Date: 1 Mar 2005 21:45:34 -0000
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #225
SecurityFocus Linux Newsletter #225
------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Do We Need a New SPIM Law?
     2. Apache 2 with SSL/TLS: Step-by-Step, Part 3
     3. Changing the Notification Process
II. LINUX VULNERABILITY SUMMARY
     1. Red Hat Enterprise Linux Kernel Multiple Vulnerabilities
     2. PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabil...
     3. UIM LibUIM Environment Variables Privilege Escalation Weakne...
     4. Invision Power Board SML Code Script Injection Vulnerability
     5. cURL / libcURL NTLM Authentication Buffer Overflow Vulnerabi...
     6. Verity Ultraseek Search Request Cross-Site Scripting Vulnera...
     7. PHPBB Multiple Remote Path Disclosure Vulnerabilities
     8. PHPBB Arbitrary File Disclosure Vulnerability
     9. PHPBB Arbitrary File Deletion Vulnerability
     10. MediaWiki Multiple Unspecified Remote Vulnerabilities
     11. Mono Unicode Character Conversion Multiple Cross-Site 
Script...
     12. Winace UnAce ACE Archive Remote Directory Traversal 
Vulnerab...
     13. Winace UnAce ACE Archive Multiple Remote Buffer Overflow 
Vul...
     14. ProZilla Initial Server Response Remote Client-Side Format 
S...
     15. ELOG Web Logbook Attached Filename Remote Buffer Overflow 
Vu...
     16. ELOG Web Logbook Multiple Remote Unspecified Vulnerabilities
     17. Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability
     18. Raven Software Soldier Of Fortune 2 Remote Denial Of 
Service...
     19. PHPWebSite Image File Processing Remote Arbitrary PHP File 
U...
     20. Mozilla Firefox Scrollbar Remote Code Execution 
Vulnerabilit...
     21. DNA MKBold-MKItalic Remote Format String Vulnerability
     22. Mozilla Suite Multiple Remote Vulnerabilities
     23. Gaim Remote Denial of Service Vulnerability
     24. BSMTPD Remote Arbitrary Command Execution Vulnerability
     25. PHP4 Readfile Denial Of Service Vulnerability
     26. Gaim File Download Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
     1. Samba vs NFS (Thread)
     2. RES: Samba vs NFS (Thread)
     3. [U] Re: Samba vs NFS (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. CoreGuard Core Security System
     2. EnCase Forensic Edition
     3. KeyGhost SX
     4. SafeKit
     5. Astaro Linux Firewall
     6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
     1. KSB - Kernel Socks Bouncer 2.6.10
     2. DigSig 1.3.2
     3. Firestarter 1.0.0
     4. Network Equipment Performance Monitor 2.2
     5. BitDefender for qmail v1.5.5-2 
     6. Bilbo 0.11
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Do We Need a New SPIM Law?
By Mark Rasch
Existing statutes may not be enough to crack down on Instant Messaging
spammers.
http://www.securityfocus.com/columnists/303

2. Apache 2 with SSL/TLS: Step-by-Step, Part 3
By Artur Maj
This article concludes our three part series dedicated to configuring
Apache 2.0 with SSL/TLS support, for maximum security and optimal
performance of SSL based e-commerce transactions.
http://www.securityfocus.com/infocus/1823

3. Changing the Notification Process
By Daniel Hanson
Developers have the opportunity to offer better vendor security 
procedures
and notifications in an open-source world.
http://www.securityfocus.com/columnists/302

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Red Hat Enterprise Linux Kernel Multiple Vulnerabilities
BugTraq ID: 12599
Remote: No
Date Published: Feb 19 2005
Relevant URL: http://www.securityfocus.com/bid/12599
Summary:
Red Hat Enterprise Linux kernel is reported prone to multiple 
vulnerabilities.  These issues may allow local attackers to carry out denial of 
service attacks and gain elevated privileges.

The following specific issues were identified: 

The Red Hat Enterprise Linux kernel is reported prone to two local 
denial of service vulnerabilities.

Another issue affecting the Red Hat Enterprise Linux 4 kernel 4GB/4GB 
split patch can allow local attackers to read and write to arbitrary 
kernel memory.

These issues are reported to affect the Red Hat Enterprise Linux 4 
kernel.

Due to lack of details, further information is not available at the 
moment. This BID will be updated when more information becomes available.

2. PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabil...
BugTraq ID: 12601
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12601
Summary:
PuTTY, PSFTP and PSCP are reported prone to multiple integer overflow 
vulnerabilities. The following individual issues are reported:

The first reported vulnerability, an integer overflow, exists in the 
'fxp_readdir_recv()' function of the 'sftp.c' source file.

A remote malicious server may trigger this vulnerability in order to 
execute arbitrary code in the context of the user that is running the 
affected client. It should be noted that this vulnerability exists in a 
code path that is executed after host key verification occurs, this may 
hinder exploitation.

The second issue, another integer overflow, is reported to exist in the 
'sftp_pkt_getstring()' of the 'sftp.c' source file.

A remote malicious server may trigger this vulnerability in order to 
crash the affected client or to potentially execute arbitrary code. It 
should be noted that this vulnerability exists in a code path that is 
executed after host key verification occurs, this may also hinder 
exploitation.

These vulnerabilities are reported to exist in versions of PSFTP and 
PSCP prior to version 0.57.

3. UIM LibUIM Environment Variables Privilege Escalation Weakne...
BugTraq ID: 12604
Remote: No
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12604
Summary:
Uim is reported prone to an privilege escalation weakness. It is 
reported that the Uim library will always trust user-supplied environment 
variables, and that this may be exploited in circumstances where the Uim 
library is linked to a setuid/setgid application.

An attacker that has local interactive to a system that has a 
vulnerable application installed may potentially exploit this weakness to 
escalate privileges.

4. Invision Power Board SML Code Script Injection Vulnerability
BugTraq ID: 12607
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12607
Summary:
Invision Power Board is reported prone to a JavaScript injection 
vulnerability. It is reported that the SML Code 'COLOR' tag is not 
sufficiently sanitized of malicious script content. 

Since this could permit an attacker to inject hostile JavaScript into 
the forum system, it is possible to steal cookie credentials or 
misrepresent site content.

This vulnerability is reported to affect Invision Power Board version 
1.3.1; previous versions might also be affected.

5. cURL / libcURL NTLM Authentication Buffer Overflow Vulnerabi...
BugTraq ID: 12615
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12615
Summary:
It has been reported that cURL and libcURL are vulnerable to a remotely 
exploitable stack-based buffer overflow vulnerability.  The cURL and 
libcURL NTML response processing code fails to ensure that a buffer 
overflow cannot occur when response data is decoded.

The overflow occurs in the stack region, and remote code execution is 
possible if the saved instruction pointer is overwritten with a pointer 
to embedded instructions.

6. Verity Ultraseek Search Request Cross-Site Scripting Vulnera...
BugTraq ID: 12617
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12617
Summary:
A cross-site scripting vulnerability reportedly affects Verity 
Ultraseek. This issue is due to a failure of the application to properly 
sanitize user-supplied input prior to including it in dynamically generated 
Web content.

An attacker may leverage this issue to have arbitrary script code 
executed in the browser of an unsuspecting user.  This may facilitate the 
theft of cookie-based authentication credentials as well as other 
attacks.

7. PHPBB Multiple Remote Path Disclosure Vulnerabilities
BugTraq ID: 12618
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12618
Summary:
phpBB is affected by multiple remote vulnerabilities.

The vendor has released phpBB 2.0.12 to address multiple path 
disclosure vulnerabilities affecting prior versions.  These issues can allow an 
attacker to disclose sensitive data that may be used to launch further 
attacks against a vulnerable computer.  

Due to a lack of details, further information is not available at the 
moment.  It is possible that some of these issues were previously 
identified in other BIDS.  This is not confirmed at the moment.  This BID 
will be updated when more information becomes available.

8. PHPBB Arbitrary File Disclosure Vulnerability
BugTraq ID: 12621
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12621
Summary:
phpBB is affected by an arbitrary file disclosure vulnerability.  This 
issue arises due to an input validation error allowing an attacker to 
disclose files in the context of a Web server running the application.

This may allow the attacker to gain access to sensitive data that may 
be used to carry out further attacks against a vulnerable computer.

A successful attack requires the attacker to have a user account and 
the presence of some non-default settings allowing for the uploading of 
remote avatars.

phpBB 2.0.11 and prior versions are affected by this issue.

9. PHPBB Arbitrary File Deletion Vulnerability
BugTraq ID: 12623
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12623
Summary:
phpBB is affected by an arbitrary file deletion vulnerability.  This 
issue arises due to an input validation error allowing an attacker to 
delete files in the context of a Web server running the application

It is reported that this issue allows an attacker to influence calls to 
the 'unlink()' function and delete arbitrary files.  Due to a lack of 
input validation, an attacker can supply directory traversal sequences 
followed by an arbitrary file name through the 'avatarselect' return 
value to delete specific files.

phpBB 2.0.11 and prior versions are affected by this issue.

10. MediaWiki Multiple Unspecified Remote Vulnerabilities
BugTraq ID: 12625
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12625
Summary:
MediaWiki is reported prone to multiple remote vulnerabilities. The 
following individual issues are reported:

An unspecified cross-site scripting vulnerability is reported to affect 
MediaWiki.

An attacker may leverage this issue to have arbitrary script code 
executed in the browser of an unsuspecting user.

An unspecified directory traversal vulnerability is reported to affect 
MediaWiki. The issue is reported to exist in the site administration 
image deletion functionality.

A privileged remote attacker may exploit this vulnerability to deny 
service for legitimate users.

11. Mono Unicode Character Conversion Multiple Cross-Site Script...
BugTraq ID: 12626
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12626
Summary:
It is reported that Mono is prone to various cross-site scripting 
attacks. These issues result from insufficient sanitization of user-supplied 
data and arise when Mono converts Unicode characters ranging from 
U+ff00-U+ff60 to ASCII. 

Mono 1.0.5 is reported vulnerable, however, other versions may be 
affected as well.

This issue is related to BID 12574 (Microsoft ASP.NET Unicode Character 
Conversion Multiple Cross-Site Scripting Vulnerabilities).

12. Winace UnAce ACE Archive Remote Directory Traversal Vulnerab...
BugTraq ID: 12628
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12628
Summary:
A remotely exploitable client-side directory traversal vulnerability 
affects Winace UnAce.  This issue is due to a failure of the application 
to properly sanitize file and directory names contained within 
malicious ACE format archives.

An attacker may leverage this issue by distributing malicious ACE 
archives to unsuspecting users.  This issue will allow an attacker to write 
files to arbitrary locations on the file system with the privileges of 
an unsuspecting user that extracts the malicious ACE archive.

13. Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vul...
BugTraq ID: 12630
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12630
Summary:
Multiple remotely exploitable client-side buffer overflow 
vulnerabilities reportedly affect Winace UnAce. These issues are due to a failure of 
the application to properly validate the length of user-supplied 
strings prior to copying them into static process buffers.

An attacker may exploit these issues to execute arbitrary code with the 
privileges of the user that activated the vulnerable application. This 
may facilitate unauthorized access or privilege escalation.

14. ProZilla Initial Server Response Remote Client-Side Format S...
BugTraq ID: 12635
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12635
Summary:
A remote client-side format string vulnerability is reported to exist 
in ProZilla. This issue is due to a failure of the application to 
properly implement a formatted string function. The format string 
vulnerability manifests when the affected application is handling initial server 
responses that contain format string specifiers.

An attacker may leverage this issue to execute arbitrary code on an 
affected computer with the privileges of an unsuspecting user that 
activated the vulnerable application.

Prozilla versions up to an including version 1.3.7.3 are reported prone 
to this vulnerability.

15. ELOG Web Logbook Attached Filename Remote Buffer Overflow Vu...
BugTraq ID: 12639
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12639
Summary:
ELOG Web Logbook is prone to a remote buffer overflow vulnerability. 
The vulnerability is reported to exist due to a lack of sufficient 
boundary checks performed on user-supplied data.

A remote attacker that can authenticate to the affected daemon may 
leverage this issue to execute arbitrary instructions in the context of the 
affected daemon.

This vulnerability is reported to affect ELOG versions up to and 
including version 2.5.6.

16. ELOG Web Logbook Multiple Remote Unspecified Vulnerabilities
BugTraq ID: 12640
Remote: Yes
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12640
Summary:
ELOG Web Logbook is reported prone to multiple vulnerabilities. The 
following individual issues are reported:

ELOG Web Logbook is reported prone to two remote heap-based buffer 
overflow vulnerabilities. It is reported that the overflows may be 
leveraged remotely to have arbitrary code executed in the context of the 
affected daemon.

A directory traversal vulnerability is also reported to affect ELOG Web 
Logbook; again, the details of this issue are not specified. It is 
conjectured that this issue may be exploited by a remote attacker to 
disclose sensitive information.

These vulnerabilities are reported to exist in ELOG versions up to and 
including version 2.5.6. Other versions might also be affected.

17. Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability
BugTraq ID: 12643
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12643
Summary:
The Trend Micro VSAPI scan engine library is prone to a heap-based 
buffer overflow vulnerability.  This vulnerability may be triggered when 
the library processes a malformed ARJ archive.

The vulnerability affects multiple Trend Micro products.  It is also 
noted that multiple attack vectors exist, as affected software may scan 
ARJ files in email attachments, and through various file transfer 
protocols.

18. Raven Software Soldier Of Fortune 2 Remote Denial Of Service...
BugTraq ID: 12650
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12650
Summary:
A remote denial of service vulnerability affects Raven Software Soldier 
Of Fortune 2.  This issue is due to a failure of the application to 
handle excessively long values derived from network data.

An attacker may leverage this issue to cause an affected server to 
crash, denying service to legitimate users.

19. PHPWebSite Image File Processing Remote Arbitrary PHP File U...
BugTraq ID: 12653
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12653
Summary:
phpWebSite is reported prone to a remote arbitrary PHP file upload 
vulnerability. The issue presents itself due to a lack of sanitization 
performed on image files that are uploaded when submitting an announcement.

A remote attacker may exploit this condition to execute arbitrary PHP 
code in the context of the hosting web server process.

This vulnerability is reported to affect phpWebSite versions up to an 
including version 0.10.0.

20. Mozilla Firefox Scrollbar Remote Code Execution Vulnerabilit...
BugTraq ID: 12655
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12655
Summary:
Reportedly a remote code execution vulnerability affects Mozilla 
Firefox.  This issue is due to a failure of the application to properly 
restrict the access rights of Web content.

An attacker may leverage this issue to compromise security of the 
affected browser; by exploiting this issue along with others (BIDs 12465 and 
12466) it is possible to execute arbitrary code.

It should be noted that although only version 1.0 is reported 
vulnerable, other versions may be vulnerable as well.

21. DNA MKBold-MKItalic Remote Format String Vulnerability
BugTraq ID: 12657
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12657
Summary:
A remote, client-side format string vulnerability reportedly affects 
DNA mkbold-mkitalic.  This issue is due to a failure of the application 
to securely implement a formatted printing function.

An attacker may leverage this issue to have arbitrary code executed 
with the privileges of an unsuspecting user that processes a malicious BDF 
format font file.

22. Mozilla Suite Multiple Remote Vulnerabilities
BugTraq ID: 12659
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12659
Summary:
Multiple remote vulnerabilities affect Mozilla Suite, Firefox, and 
Thunderbird.  The following text outlines the issues that have been 
disclosed.

Mozilla Foundation Security Advisory 2005-28 reports an insecure 
temporary directory creation vulnerability affecting the plugin 
functionality. A dialog box spoofing vulnerability is disclosed in Mozilla 
Foundation Security Advisory 2005-22. A '.lnk' link file arbitrary file 
overwrite vulnerability is reported in Mozilla Foundation Security Advisory 
2005-21. Mozilla Foundation Security Advisory 2005-20 outlines an XSLT 
stylesheet information disclosure vulnerability. Mozilla Foundation 
Security Advisory 2005-19 outlines an information disclosure issue affecting 
the form auto-complete functionality. A buffer overflow vulnerability 
is disclosed in Mozilla Foundation Security Advisory 2005-18. Mozilla 
Foundation Security Advisory 2005-17 outlines an installation 
confirmation dialog box spoofing vulnerability. A heap overflow vulnerability in 
UTF8 encoding is outlined in Mozilla Foundation Security Advisory 
2005-15.  Finally multiple SSL 'secure site' lock icon indicator spoofing
  vulnerabilities are outlined in Mozilla Foundation Security Advisory 
2005-15. 

An attacker may leverage these issues to spoof dialog boxes, SSL 
'secure site' icons, carry out symbolic link attacks, execute arbitrary code, 
and disclose potentially sensitive information.

Please note that this BID will be separated into individual BIDs as 
soon as further research into each of the vulnerabilities is completed. At 
that time this BID will be retired.

23. Gaim Remote Denial of Service Vulnerability
BugTraq ID: 12660
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12660
Summary:
Gaim is affected by a remote denial of service vulnerability.  This 
issue can allow remote attackers to crash an affected client.

A vulnerability in the client arises during the parsing of malformed 
HTML data.  This issue is nearly identical to that reported in BID 12589 
but is a separate issue.

Gaim versions prior to 1.1.4 are affected by this issue.

24. BSMTPD Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 12661
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12661
Summary:
The bsmtpd daemon is reported prone to a remote arbitrary command 
execution vulnerability.

A remote attacker may exploit his condition to execute arbitrary shell 
commands in the context of the affected bsmtpd daemon.

25. PHP4 Readfile Denial Of Service Vulnerability
BugTraq ID: 12665
Remote: No
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12665
Summary:
PHP4 is reported prone to a denial of service vulnerability. It is 
reported that the PHP 'readfile()' function may be utilized to trigger this 
issue.

An attacker that has access to a PHP enabled web host may exploit this 
vulnerability to crash the HTTP server that is incorporating the 
vulnerable PHP module.

26. Gaim File Download Denial of Service Vulnerability
BugTraq ID: 12667
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12667
Summary:
Gaim is affected by a denial of service vulnerability during the 
download of a file.  This issue can allow remote attackers to cause an 
affected client to fail.

A vulnerablity in the client arises when it tries to download a file 
with bracket characters '(' ')' in the file name.

Gaim version 1.1.3 is reported to be affected by this vulnerability; 
other versions may also be vulnerable.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Samba vs NFS (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/391832

2. RES: Samba vs NFS (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/391299

3. [U] Re: Samba vs NFS (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/391283

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary: 

CoreGuard System profile

The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates 
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.

CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets 
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits

2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary: 

Astaro Linux Firewall: All-in-one firewall, virus protection, content 
filtering and spam protection internet security software package for 
Linux. 
Free download for home users.

6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, 
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary: 

Low cost, easy to use Two Factor Authentication One Time Password token 
using the Cellular. Does not use SMS or communication, manages multiple 
OTP accounts - new technology. For any business that want a safer 
access to its Internet Services. More information at our site.
 
We also provide eAuthentication service for businesses that will not 
buy an Authentication product but would prefer to pay a monthly charge 
for authentication services from our our CAT Server.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary: 

KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects 
full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26 
uses a character device to pass socks5 and target ips to the Linux 
Kernel. I have choosen to write in kernel space to enjoy myself [I know 
that there are easier and safer ways to write this in userspace].

2. DigSig 1.3.2
By: 
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary: 

DigSig Linux kernel load module checks the signature of a binary before 
running it.  It inserts digital signatures inside the ELF binary and 
verify this signature before loading the binary. Therefore, it improves 
the security of the system by avoiding a wide range of malicious 
binaries like viruses, worms, Torjan programs and backdoors from running on 
the system.

3. Firestarter 1.0.0
By: Tomas Junnonen
Relevant URL: http://www.fs-security.com/
Platforms: Linux
Summary: 

Firestarter is graphical firewall tool for Linux. The program aims to 
combine
ease of use with powerful features, serving both desktop users and 
administrators.

4. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX, 
Windows 2000, Windows NT, Windows XP
Summary: 

NEPM is a very general, highly configurable, two part software system 
that monitors any type of logged data from IP networked equipment and 
reports it via E-mail and web pages. Current conditions and history from 
systems based on Windows NT/2000 and UNIX can be tracked and reported. 
Most major server, switch and router systems can be monitored, without 
running agents on the target systems.

5. BitDefender for qmail v1.5.5-2 
By: SOFTWIN <mmitu@bitdefender.com>
Relevant URL: http://www.bitdefender.com/bd/site/products.php?p_id=10
Platforms: Linux
Summary: 

BitDefender for qmail is a powerful antivirus software for Linux mail 
servers, which provides proactive protection of message traffic at the 
email server level, eliminating the risk to the entire network that 
could be caused by a negligent user. All messages, both sent and received, 
are scanned in real time, avoiding the possible infections and 
preventing anyone from sending an infected message. BitDefender claims 100% 
detection rate for all viruses in the wild (ITW) through its powerful 
scanning engines certified by the most prestigious testing labs (ICSA in 
February 2003, Virus Bulletin 100% in June 2003 and CheckMark in August 
2003).

6. Bilbo 0.11
By: Bart Somers
Relevant URL: http://doornenburg.homelinux.net/scripts/bilbo/
Platforms: FreeBSD, Linux
Summary: 

Bilbo is an automated, multithreaded nmap-scanner and reporter, capable 
of header fetching and matching the results against a database from 
previous scans.

VII. SPONSOR INFORMATION
-----------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------