SecurityFocus Microsoft Newsletter #160
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 10/27/03
- Previous message: Kamran Muzaffer: "RE: Terminal Services Auditing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Oct 2003 12:36:33 -0700 (MST) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #160
----------------------------------------
This Issue is Sponsored by: Forum Systems, Inc.
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services
security to simplify the management and deployment of PGP and reduce
overall PGP costs by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_ms-secnews_031027
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Fighting Internet Worms With Honeypots
2. Joe Average User Is In Trouble
II. MICROSOFT VULNERABILITY SUMMARY
1. Oracle Database Server Oracle Binary Local Buffer Overflow V...
2. Oracle Database Server OracleO Binary Local Buffer Overflow ...
3. Geeklog Forgot Password SQL Injection Vulnerability
4. CPCommerce Functions Remote File Include Vulnerability
5. Opera HREF Malformed Server Name Heap Corruption Vulnerabili...
6. Emule Web Control Panel HTTP Login Long Password Denial of S...
7. DeskPro Multiple SQL Injection Vulnerabilities
8. Sun Java Cross-Site Applet Sandbox Security Model Violation ...
9. Atrium Software Mercur Mailserver IMAP AUTH Remote Buffer Ov...
10. Sun Java Unauthorized Java Applet Floppy Access Weakness
11. PGPDisk Switched User Unauthorized Access Weakness
12. Microsoft Internet Explorer Scrollbar-Base-Color Partial Den...
13. DansGuardian Denied URL Cross-Site Scripting Vulnerability
14. HP Management Software Web Agents Unspecified Unauthorized A...
15. Sun Java Virtual Machine Slash Path Security Model Circumven...
16. mIRC DCC SEND Variant Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Terminal Services Auditing? (Thread)
2. Event Log messages for failed logon attempts (Thread)
3. Auditing enabled but Logon Failures not showing up (Thread)
4. DOT NET & J2EE (Thread)
5. RSA key pair lifetime expiration (Thread)
6. Terminal Services Manager as a non-admin user. (Thread)
7. group policy and NT policy editor (Thread)
8. Article Announcement: Disclosure Plan Won't Help (Thread)
9. group policy question (Thread)
10. SecurityFocus Microsoft Newsletter #159 (Thread)
11. RE : Blocking and allowing ActiveX (Thread)
12. automating reboot (was RE: RPC Scan Issues) (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Local Account Password Manager
2. Password Creator Pro
3. Advanced Cisco Security Agent
4. SecretAgent
5. Typhon
6. NGSSquirrel
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. GPA (GNU Privacy Assistant) v0.7.0
2. Anti-Spam SMTP Proxy v1.0.6
3. PipeACL tools v1.0
4. Libnids 1.18
5. Mod_security v 1.7
6. One Time Pad in Java v1
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Fighting Internet Worms With Honeypots
By Laurent Oudot
This paper will evaluate the usefulness of using honeypots to fight
Internet worms, including a discussion on capturing a worm, redirecting
worm traffic to fake services, launching counter attacks to clean infected
hosts, and finally removing the worm or negating its effects.
http://www.securityfocus.com/infocus/1740
2. Joe Average User Is In Trouble
By Scott Granneman
As security professionals we're at the forefront, like it or not, and it's
up to us to help lessen the myriad of user problems we see around us.
http://www.securityfocus.com/columnists/193
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Oracle Database Server Oracle Binary Local Buffer Overflow V...
BugTraq ID: 8844
Remote: No
Date Published: Oct 17 2003
Relevant URL: http://www.securityfocus.com/bid/8844
Summary:
Oracle is a commercial database product, which is available for a number
of platforms including Microsoft Windows and Unix and Linux variants.
Oracle Database Server 'oracle' binary has been reported prone to a local
buffer overflow vulnerability.
The issue likely presents itself due to a lack of sufficient boundary
checks performed on command line arguments passed to the affected binary.
It has been reported that a local attacker may overflow the bounds of an
insufficient reserved buffer in oracle process memory by passing data
>=9850 bytes to the affected binary as a command line argument. Data that
exceeds the size of the affected buffer will corrupt memory that is
adjacent to the aforementioned buffer. Because variables that are crucial
to controlling execution flow of the affected binary are saved in memory
space that an attacker can corrupt, the attacker may influence oracle
execution flow into attacker-controlled memory. Ultimately this condition
could lead to the execution of arbitrary instructions in the context of
the vulnerable binary, which has been reported to be setuid Oracle user.
It should be noted that while this vulnerability has been reported to
affect Oracle 9i Release 2 Patch Set 3 Version 9.2.0.4.0 for Linux x86
other versions and platforms might also be affected.
2. Oracle Database Server OracleO Binary Local Buffer Overflow ...
BugTraq ID: 8845
Remote: No
Date Published: Oct 17 2003
Relevant URL: http://www.securityfocus.com/bid/8845
Summary:
Oracle is a commercial database product, which is available for a number
of platforms including Microsoft Windows and Unix and Linux variants.
Oracle Database Server 'oracleO' binary has been reported prone to a local
buffer overflow vulnerability.
The issue likely presents itself due to a lack of sufficient boundary
checks performed on command line arguments passed to the affected binary.
It has been reported that a local attacker may overflow the bounds of an
insufficient reserved buffer in oracle process memory by passing excessive
data to the affected binary as a command line argument. Data that exceeds
the size of the affected buffer will corrupt memory that is adjacent to
the aforementioned buffer. Because variables that are crucial to
controlling execution flow of the affected binary are saved in memory
space that an attacker may corrupt, the attacker may influence oracle
execution flow into attacker-controlled memory. Ultimately this condition
could lead to the execution of arbitrary instructions in the context of
the vulnerable binary, which has been reported to be setuid Oracle user.
It should be noted that while this vulnerability has been reported to
affect Oracle 9i Release 2 Patch Set 3 Version 9.2.0.4.0 for Linux x86
other versions and platforms might also be affected.
3. Geeklog Forgot Password SQL Injection Vulnerability
BugTraq ID: 8849
Remote: Yes
Date Published: Oct 19 2003
Relevant URL: http://www.securityfocus.com/bid/8849
Summary:
Geeklog is open-source weblog software. It is written in PHP and will run
on most Unix and Linux variants, as well as Microsoft Windows operating
systems.
An SQL injection vulnerability has been reported in the Geeklog "forgot
password" feature (introduced in Geeklog 1.3.8). This feature allows for
user passwords to be reset.
Due to insufficient sanitization of user-supplied input, it is possible
for remote attacks to influence database queries. In particular, a SELECT
query is made by the software when a user attempts to use the feature to
change a password. It is possible for a remote attacker to include
malicious SQL syntax as an argument for the $rid variable, which
represents the requesting user's ID. It has been demonstrated that this
could be exploited to reset any user's password, including the
administrator.
Due to the nature of this vulnerability, direct attacks against the
database are also possible such as manipulating queries to disclose
sensitive information or attempts to exploit latent vulnerabilities in the
database itself.
4. CPCommerce Functions Remote File Include Vulnerability
BugTraq ID: 8851
Remote: Yes
Date Published: Oct 19 2003
Relevant URL: http://www.securityfocus.com/bid/8851
Summary:
cpCommerce is open-source e-commerce software. It is implemented in PHP
and available for Microsoft Windows and Unix/Linux variants.
cpCommerce may allow remote users to influence the include path for PHP
scripts, resulting in execution of arbitrary code.
The vulnerability exists in the _functions.php script, which makes the
following require_once() calls:
require_once("{$prefix}_config.php");
require_once("{$prefix}_gateways.php");
If certain PHP configuration directives are enabled, then it is possible
for remote attackers to control the $prefix variable and specify an
include path that points to a malicious PHP script on a remote,
attacker-controlled server. If successfully exploited, an
attacker-specified PHP script will be executed in the context of the web
server process.
5. Opera HREF Malformed Server Name Heap Corruption Vulnerabili...
BugTraq ID: 8853
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8853
Summary:
Opera is a web browser available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS. Opera also
includes the M2 Mail Client, which is a fully featured e-mail client that
supports HTML e-mail.
A vulnerability has been discovered in Opera that could lead to remote
code execution. The issue is said to occur when rendering malformed HTML
HREF server name parameters. Specifically, an illegally escaped server
name of excessive length may trigger a buffer overrun within heap memory.
This could potentially allow an attacker to corrupt heap memory management
structures, possibly leading to the execution flow of the program being
controlled when the memory is later freed.
Successful exploitation of this issue could lead to an attacker executing
arbitrary code on a users system, simply by the victim opening a web site
or HTML e-mail.
It should be noted that, due to the differing heap management algorithms
used across operating systems, it is currently unknown whether or not this
issue can be exploited on all affected platforms.
This vulnerability has been reported to reside in Opera 7.11 and 7.20,
however earlier versions may also be affected.
6. Emule Web Control Panel HTTP Login Long Password Denial of S...
BugTraq ID: 8854
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8854
Summary:
eMule is a freely available, open source peer-to-peer file sharing
application. eMule uses the eDonkey file sharing protocol. It is available
for the BSD, Linux, Microsoft Windows operating systems. eMule includes a
web control panel that allows users to login to the server over the web.
It has been reported that the eMule Web Control Panel HTTP login mechanism
may be prone to denial of service attacks. Reports indicate that the eMule
program expects that login credentials will be received only from the
trusted login form. Specifically, no more then 12 password characters are
expected to be received, and as such eMule does not carry out bounds
checking on this data. However, the eMule login mechanism is said to not
validate the origin of login form information received.
As a result, an attacker may be capable of constructing malicious HTML
form data to transmit excessive password data to the program. Due to
insufficient bounds checking, this will effectively cause memory
corruption and trigger a denial of service. Reports indicated that
password data in excess of 500 to 1000 bytes may be required to trigger
the issue.
It should be noted that, due to the nature of this vulnerability, this
could theoretically lead to arbitrary code execution. This has not been
confirmed however.
7. DeskPro Multiple SQL Injection Vulnerabilities
BugTraq ID: 8856
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8856
Summary:
DeskPro is a commercially-available contact management software package.
It is available for the Unix, Linux, and Microsoft Platforms.
Multiple Vulnerabilities have been reported to exist in DeskPro that may
allow a remote attacker to inject malicious SQL syntax into database
queries. The source of these issues is insufficient sanitization of
user-supplied input.
The problems are reported to exist in various parameters such as cat,
article, and ticketid of the faq.php and view.php modules. It has also
been reported that an attacker may log on to the system as an
administrator by using 'admin' as the Email value and supplying 'or''=' as
the password. These issues exist because vulnerable parameters are not
sanitized for user-supplied input before it is included in the database. A
remote attacker may exploit this issue to influence SQL query logic while
attempting to authenticate to the server.
A malicious user may influence database queries in order to view or modify
sensitive information, potentially compromising the software or the
database. The consequences of exploitation may vary depending on the
underlying database implementation.
DeskPro version 1.1.0 and prior have been reported to be prone to this
issue, however other versions may also be affected.
8. Sun Java Cross-Site Applet Sandbox Security Model Violation ...
BugTraq ID: 8857
Remote: Yes
Date Published: Oct 20 2003
Relevant URL: http://www.securityfocus.com/bid/8857
Summary:
A vulnerability has been reported in Java implementations that may
potentially allow Java applets from two different domains to violate the
sandbox security model and share read/write access to data areas. This
vulnerability is made possible through the use of undocumented static
variables of the Java JDK. It is reported that if these variables are
altered, the internal state of the JDK may be corrupted. This could
result in a denial of service but also presents an additional threat of
exposing properties such as applet data to other potentially untrusted
applets.
The issue is reportedly prevalent during XML processing, which depends on
the org.apache.xalan.processor.XSLProcessorVersion class.
The vulnerability violates the principle of isolation that should be
enforced by Java and it is possible for unsigned applets to share
read/write access with signed applets, though it is not known to what
extent this is possible. The lack of data protection could also be used
to interfere with XML processing. This type of issue could potentially
also lead to other attacks against applets, since the security model is
being evaded. This has not been confirmed.
This issue was reported for Java Plug-in 1.4.2_01 on Microsoft Windows
platforms, though it is believed that other platforms are similarly
affected. It is not known if other versions or Java implementations are
also affected.
9. Atrium Software Mercur Mailserver IMAP AUTH Remote Buffer Ov...
BugTraq ID: 8861
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8861
Summary:
MERCUR Mailserver is a commercially available mail software solution
distributed and maintained by Atrium Software International. It is
available for the Microsoft Windows platform.
A problem has been reported in MERCUR Mailserver when handling the IMAP
AUTH command. This problem may make it possible for an attacker crash the
service on a vulnerable system.
The problem is in the handling of long arguments to the AUTH command. When
a string of excessive length is supplied to the AUTH command via the PLAIN
option, the process becomes unstable. This is due to a boundary condition
error in the base64 decoding routine.
It is possible for an attacker to exploit this issue to execute arbitrary
instructions. Any instructions executed on a vulnerable host would be
executed with the privileges of the IMAP server process, which in a
typical implementation may execute with SYSTEM privileges.
10. Sun Java Unauthorized Java Applet Floppy Access Weakness
BugTraq ID: 8867
Remote: Yes
Date Published: Oct 21 2003
Relevant URL: http://www.securityfocus.com/bid/8867
Summary:
A weakness has been reported in Java implementations that may constitute
unauthorized access by Java applets to floppy devices. This weakness
appears to present a flaw in the Java security model. It has been
demonstrated that a malicious applet may cause repeated floppy access
attempts. Side effects of this issue include a potential to cause
applications which load a malicious applet to block, as was demonstrated
with the example of loading the malicious example applet in Internet
Explorer. This could also cause strain on the floppy device under some
circumstances, due to repeated access attempts.
This may be due to a flaw in the
org.apache.crimson.tree.XmlDocument.createXmlDocument class. The provided
proof-of-concept calls this class in an infinite loop, using the following
syntax to access the floppy device:
org.apache.crimson.tree.XmlDocument.createXmlDocument("file:///a:/",false);
It should be noted that this weakness may be a symptom of a more serious
issue which could present permit a further degree of unauthorized device
access, though this has not been confirmed.
This issue was reported in Java Plug-in 1.4.x versions on Microsoft
Windows operating systems, when run with Internet Explorer. Other
environments and versions may also be affected.
11. PGPDisk Switched User Unauthorized Access Weakness
BugTraq ID: 8870
Remote: Unknown
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8870
Summary:
PGPDisk is a PGP integrated application that allows users to create
encrypted disk partitions. PGPDisk is available for Microsoft Windows and
MacOS.
PGPDisk has been reported to be prone to an unauthorized access weakness
that may allow a local attacker to gain access to a user's PGP volume.
The problem has been reported to occur when PGPDisk is used in conjunction
with Windows XP. It has been reported that when a user uses the Windows
XP 'switch user' function, PGP disk fails to unmount. As a result,
another local user may obtain full access to the mounted PGP disk, leading
to the disclosure of sensitive information.
Successful exploitation of this issue may allow an attacker to gain access
to sensitive data. Information obtained through this attack could be used
to launch further attacks against a vulnerable user.
Although unconfirmed, PGPDisk version 6.02i and prior may be affected by
this issue.
12. Microsoft Internet Explorer Scrollbar-Base-Color Partial Den...
BugTraq ID: 8874
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8874
Summary:
A vulnerability has been reported to exist in Microsoft Internet Explorer
that may allow an attacker to cause a partial denial of service condition
in the software. The issue presents itself due to improper handling of
scrollbar-base-color attribute of the div object. It has been reported
that Internet Explorer crashes if value of scrollbar-base-color is changed
in a textarea located in a table.
An attacker may create a web page containing malicious script code that
would cause a user's browser to crash upon visiting that site. It should
be noted that Internet Explorer restarts immediately after the crash.
Microsoft Internet Explorer 6.0 has been reported to be vulnerable to this
issue, however other versions may be affected as well.
13. DansGuardian Denied URL Cross-Site Scripting Vulnerability
BugTraq ID: 8876
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8876
Summary:
DansGuardian is a content filtering software package. It is available for
Unix, Linux, and Microsoft operating systems.
A problem has been reported in the handling of some types of input to
DansGuardian. This problem may permit an attacker to launch cross-site
scripting attacks.
The problem is in the filtering of the DENIEDURL parameter. When HTML is
passed to the parameter, the script renders the HTML in the security
context of the site hosting DansGuardian. An attacker exploiting this
issue could potentially steal sensitive information such as cookie
authentication credentials, or launch other types of browser-based
attacks.
14. HP Management Software Web Agents Unspecified Unauthorized A...
BugTraq ID: 8878
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8878
Summary:
Various HP Management Software released for the Microsoft Windows
operating system include web agents that allow users to manage their
systems.
HP has announced that a vulnerability in various web agents released with
their Management Software could allow for unauthorized remote access. The
problem is said to occur within specific non-SSL agents.
Exploitation of this issue is said to allow for unauthorized remote
access, as well as a possible denial of service. Further details have not
been made available however, if and when they are, this bid will be
updated accordingly.
This vulnerability is said to affect Insight Management for Clients
versions 3.5 to 5.0, all versions of Remote Diagnostics Enabling Agent,
and Insight Manager LC versions 1.00 to 1.60.
15. Sun Java Virtual Machine Slash Path Security Model Circumven...
BugTraq ID: 8879
Remote: Yes
Date Published: Oct 22 2003
Relevant URL: http://www.securityfocus.com/bid/8879
Summary:
The Java Virtual Machine (JVM) is a component of the Sun Java
infrastructure that performs the handling of Java applets and other
programs. It is available for Unix, Linux, and Microsoft platforms.
A vulnerability has been identified in the Sun Java Virtual Machine
packaged with JRE and SDK. This issue results in the circumvention of the
Java Security Model, and can permit an attacker to execute arbitrary code
on vulnerable hosts.
The problem is in the handling of security checks on classes. Due to an
error in the loadClass method of the sun.applet.AppletClassLoader
implementation, the JVM does not sufficiently handle one of the syntaxes
used to invoke classes. When classes are invoked by an applet using dot
notation, such as sun.java.class, the checkPackageAccess method of
securitymanager performs reliably, throwing an exception when an applet
attempts to load an unauthorized class.
However, when an applet attempts to load a class using the supported slash
notation, such as sun/java/class, the checkPackageAccess method of
securitymanager does not properly check the name of the requested class.
The applet thus could circumvent the security model, calling classes
outside of the sandbox imposed by the Java security model, and gain access
to prohibited classes. A malicious applet could use this vulnerability to
execute arbitrary code of any type, resulting in unauthorized access to
the vulnerable system with the privileges of the user that has loaded the
malicious Java applet.
16. mIRC DCC SEND Variant Buffer Overflow Vulnerability
BugTraq ID: 8880
Remote: Yes
Date Published: Oct 23 2003
Relevant URL: http://www.securityfocus.com/bid/8880
Summary:
mIRC is a chat client for the IRC protocol, designed for Microsoft Windows
based operating systems.
It has been reported that mIRC 6.12, which addressed the recently
discovered DCC SEND vulnerability, is prone to a variant buffer overflow
issue. The problem appears to occur in an identical fashion to the
previous vulnerability described in BID 8818, however a specific sequence
of actions must be carried out for the condition to be triggered.
Specifically, a user must have a minimized DCC get dialog window, or the
window must have been minimized by default. The victim must then open the
minimized window and proceed to accept a file with a name of excessive
length, likely formatted as described in BID 8818.
It should be noted that this issue is said to only occur if the precise
sequence of events described above occurs. If DCC autoget is enabled or
the file is not accepted, the bug will not be triggered.
It should be noted that this may issue may in fact be the same
vulnerability described in BID 8818. If further information shows that
this is in fact the case, this BID will be retired the the appropriate
details will be added to the correct BID.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Terminal Services Auditing? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/342511
2. Event Log messages for failed logon attempts (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/342503
3. Auditing enabled but Logon Failures not showing up (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/342502
4. DOT NET & J2EE (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/342325
5. RSA key pair lifetime expiration (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/342067
6. Terminal Services Manager as a non-admin user. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/342066
7. group policy and NT policy editor (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/342002
8. Article Announcement: Disclosure Plan Won't Help (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/341914
9. group policy question (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/341911
10. SecurityFocus Microsoft Newsletter #159 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/341824
11. RE : Blocking and allowing ActiveX (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/341740
12. automating reboot (was RE: RPC Scan Issues) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/341739
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Local Account Password Manager
By: Foghorn Security
Platforms: Windows NT
Relevant URL: http://www.foghornsecurity.com/foghorn/lapm.html
Summary:
LAPM allows the administrator to organize all the workstations and member
server machines from one or more domains into logical groups - ie.
"marketing", "web services", "accounting", etc.. Each logical group is
assigned a "knowledge key" by the administrator. LAPM uses the knowledge
key to generate and apply a unique local administrator password for each
host in that group.
2. Password Creator Pro
By: TransDigital Solutions
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: https://www.transdig.com/products/pcp/pcp.cfm
Summary:
Password Creator Professional is an extremely full featured password
generator utility for Windows.
3. Advanced Cisco Security Agent
By: Cisco Systems
Platforms: Solaris, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html
Summary:
The advanced Cisco Security Agent product provides threat protection for
server and desktop computing systems, also known as endpoints. The Cisco
Security Agent goes beyond conventional host and desktop security
solutions by identifying and preventing malicious behavior before it can
occur, thereby removing potential known and unknown ("Day Zero") security
risks that threaten enterprise networks and applications. The Cisco
Security Agent aggregates and extends multiple endpoint security functions
by providing host intrusion prevention, distributed firewall, malicious
mobile code protection, operating system integrity assurance, and audit
log consolidation all within a single agent package.
4. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL: http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility, supporting
cross-platform interoperability over a wide range of platforms: Windows,
Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements, regardless
of the size of your organization.
Using the latest recognized standards in encryption and digital signature
technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.
5. Typhon
By: Next Generation Security Software Limited (NGSSoftware)
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.ngssoftware.com/products/typhon.htm
Summary:
Typhon III includes automated Web Application checking for bugs such as
SQL Injection and Cross Site Scripting.
Typhon III is not simply just another security assessment tool; it's an
intelligent vulnerability scanner that has been designed & developed by
the worlds leading vulnerability researchers (who between them have
discovered over 200 vulnerabilities).
6. NGSSquirrel
By: Next Generation Security Software Limited (NGSSoftware)
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.nextgenss.com/products/ngssquirrel.htm
Summary:
NGSSQuirreL is the most comprehensive security-auditing tool specifically
designed for Microsoft SQL Server currently available.
NGSSQuirreL is more than simply an auditing tool with its capacity for
database server lockdown SQL scripts.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. GPA (GNU Privacy Assistant) v0.7.0
By: Bernhard Reiter
Relevant URL: http://www.gnupg.org/(en)/related_software/gpa/index.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The GNU Privacy Assistant is a graphical frontend to GnuPG and may be used
to manage the keys and encrypt/decrypt/sign/check files. It is much like
Seahorse.
2. Anti-Spam SMTP Proxy v1.0.6
By: John Hanna
Relevant URL: http://assp.sourceforge.net/
Platforms: BSDI, Linux, MacOS, Os Independent, OS/2, Perl (any system
supporting perl), POSIX, Windows 2000, Windows NT
Summary:
The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open
source platform independent SMTP Proxy server which implements whitelists
and Bayesian filtering to help stop unsolicited commercial email (UCE).
Anti-spam tools should be adaptive to new spam and customized for each
site's email patterns. This easy to use tool works with any mail transport
and achieves these goals requiring no operator intervention after the
initial setup phase.
3. PipeACL tools v1.0
By: Bindview <info@razor.bindview.com>
Relevant URL:
http://razor.bindview.com/tools/desc/pipeacltools1.0-readme.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The PipeACL tools package contains two separate tools for viewing and
configuring Win32 named pipe ACLs (Access Control Lists). The pipeacl
untility allows you to dump various settings of a named pipe, including
the Owner, Group, Sacls (System access control lists), and Dacls
(Discretionary access control lists). The pipeaclui untility allows you to
view and apply permissions to a specified named pipe. These changes are
made in the Dacls of the named pipe itself.
4. Libnids 1.18
By: Rafal Wojtczuk, nergal@avet.com.pl
Relevant URL: http://www.packetfactory.net/Projects/Libnids/
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, Windows 2000, Windows NT
Summary:
Libnids is an implementation of an E-component of Network Intrusion
Detection Systems. It emulates the IP stack of Linux 2.0.x. Libnids offers
IP defragmentation, TCP stream reassembly, and TCP port scan detection.
The most valuable feature of libnids is reliability. A number of tests
were conducted which proved that libnids predicts behaviour of protected
Linux hosts as closely as possible. Libnids is highly configurable in
run-time and offers a convenient interface. Currently it compiles on Linux
glibc systems and *BSD. Using libnids, one has convenient access to data
carried by a TCP stream, no matter how artfully obscured by an attack.
Added support to capture packets on all interfaces, including loopback,
added ability to refrain from setting promisc flag, added ability to
disable tcp processing, libc5 support, alpha platform support, and bug
fixes.
5. Mod_security v 1.7
By: Ivan Ristic
Relevant URL: http://www.modsecurity.org
Platforms: FreeBSD, Linux, Solaris, Windows 2000, Windows NT, Windows XP
Summary:
ModSecurity is an open source intrusion detection and prevention engine
for web applications. It operates embedded into the web server, acting as
a powerful umbrella - shielding applications from attacks. ModSecurity
supports Apache (both branches) today, with support for Java-based servers
coming soon.
6. One Time Pad in Java v1
By: El Capitán
Relevant URL:
http://www.soziologiefs.uni-bielefeld.de/lew/mainpages/otp.html
Platforms: MacOS, Windows 2000, Windows 95/98, Windows XP
Summary:
One Time Pad in Java is a simple command line tool for secure encryption
of files using random data. The receiver needs the same random data for
decryption.
VI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: Forum Systems, Inc.
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services
security to simplify the management and deployment of PGP and reduce
overall PGP costs by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_ms-secnews_031027
------------------------------------------------------------------------
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
- Previous message: Kamran Muzaffer: "RE: Terminal Services Auditing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
