users.
This BID will be updated as soon as further information regarding these
issues is made available.
22. GProFTPD GProstats Remote Format String Vulnerability
BugTraq ID: 12588
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12588
Summary:
GProftpd gprostats utility is reported prone to a remote format string
handling vulnerability.
A remote attacker may exploit this vulnerability to execute arbitrary
attacker-supplied code in the context of the affected utility.
This vulnerability is reported to affect GProftpd version 8.1.7 and
precious versions.
23. Gaim Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 12589
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12589
Summary:
Gaim is prone to multiple remote denial of service vulnerabilities.
These issues can allow remote attackers to crash an affected client.
The following specific issues were identified:
Remote AIM or ICQ users may trigger a crash in a client by sending
malformed SNAC packets.
Another vulnerability in the client arises during the parsing of
malformed HTML data.
Gaim versions prior to 1.1.3 are affected by these issues.
24. Bidwatcher Remote Format String Vulnerability
BugTraq ID: 12590
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12590
Summary:
A remote format string vulnerability affects bidwatcher. This issue is
due to a failure of the application to properly implement a formatted
string function.
An attacker may leverage this issue to execute arbitrary code on an
affected computer with the privileges of an unsuspecting user that
activated the vulnerable application. This may facilitate unauthorized access
or privilege escalation.
25. Tarantella Enterprise/Secure Global Desktop Remote Informati...
BugTraq ID: 12591
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12591
Summary:
Tarantella Enterprise 3 and Secure Global Desktop products are prone to
an information disclosure vulnerability. This issue arises from a
design error that may allow an attacker to gather sensitive information
about a vulnerable computer. Information gathered by exploiting this
vulnerability may be used to launch other attacks against a computer.
Specifically, computers running Tarantella Enterprise 3 and Secure
Global Desktop products in combination with RSA SecurID and multiple users
with the same username are affected.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Samba vs NFS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/391117
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects
full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26
uses a character device to pass socks5 and target ips to the Linux
Kernel. I have choosen to write in kernel space to enjoy myself [I know
that there are easier and safer ways to write this in userspace].
2. DigSig 1.3.2
By:
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary:
DigSig Linux kernel load module checks the signature of a binary before
running it. It inserts digital signatures inside the ELF binary and
verify this signature before loading the binary. Therefore, it improves
the security of the system by avoiding a wide range of malicious
binaries like viruses, worms, Torjan programs and backdoors from running on
the system.
3. Firestarter 1.0.0
By: Tomas Junnonen
Relevant URL: http://www.fs-security.com/
Platforms: Linux
Summary:
Firestarter is graphical firewall tool for Linux. The program aims to
combine
ease of use with powerful features, serving both desktop users and
administrators.
4. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX,
Windows 2000, Windows NT, Windows XP
Summary:
NEPM is a very general, highly configurable, two part software system
that monitors any type of logged data from IP networked equipment and
reports it via E-mail and web pages. Current conditions and history from
systems based on Windows NT/2000 and UNIX can be tracked and reported.
Most major server, switch and router systems can be monitored, without
running agents on the target systems.
5. BitDefender for qmail v1.5.5-2
By: SOFTWIN <mmitu@bitdefender.com>
Relevant URL: http://www.bitdefender.com/bd/site/products.php?p_id=10
Platforms: Linux
Summary:
BitDefender for qmail is a powerful antivirus software for Linux mail
servers, which provides proactive protection of message traffic at the
email server level, eliminating the risk to the entire network that
could be caused by a negligent user. All messages, both sent and received,
are scanned in real time, avoiding the possible infections and
preventing anyone from sending an infected message. BitDefender claims 100%
detection rate for all viruses in the wild (ITW) through its powerful
scanning engines certified by the most prestigious testing labs (ICSA in
February 2003, Virus Bulletin 100% in June 2003 and CheckMark in August
2003).
6. Bilbo 0.11
By: Bart Somers
Relevant URL: http://doornenburg.homelinux.net/scripts/bilbo/
Platforms: FreeBSD, Linux
Summary:
Bilbo is an automated, multithreaded nmap-scanner and reporter, capable
of header fetching and matching the results against a database from
previous scans.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------