[Largo] Security focus.

Lun Dic 2 20:21:40 CLST 2002

Hola:

He aquí el Newletter de securityFocus, entre lo interesante están los
xploits de Netscape /Mozilla en POP3, SSH vulnerabilidad escalada
(comercial), PhpNuke y otros.

> security focus
> -----------------------------------
>
> This issue is sponsored by: Qualys
>
> Strengthening Network Security: FREE Guide Network security is a
> constantly moving target - even proven solutions lose their punch over
> time.  Find out how to get COMPLETE PROTECTION against ever-growing
> security threats with our FREE new Guide.
>
> Get your copy today at https://www.qualys.com/forms/nsguideh_376.php
>
------------------------------------------------------------------------
--
-----
>
> I. FRONT AND CENTER
>      1. SQL Injection and Oracle, Part Two
>      2. When Washington Mimics Sci Fi
>      3. SecurityFocus DPP Program
>      4. InfoSec World Conference and Expo/2003 (March 10-12,
2003,Orlando,
FL)
> II. LINUX VULNERABILITY SUMMARY
>      1. SSH Communications SSH Server Privilege Escalation
Vulnerability
>      2. PHP-Nuke Multiple Cross Site Scripting Vulnerabilities
>      3. VBulletin members2.php Cross Site Scripting Vulnerability
>      4. Netscape/Mozilla POP3 Mail Handler Integer Overflow
Vulnerability
>      5. Null HTTPD Remote Heap Corruption Vulnerability
>      6. FreeNews Include Undefined Variable Command Execution...
>      7. Pserv HTTP POST Request Buffer Overflow Vulnerability
>      8. phpBB Script Injection Vulnerability
>      9. Web Server Creator Web Portal Remote File Include
Vulnerability
>      10. Bugzilla quips Feature Cross Site Scripting Vulnerability
>      11. YaBB YaBB.pl Cross Site Scripting Vulnerability
>      12. Traceroute-Nanog Hostname Buffer Overflow Vulnerability
>      13. SSH Communications Secure Shell Windows Client URL Catcher...
>      14. Lib CGI Include Buffer Overflow Vulnerability
>      15. News Evolution Include Undefined Variable Command
Execution...
>      16. PortailPHP SQL Injection Vulnerability
>      17. pWins Web Server Directory Traversal Vulnerability
>      18. Bogofilter Bogopass Insecure Temporary File Creation...
>      19. Boozt index.cgi Buffer Overrun Vulnerability
>      20. Traceroute-Nanog Spray Buffer Overflow Vulnerability
> III. LINUX FOCUS LIST SUMMARY
>      1. iptables REJECT types for UDP (if any) (Thread)
>      2. kazaa, dante, and iptables (Thread)
> IV. NEW PRODUCTS FOR LINUX PLATFORM
>      1. ArcSight Enterprise Security Management Software
>      2. NetVigil
>      3. Arkeia 5
> V. NEW TOOLS FOR LINUX PLATFORMS
>      1. MasarLabs NoArp v1.0.0
>      2. BW-IPFM v1.1
>      3. Sysload server monitor v4.5
> VI. SPONSOR INFORMATION
>
>
> I. FRONT AND CENTER
> -------------------
> 1. 1. SQL Injection and Oracle, Part Two
> By Pete Finnigan
>
> This is the second part of a two-part article that will examine SQL
> injection attacks against Oracle databases. The first installment
looked
> at SQL injection and how Oracle database applications are vulnerable
to
> this attack, and looked at some examples. This segment will look at
> detecting SQL injection attacks and protecting against SQL injection.
>
> http://online.securityfocus.com/infocus/1646
>
> 2. When Washington Mimics Sci Fi
> By George Smith
>
> John Poindexter's evil design for an all-seeing God Machine seems torn
> from the pages of visionary science fiction, where such schemes rarely
end
> well.
>
> http://online.securityfocus.com/columnists/126
>
> 3. SecurityFocus DPP Program
>
> Attention Universities!! Sign-up now for preferred pricing on the only
> global early-warning system for cyber attacks - SecurityFocus
DeepSight
> Threat Management System.
>
> Click here for more information:
> http://www.securityfocus.com/corporate/products/dpsection.shtml
>
> 4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando,
FL)
>
> Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11
>
> Solutions to today's security concerns; hands-on experts; blockbuster
> vendor expo; the CISO Executive Summit; invaluable networking
> opportunities.  InfoSec World has it all!
>
> Go to: http://www.misti.com/10/os03nl37inf.html
>
>
> II. BUGTRAQ SUMMARY
> -------------------
> 1. SSH Communications SSH Server Privilege Escalation Vulnerability
> BugTraq ID: 6247
> Remote: Yes
> Date Published: Nov 25 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6247
> Summary:
>
> Secure Shell is the commercial SSH implementation distributed and
> maintained by SSH Communications. It is available for the Unix, Linux,
and
> Microsoft Windows platforms.
>
> SSH Communications has reported a vulnerability in SSH server, which
could
> result in local privilege escalation.
>
> The setsid() function is used to create a new process group for forked
> processes. It has been reported that SSH server fails to run setsid()
on
> non-interactive sessions, resulting in user processes in the parent
> process group and retaining the 'root' login name.
>
> By executing programs that verify privileges against the login name
(for
> example, those that rely on the BSD getlogin() function), it may be
> possible to execute various actions with escalated privileges.
>
> Exploiting this issue has varied results depending on the operating
> system.
>
> For this issue to be exploitable an attacker must have a local account
on
> the target system.
>
> 2. PHP-Nuke Multiple Cross Site Scripting Vulnerabilities
> BugTraq ID: 6244
> Remote: Yes
> Date Published: Nov 25 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6244
> Summary:
>
> PHP-Nuke is a web based Portal system. Implemented in PHP, it is
available
> for a range of systems, including Microsoft Windows and Linux.
>
> Several cross site scripting vulnerabilities have been reported for
> PHP-Nuke. Affected modules include the Discussion module, News module,
and
> PM module among others. This vulnerability is due to insufficient
> sanitization of all HTML tags.
>
> An attacker may exploit this vulnerability by enticing a victim user
to
> follow a malicious link. Attacker-supplied HTML and script code may be
> executed on a web client in the context of the site hosting the
web-based
> forum.
>
> Attackers may potentially exploit this issue to manipulate web content
or
> to steal cookie-based authentication credentials. It may be possible
to
> take arbitrary actions as the victim user.
>
> These vulnerabilities have been reported for PHP-Nuke 6.5b1 and
earlier.
>
> 3. VBulletin members2.php Cross Site Scripting Vulnerability
> BugTraq ID: 6246
> Remote: Yes
> Date Published: Nov 25 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6246
> Summary:
>
> vBulletin is commercial web forum software written in PHP and
back-ended
> by a MySQL database. It will run on most Linux and Unix variants, as
well
> as Microsoft operating systems.
>
> The $perpage variable is used to control the way of reciting
subscribed
> threads. This variable is later added to a query that is used to fetch
> database records. If an invalid value is passed to the $perpage
variable,
> an error page is generated. Due to insufficient sanitization of data
> passed to the $perpage variable, it is possible to inject script code
into
> the variable, which will be included in the error page.
>
> As a result, it is possible for a remote attacker to create a
malicious
> link containing script code which will be executed in the browser of a
> legitimate user, in the context of the website running vBulletin.
>
> This issue may be exploited to steal cookie-based authentication
> credentials from legitimate users of the website running the
vulnerable
> software. The attacker may use cookie-based authentication credentials
to
> hijack the session of the legitimate user.
>
> 4. Netscape/Mozilla POP3 Mail Handler Integer Overflow Vulnerability
> BugTraq ID: 6254
> Remote: Yes
> Date Published: Nov 26 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6254
> Summary:
>
> The Netscape Communicator and Mozilla browsers include support for
email,
> and the ability to fetch mail through a POP3 server. Both products are
> available for a range of platforms, including Microsoft Windows and
Linux.
>
> An integer overflow vulnerability has been reported for the
> Netscape/Mozilla POP3 mail handler routines. These routines are found
in
> 'mozilla/mailnews/local/src/nsPop3Protocol.cpp'. Reportedly,
insufficient
> checks are performed on some server-supplied values. Specifically, the
> value for m_pop3ConData->number_of_messages is not sufficiently
checked
> for large values.
>
> An attacker may exploit this vulnerability through an
attacker-controlled
> POP3 server. By issuing a very large integer value that is used by the
> Netscape/Mozilla POP3 mail handler, it may be possible to cause the
> integer overflow condition and allocate a buffer that is too small. A
> buffer overflow condition may result if the malicious
attacker-controlled
> server attempts to write into the buffer at a location beyond the
boundary
> of what was actually allocated.
>
> Successful exploitation of this vulnerability may allow an attacker to
> obtain control over the execution of the vulnerable Netscape/Mozilla
> process.
>
> 5. Null HTTPD Remote Heap Corruption Vulnerability
> BugTraq ID: 6255
> Remote: Yes
> Date Published: Nov 26 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6255
> Summary:
>
> The ReadPOSTData() function allocates in_ContentLength+1024 into the
> pPostData buffer, which is used to receive POST data. The server reads
> POST data into the pPostData buffer from a network socket until the
data
> received is less then 1024 bytes.
>
> Sending over 1024 bytes of POST data will cause the server to read up
to
> another 1024 bytes from the socket. If a small ContentLength is
supplied
> by the attacker, it is possible overflow the allocated buffer while
> reading in the second packet of data. This is due to an insufficient
loop
> parameter while receiving data from the network.
>
> An attacker may exploit this condition to overwrite arbitrary words in
> memory through the free() function.  This may allow for the execution
of
> arbitrary code.
>
> It should be noted that this vulnerability is similar to the issue
> described in BID 5574, but requires a slightly different method to
> trigger.
>
> 6. FreeNews Include Undefined Variable Command Execution Vulnerability
> BugTraq ID: 6258
> Remote: Yes
> Date Published: Nov 26 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6258
> Summary:
>
> FreeNews is a freely available, open source News software package.  It
is
> written in PHP, and designed for use on Unix and Linux operating
systems.
>
> A problem with FreeNews could make command execution possible.
>
> Programming errors in FreeNews could lead to the inclusion of
arbitrary
> files on remote servers in the web application.  It is possible for a
> remote user to place commands in these include files that could result
in
> execution on the local host.  This would make remote arbitrary command
> execution as the web user possible.
>
> The problem occurs in the aff_news.php file.  By loading this file,
and
> defining the chemin variable to an arbitrary location, commands can be
> executed on the local host.  This vulnerability may also be used to
reveal
> sensitive information on the local host.
>
> 7. Pserv HTTP POST Request Buffer Overflow Vulnerability
> BugTraq ID: 6242
> Remote: Yes
> Date Published: Nov 25 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6242
> Summary:
>
> Pserv (Pico Server) is a freely available web server designed for
Linux
> and Unix variant operating systems.
>
> A buffer overflow vulnerability has been reported in Pserv.
Reportedly, it
> is possible to overflow a local buffer by making a malicious HTTP
request.
>
> Due to insufficient checks performed on user-supplied, by omitting the
> '\n' character from a malicious POST request, it is possible to
overrun
> the 'token' buffer.
>
> Exploitation of this issue will result in a denial of service.
Although it
> has not been confirmed, it may be possible for an attacker to execute
> arbitrary code.
>
> This vulnerability was reported for Pserv 2.0 beta 3. It is likely
that
> earlier versions are affected.
>
> 8. phpBB Script Injection Vulnerability
> BugTraq ID: 6248
> Remote: Yes
> Date Published: Nov 25 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6248
> Summary:
>
> phpBB2 is an open-source web forum application that is written in PHP
and
> supported by a number of database products.  It will run on most Unix
and
> Linux variants, as well as Microsoft Windows operating systems.
>
> phpBB does not properly sanitize script code from HTML tags embedded
in a
> forum posting.  This vulnerability could allow a user to inject
malicious
> script code into forum postings that would in turn be executed when
the
> page is viewed by a legitimate user of the forum.  The
attacker-supplied
> code would be executed in the security context of the phpBB site.
>
> The attacker supplied code would be able to access cookie data,
including
> authentication credentials, and to take actions on the vulnerable site
as
> the currently authenticated user.
>
> 9. Web Server Creator Web Portal Remote File Include Vulnerability
> BugTraq ID: 6251
> Remote: Yes
> Date Published: Nov 25 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6251
> Summary:
>
> Web Server Creator is a PHP based portal that includes a forum, chat,
> guestbook, and news functions.  It operates on Windows, Linux, and
Unix
> systems.
>
> The Web Server Creator Web Portal is prone to an issue which may allow
> remote attackers to include arbitrary files located on remote servers.
> This issue is present in the customize.php and index.php scripts.
>
> An attacker may exploit this by supplying a path to a maliciously
created
> file, located on an attacker-controlled host as a value for the 'l' or
> 'pg' parameter.
>
> If the remote file is a PHP script, this may allow for execution of
> attacker-supplied PHP code with the privileges of the webserver.
> Successful exploitation may provide local access to the attacker.
>
> 10. Bugzilla quips Feature Cross Site Scripting Vulnerability
> BugTraq ID: 6257
> Remote: Yes
> Date Published: Nov 26 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6257
> Summary:
>
> Bugzilla is a freely available, open source bug tracking software
package.
> It is available for Linux, Unix, and Microsoft Operating Systems.
>
> A cross site scripting vulnerability has been reported for Bugzilla.
This
> vulnerability only affects users who have the 'quips' feature enabled.
>
> The quips feature is designed to put short, user-supplied comments at
the
> top of bug lists. Reportedly, Bugzilla does not properly sanitize any
> input submitted by users.
>
> As a result, it is possible for a remote attacker to create a
malicious
> link containing script code which will be executed in the browser of a
> legitimate user, in the context of the website running Bugzilla.
>
> This issue may be exploited to steal cookie-based authentication
> credentials from legitimate users of the website running the
vulnerable
> software.
>
> 11. YaBB YaBB.pl Cross Site Scripting Vulnerability
> BugTraq ID: 6272
> Remote: Yes
> Date Published: Nov 28 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6272
> Summary:
>
> YaBB (Yet Another Bulletin Board) is freely available web forum
software
> that is written in Perl. YaBB will run on most Unix/Linux variants,
MacOS,
> and Microsoft Windows 9x/ME/NT/2000/XP platforms.
>
> A cross-site scripting vulnerability has been reported in the YaBB
forum
> 'YaBB.pl' script. This vulnerability is due to insufficient
sanitization
> of URI parameters.
>
> As a result, it is possible for a remote attacker to create a
malicious
> link to the login page of a site hosting the web forum. The malicious
link
> may contain arbitrary HTML code in URI parameters. When this link is
> visited by an unsuspecting web user, the attacker-supplied code will
be
> executed in their browser in the security context of the vulnerable
> website.
>
> It has been demonstrated that this vulnerability may be exploited to
steal
> cookie-based authentication credentials.
>
> This vulnerability has been reported for YaBB 1 Gold - SP 1. It is not
> known if other versions are affected.
>
> 12. Traceroute-Nanog Hostname Buffer Overflow Vulnerability
> BugTraq ID: 6274
> Remote: No
> Date Published: Nov 28 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6274
> Summary:
>
> Traceroute is a tool that is used to track packets in a TCP/IP network
to
> determine the path of network connections.  This vulnerability affects
the
> Traceroute-Nanog program, written for Unix and Linux operating
systems.
>
> A problem with Traceroute-Nanog may make it possible to execute
arbitrary
> code locally on a vulnerable host.
>
> It has been reported that a buffer overflow exists in
Traceroute-Nanog.
> Due to insufficient bounds checking in the Traceroute-Nanog program, a
> user may execute the program with a hostname of arbitrary length, and
> cause the overwriting of stack memory within the process.  This could
> result in the execution of attacker-supplied instructions.
>
> This program may present a risk if installed with setuid privileges.
By
> default, this program is installed with setuid privileges on Linux
> operating systems such as SuSE.
>
> 13. SSH Communications Secure Shell Windows Client URL Catcher Buffer
Overflow Vulnerability
> BugTraq ID: 6263
> Remote: Yes
> Date Published: Nov 27 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6263
> Summary:
>
> Secure Shell is the commercial SSH implementation distributed and
> maintained by SSH Communications. It is available for the Unix, Linux,
and
> Microsoft Windows platforms.
>
> A buffer overflow vulnerability has been reported for the Secure Shell
> Windows client. The vulnerability is due to an error in the URL
handling
> of the Secure Shell client. Reportedly, it is possible for a buffer
> overflow condition to be triggered when a user clicks on a very long
URL.
>
> An attacker can exploit this vulnerability by crafting a malicious
link,
> containing at least 480 characters, and enticing a victim user to
click
> it. This will result in the buffer overflow condition being triggered
and
> causing sensitive areas in memory to be overwritten with
attacker-supplied
> values. Any malicious attacker-supplied code embedded in the URL will
be
> executed on the victim system.
>
> This vulnerability affects the Secure Shell client for Microsoft
Windows.
>
> 14. Lib CGI Include Buffer Overflow Vulnerability
> BugTraq ID: 6264
> Remote: Yes
> Date Published: Nov 27 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6264
> Summary:
>
> Lib CGI is a freely available, open source CGI library for C
programmers.
> It is available for Unix and Linux operating systems.
>
> A buffer overflow may make the remote execution of arbitrary code
possible
> on a vulnerable host.
>
> It has been reported that a buffer overflow exists in the Lib CGI
> development library.  Due to improper bounds checking in an include
file,
> programs making use of this include, or programs linked against
libraries
> using this include could be vulnerable to a remote buffer overflow
attack.
> This could result in an attacker gaining remote access with the
privileges
> of the web server process.
>
> The libcgi.h include distributed with the Lib CGI development package
> contains an erroneous piece of code.  It has been reported that on
line 76
> of the include file, unchecked data is copied into a static buffer.
This
> could result in the overflow of data, and potential execution of
> attacker-supplied instructions.
>
> 15. News Evolution Include Undefined Variable Command Execution
Vulnerability
> BugTraq ID: 6260
> Remote: Yes
> Date Published: Nov 26 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6260
> Summary:
>
> News Evolution is a freely available, open source news software
package.
> It is written in PHP, and designed for use on Unix and Linux operating
> systems.
>
> A problem with News Evolution could make command execution possible.
>
> Programming errors in News Evolution could lead to the inclusion of
> arbitrary files on remote servers in the web application.  It is
possible
> for a remote user to place commands in these include files that could
> result in execution on the local host.  This would make remote
arbitrary
> command execution as the web user possible.
>
> The problem occurs in the aff_news.php file.  By loading this file,
and
> defining the chemin variable to an arbitrary location, commands can be
> executed on the local host.  This vulnerability may also be used to
reveal
> sensitive information on the local host.  This same vulnerability also
> occurs in the export_news.php file.
>
> An additional problem in the neurl variable could result in the same
> exposure in other files.  It is possible to arbitrarily include code
> through the neurl variable in the file screen.php.
>
> 16. PortailPHP SQL Injection Vulnerability
> BugTraq ID: 6273
> Remote: Yes
> Date Published: Nov 28 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6273
> Summary:
>
> Portail PHP is a Web portal project based PHP and MySQL. It is
available
> for the Linux, Unix, and Microsoft Windows operating systems.
>
> A vulnerability exists in the mod_search module included with
PortailPHP.
> The vulnerability is due to insufficient sanitization of variables
used to
> construct SQL queries in the 'index.php' script. Specifically, the
'rech'
> variable is not sanitized of malicious SQL input. It is possible to
modify
> the logic of SQL queries through malformed query strings in requests
for
> the vulnerable script.
>
> By injecting SQL code into the 'rech' variable, it may be possible for
an
> attacker to corrupt database information.
>
> 17. pWins Web Server Directory Traversal Vulnerability
> BugTraq ID: 6271
> Remote: Yes
> Date Published: Nov 28 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6271
> Summary:
>
> pWins is a Web server implemented using Ruby and Perl. It is designed
for
> use on Linux variant and Microsoft Windows operating environments.
>
> It has been reported that pWins fails to properly sanitize web
requests.
> By sending a malicious web request to the vulnerable server, using
> directory traversal sequences, it is possible for a remote attacker to
> access sensitive resources located outside of the web root.
>
> An attacker is able to traverse outside of the established web root by
> using dot-dot-slash (../) directory traversal sequences. An attacker
may
> be able to obtain any web server readable files from outside of the
web
> root directory.
>
> Disclosure of sensitive system files may aid the attacker in launching
> further attacks against the target system.
>
> This vulnerability has been reported for pWins 0.2.5 for the Microsoft
> Windows platform.
>
> 18. Bogofilter Bogopass Insecure Temporary File Creation Vulnerability
> BugTraq ID: 6278
> Remote: No
> Date Published: Nov 29 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6278
> Summary:
>
> Bogofilter is a package used to filter spam from incoming email. It is
> available for Linux and Unix variant operating environments. Bogopass
is a
> Perl script included with Bogofilter.
>
> Reportedly, bogopass creates temporary files in a predictable manner.
> Specifically, temporary files will be created in '/tmp' as
> 'bogopass.<PID>'. As a result, it is possible for local attackers to
read
> or corrupt files readable by the bogopass process. An attacker could
> potentially exploit this issue by creating a symbolic link in place of
the
> temporary file which is created. Any actions performed by bogopass
when it
> is executed will be performed on the file pointed to by the symbolic
link.
>
> An attacker may exploit this vulnerability to read, or corrupt,
> potentially critical system files.
>
> 19. Boozt index.cgi Buffer Overrun Vulnerability
> BugTraq ID: 6281
> Remote: Yes
> Date Published: Nov 29 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6281
> Summary:
>
> Boozt is a banner management program available for the Linux operating
> system.
>
> A buffer overrun has been discovered in the index.cgi script used by
> Boozt. By passing a string of excessive length, as the value for the
$name
> parameter, to the vulnerable script, it is possible to overwrite a
static
> buffer. This may result in the corruption of sensitive system memory.
>
> By overwriting sensitive memory with attacker-supplied values, it may
be
> possible to direct program flow to execute malicious instructions.
> Successful exploitation will result in the execution of arbitrary code
> with the privileges of the Boozt process.
>
> This issue is known to affect Boozt 0.9.8 and it is not known whether
> other versions are affected.
>
> 20. Traceroute-Nanog Spray Buffer Overflow Vulnerability
> BugTraq ID: 6275
> Remote: No
> Date Published: Nov 28 2002 12:00AM
> Relevant URL:
> http://www.securityfocus.com/bid/6275
> Summary:
>
> Traceroute is a tool that is used to track packets in a TCP/IP network
to
> determine the path of network connections.  This vulnerability affects
the
> Traceroute-Nanog program, written for Unix and Linux operating
systems.
>
> A problem with Traceroute-Nanog may make it possible to execute
arbitrary
> code locally on a vulnerable host.
>
> It has been reported that a buffer overflow exists in
Traceroute-Nanog.
> Due to insufficient bounds checking in the Traceroute-Nanog program, a
> user may execute the program with a spray packets amount of excessive
> size, and cause the overwriting of stack memory within the process.
This
> could result in the execution of attacker-supplied instructions.
>
> This program may present a risk if installed with setuid privileges.
By
> default, this program is installed with setuid privileges on Linux
> operating systems such as SuSE.
>
>
> III. LINUX FOCUS LIST SUMMARY
> ----------------------------
> 1. iptables REJECT types for UDP (if any) (Thread)
> Relevant URL:
>
> http://online.securityfocus.com/archive/91/301524
>
> 2. kazaa, dante, and iptables (Thread)
> Relevant URL:
>
> http://online.securityfocus.com/archive/91/301501
>
>
> IV. NEW PRODUCTS FOR LINUX PLATFORM
> -----------------------------------
> 1. ArcSight Enterprise Security Management Software
> by ArcSight
> Platforms: AIX, Linux, Solaris, Windows 2000, Windows NT
> http://www.arcsight.com/product.htm
> Summary:
>
> ArcSight is designed to distribute agents throughout the network,
which
> will report events to central management stations. Administrators can
then
> view events, control security policies and even replay a sequence of
> events to watch the attack unfold.
>
> 2. NetVigil
> by Fidelia
> Platforms: Linux, Solaris, Windows NT
> http://www.fidelia.com/products/index.phtml
> Summary:
>
> Fidelia NetVigil is a real-time integrated fault and performance
> management tool that provides end-to-end business visibility of your
> company's IT infrastructure. Fidelia NetVigil's unique architecture
will
> scale with your organization and allow you to view and correlate data
> across your servers, applications and network devices. Fidelia
NetVigil's
> instant configuration capabilities and multi-level views combine to
> expedite isolation and repair of IT problems, minimize downtime and
reduce
> the cost of labor and implementation. This translates into savings for
> your bottom line.
>
> 3. Arkeia 5
> by Arkeia
> Platforms: AIX, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, MacOS,
SCO,
> Solaris, SunOS, True64 UNIX, Unixware, Windows 2000, Windows 95/98,
> Windows NT, Windows XP
> http://arkeia.com/a5technical.html
> Summary:
>
> Safeguarding a company's priceless data can create a multitude of
> questions for system administrators. Arkeia provides proven answers:
> speedy, automated backup and recovery that is a reliable industry
standard
> for heterogeneous network backup. Arkeia is quick on its feet, easy to
use
> and smoothly compatible with almost all combinations of computers,
> operating systems and storage devices. It's simple to install,
configured
> in minutes and readily adaptable to anything from a small business
network
> to a complex enterprise. Arkeia automatically detects SCSI hardware
and
> recognizes tape drive types. Administrators can easily choose full or
> incremental backups that preserve directory structure, registry,
symbolic
> links and special attributes. Arkeia makes it easy to program
"exceptions"
> to your backup schedule with a convenient calendar interface.
>
>
> V. NEW TOOLS FOR LINUX PLATFORMS
> --------------------------------
> 1. MasarLabs NoArp v1.0.0
> by Masar
> Relevant URL:
> http://www.masarlabs.com/noarp/
> Platforms: Linux, POSIX
> Summary:
>
> MasarLabs NoArp is a Linux kernel module that filters and drops
unwanted
> ARP requests. It is useful when you need to add an alias to the
loopback
> interface to use a load balancer.
>
> 2. BW-IPFM v1.1
> by BW-IPFM
> Relevant URL:
> http://bw.intellos.net/
> Platforms: Linux, POSIX
> Summary:
>
> BW-IPFM uses ipfm log files to generate easy-to-read reports. It can
> provide daily and monthly reports and reports for a specific period.
>
> 3. Sysload server monitor v4.5
> by Good NRG
> Relevant URL:
> http://www.nrgglobal.com/products/sysload.php
> Platforms: AS/400, Linux, Netware, UNIX, Windows 2000, Windows NT,
Windows
> XP
> Summary:
>
> Sysload does system performance monitoring on operating systems (Unix,
> Linux, Windows 2000/XP and NT, Netware, AS/400, GC0S7), databases
(Oracle,
> SQL Server, DB2, Informix, Sybase), and applications (including Oracle
> Applications, SAP, Exchange, and IIS). It offers robust alerting and
> monitoring, and performance management solutions.
>