samhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
d9ed906ca9c641206d8da7958e625115650b13d904f827efaab285b62ff78ec0
Dump v0.4b15 for Linux on Redhat and others contains a trivial local root vulnerability.
1cc730edaf82d8cf8af5f2a4f514fb02bdc686371b3f7ccea5653645df6e3c84
Dump v0.4b15 and below for Linux contains a trivial local root vulnerability. Includes proof of concept exploit tested on Redhat 6.2.
619ad6db79eab76deef0e838677432fc6d3bd08d012469e9ae413de13b917212
Packet Storm new exploits for October, 2000.
f1145b6d659bf5ec559a08dd9096cf689913972f0351e3538d9060762579d13c
This paper describes how the StJude kernel module stops local and remote exploits from being successful. The Saint Jude model for improper privilege transitions terminates program execution when it is exploited even if the exploit is unknown.
32a264782ffbeb3b1d5ac2fe7295419e164d7bcced7404713c2fa709c85c1ee7
Saint Jude LKM is a Linux Kernel Module for 2.2.11 and greater kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occuring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
37643ba93bc57afffa0b2696e08bb971606429da0f856cdd4260620c42f1b387
ISS Security Advisory - An exploitable buffer overflow has been found in Microsoft's Network Monitor utility. The vulnerability allows code to be executed on the remote computer with the privilege levels of the administrator. Windows NT, 2000, and SMS 1.2 and 2.0 are affected.
62cd0a353baa2b76a80fd2668586982a383c7b7773616bd881ac0df773aaa1f1
Microsoft has released a patch that eliminates the "Netmon Protocol Parsing" vulnerability in Microsoft Windows NT and 2000 server and SMS which allows remote users to gain control of an affected server. Protocol parsers in Network Monitor (Netmon) contain unchecked buffers which allow malicious users to execute arbitrary code by sending a malformed frame to a server which is monitoring traffic. Microsoft FAQ on this issue available here.
631236ac7c0e16c53931fdfc3f74466ee5528d93d9b6d8b318260308729b617b