Windows NT Security Update - Information on Rdisk Race Condition, and the InetSrv 3.0 Buffer Overflow. Also contains articles on Internet Security with Windows NT, Email Encryption Plugin, and Change-Detection Software. NTsecurity homepage here.
d3fad445ac140dcb3f3f355fadd12b079518f12f7c8cea463e9a41c776190dc6Fwctl is a program that intends to make it easier to configure a tight firewall. It provides a configuration syntax that is easier to use and more expressive than the low-level primitives offered by ipchains. It supports multiple interfaces, masquerading and packet accounting. Fwctl doesn't replace a good security engineer, but it can make the job of the security engineer simpler.
820a6ad0cf4c9e39f85d67258df7a1c8180f56a15d84e22c1d851d443047a031The Falcon Project (the Free Application-Level CONnection) is an open firewall project with the intention of developing a free, secure and OS-independent firewall system. Falcon consists of different modules: Falcons's own proxies (generic TCP proxy and application-specific proxies), Squid for Web access and caching (modified package for Linux), and qmail for mail communication.
1628010f36f086dffea0ed511a1b62b4735021b6066f2991499be8fa5e334c4fxinetd is a replacement for inetd, the internet services daemon. Anybody can use it to start servers that don't require privileged ports because xinetd does not require that the services in its configuration file be listed in /etc/services. It can do access control on all services based on the address of the remote host and time of access. Access control works on all services, whether multi-threaded or single-threaded and for both the TCP and UDP protocols.
ec03d2092346616e5d9a7aa457f94e6bc3444ca2d1fa84a789ab94fe963aef87Stateful Packet Filter for Linux - constantly adjust an inbound packet filter to deal with allowing traffic in based on what was sent out. Now with RealAudio support.
ba8ad226569cce45d302b564238eecdf435dc7eb01501c284dc07e14a81ba1d9Swatch ("Simple WATCHdog") is a program for UNIX system logging, originally written to actively monitor messages as they are written to a log file via the UNIX syslog utility. Swatch was designed to keep system administrators from being overwhelmed by large quantities of log data. It monitors log files and acts to filter out unwanted data and take one or more simple user specified actions based upon patterns in the log. Swatch can monitor information as it is being appended to the log file and alert system administrators immediately to serious system problems as they occur.
c4ff2006f2a9142b2de844df66a0a81cd02b462916db92ee088ec284570352c9MS IIS 5.0 has problems handling a specific form of URL ending with "ida". The extension ida has been taken from the Bugtraq posting "IIS revealing webdirectories" The problem causes 2 kind of results. The one result is that the server responds with a message like "URL String too long"; "Cannot find the specified path" The other error causes the server to terminate with an Access Violation. When the server "Access violates" it displays as last message.
c6301bd7666cad9967d8dafc5ad77f1302a8469ac918b24e757bf1d26a8ed0d1InetServ 3.0 (Windows NT) advisory and remote exploit.
cc2c208ea5bc9b1947f2e030b63f6be5825fda3e7e55165f78c314720c1ebd67Stream.c summary - DoS attack due to bug in many unix kernels, including Linux, Solaris, and all of the BSDs.
7cff59a33278aed639fdb203cfa2c7908bff64e6c40976ab8b6cbef24bc3e0b9Nortel's new Contivity seris extranet switches give administrators the ability to enable a small HTTP server and use Nortel's web based administration utility to handle configuration and maitenance. The server runs atop the VxWorks operating system and is located in the directory /system/manage. A CGI application, /system/manage/cgi/cgiproc that is used to display the administration html pages does not properly authenticate users prior to processing requests. An intruder can view any file on the switch without logging in.
e6470da7422c75f82642fd4a9d29e044d0ee71eaad5f6c6e169743abe355b388There exists a vulnerability in rdisk (Windows NT) which causes the contents of the registry hives to be exposed to Everyone during updating of the repair info.
d9d891c8304ca57c3de11b9e0bbc9cea3224a33302ce1296a8a19047a3d8f5e0RTF files consist of text and control information. The control information is specified via directives called control words. The default RTF reader that ships as part of many Windows platforms has an unchecked buffer in the portion of the reader that parses control words. If an RTF file contains a specially-malformed control word, it could cause the application to crash.
27ba30c0f7c1e053fdc20342b41f7fbf0815631ae08c4738c0819002d49a196fUSSR Labs found following. A memory leak exists in the Super Mail Transfer Package that may cause an NT host to stop functioning and/or need to be rebooted. The memory leak may occur when you connect to the SMTP port, all information you send to the system will be stored in memory, and SMTP support multiples HELO/ MAIL FROM/ RCPT TO / DATA in the same connection. If you did multiple HELO/ MAIL FROM/ RCPT TO / DATA in the same connection the memory may not be deallocated. This condition may cause the computer to stop functioning the moment memory runs out.
098828bc67aee64abdd87dabcd122bf51262d7df84bd843eef9f319e6f289b2bTimbuktu Pro 32 (TB2) from Netopia sends user IDs and passwords in clear text. When TB2 is used to remote control a machine that is not logged in or is locked, any user ID and password that is typed in is sent in clear text. A malicious user on the network can "sniff" the packets and gain the NT User IDs and passwords of any one using TB2 to remotely control a NT machine.
7409f6db13593aa2d56a2998e62d44ee0c31c668b0139f93213cebc734a8677cWebSite Pro is also revealing the webdirectory of each Website by a simple command line. This bug is similar to the "IIS revealing webdirectories" bug reported. On WebSitePro the diference ist the way you retrieve the path.
70b108388a2f189b10b9a7b6a8056ebcc7c966497f269b5fed0b43153d271e8dJaynus Jaynus found following. He read over the ICQ overflow that had been found so he was curious if this existed in any other clients. Upon testing the below URL, yahoo pager/messenger crashed in the same was as ICQ.
afc1794d389c2f332846bb6da3abde5c120db7e53c76005bc13d3854a685e7bbEthereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers.
cc50df3e888a195319ddf17efec98d57edc7ac670114160578930c52fa1fde29The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off online and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.
4f4a235bffc7caa4775be7a1c492ba194a08b9210ad00a8cf3113b80803278beExcellet FAQ on packet sniffing version 0.3.0, updated Jan 15, 2000.
18096601ca786516ad5ca59eb160faffe8b4ec716cdeac439c6ef92f54a41b5aTcpdump allows you to dump the traffic on a network. It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor the network activities.
9d85ce6e1878df84d0d23e170c7adb1012880f0414abec5da02e735537cb5937Tripwall is a Tripwire clone developed for use with the Linux Router Project.
8374e6dcde17b2a0fbbfb92e565552fe840c028047f48853f965ccf757f89d4eACUA is a software package designed to facilitate the administration of user accounts and the enforcement of access restrictions on a Linux system.
babe2dc4a3c4ac7a560041074aebe9a96b66d4f7b253870c2f350f7d79b2564fApocolypso 1.3.1 is a new crypto tool from HNC. It supports a wide variety of encryption methods, including DES, Blowfish, IDEA, Gost, Misty 1, Twofish, Cast 256, Rinjindael, HNC Single Encryption, and HNC Multi Encryption. Apocolypso runs on Win95, 98, and NT.
e3971c5b03cf26796dc241c6178c8ccac77da47abcd69d1f21a2db9599bc306eBenchmarking Terminology for Firewall Performance - This document defines terms used in measuring the performance of firewalls. It extends the terminology already used for benchmarking routers and switches with definitions specific to firewalls.
1cfc1222f7893059f65761a05327b55cd6dcf9da670c0a6f2191bca669e20d84Net Sentinel 1.02a - This program: checks continuously the users connected to the share on your computer, warns you as soon as someone is connected, works under WIN 98 and WIN NT4.
185e965c95eb082e1f22a746b5ed2f3de5eeeb4f8aae352889f9ebb8aa13affa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed