syslog-ng as the name shows is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful.
890f68aa9253e3f8c5a5749cbedc3fa19ca80a9714f27d9e447564a08dfe09e0
Lance Spitzners investigation of some mystery packets - contains some good insight by many people in the security field attempting to identify which tool created the packets.
e72c12e1acb37e79161699a3b751dc1477a3d0997d232b544f067e7d9795cbb4
seraph.c checks a local system for uid bits, world writable files/directories, floating files, and stores them into logs. Basically a little c program that does some find commands.
a9d0612830fd1e0ab4734a28e28c37e6e8ac345d666d2573e90cc7c32fb77d64
CERT Advisory CA-2000-08 - Inconsistent Warning Messages in Netscape Navigator. A flaw exists in Netscape Navigator that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. Within one Netscape session, if a user clicks on "continue" in response to a "hostname does not match name in certificate" error, then that certificate is incorrectly validated for future use in the Netscape session, regardless of the hostname or IP address of other servers that use the certificate.
0f92b5f91c8d367d803b053a382ed8d03f57a06c09529a5caeeee1a67dc70fa4
Elm v2.5 buffer overflow exploit which provides a gid=12 shell if /usr/bin/elm is SGID. Tested on elm 2.5PL1-3, on Red Hat. Perl script to find offsets included.
de3ca64288f925a9826cafbf271fc6605aa272bb27361e89cf5913320a7c513f
Elm v2.4 buffer overflow exploit which provides a gid=12 shell if /usr/bin/elm is SGID. Tested on Slackware 3.6, elm 2.4PL25. Perl script to find offsets included.
03d1978ea3b8ab5173fda42c7786dc04993514aae31b5c97466470d36a8dddcf
FreeBSD-SA-00:20 - The MIT Kerberos 5 port version 1.1.1 and earlier contains remote and local root vulnerabilities. Note that the implementations of Kerberos shipped in the FreeBSD base system is not the MIT version and not vulnerable to these problems. However, a very old release of FreeBSD dating from 1997 (FreeBSD 2.2.5) did ship with a closely MIT-derived Kerberos implementation ("eBones") and may be vulnerable to attacks of the kind described here.
4f55ecf6320468d66123267409375a0ace13858593f9a6d9bf1e9f89ace29546
FreeBSD-SA-00:19 - A bug in the BSD kernel allows local users to cause every process on the system to hang during exiting. An undocumented system call is incorrectly exported from the kernel without access-control checks, allowing for a denial of service attack. Kernel patch included for FreeBSD.
45e3f6b40d7341db9e1de883923c171e91c998be44dc982602439178f3b0113b
Microsoft Security Bulletin (MS00-036) - Patch available for "ResetBrowser Frame" and "HostAnnouncement Flooding" vulnerabilities. Microsoft has released a patch for two security vulnerabilities, one affecting Microsoft Windows NT 4.0 and Windows 2000, and the other affecting Windows NT 4.0 only. The vulnerability allows malicious users to make it difficult or impossible for other users to locate services and computers on a network; in the worst case, it could allow him to provide incorrect information about the same services and computers. The "ResetBrowser Frame" vulnerability allows a malicious user to shut down browsers on his subnet, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser. Microsoft FAQ on this issue available here.
c6fc4716f985dcbf872cadc9bd8ee789148379268cddce015426bbef65d4c28f
SuSE Security Advisory - gdm prior to 2.0beta4 allows remote root compromise. Gdm is the GNOME replacment for xdm, handling graphical console and network logins. The gdm code, that process' logins over the network, could be tricked into writing data from the network right into the stack. This condition exists while gdm is running with root privileges and before the user is authenticated. Other distributions are affected as well. SuSE security site here.
b72a3c3c3aa5a34597dc9a0e68ba79f13b25815e8ef3f544fb17b99017973c2e
Securax-SA-03 - Ezboard v5.3.9 remote dos attack via wildcards in URL.
ed822a1fc27e53ef490ca1eaffb4b388a0110ab561a1a5b201ae6e3397654cf5
solaris 2.7 lpset local exploit, i386.
82677b09b51b7eeb5f50474a25d70291b3e7b4d5eae939b2f28a8b28490519fa
WordMake is a dictionary file creator. It takes a text file and makes dictionary files from them.
b8555bce406fcaceb7477abdf7f894b4b7c485c0a1d360784cd1135f18a7efaf
Antisniff Unix Researchers (free) version 1-1-2 - This is a command line only version that runs many of the same tests to determine if a sniffer is running on the local network that the Windows NT/98/95 GUI does. Currently only Solaris and OpenBSD are supported.
de65b35b3e0305a922c26f7817795b26ce9fb4ce56db18f99e8ab6d7d0596ca9
/usr/bin/fdmount local linux exploit.
bf34985b1a8b79c1e149fa1edad4560a07632b016f0109a4da99d03ceb463282
filterape.c exploits a new elm buffer overflow to get EGID mail on Slackware.
0283514040bf44953fc6a6a2b5828645f76e0fbbd4376d98586c0470084c52fc
LKM for OpenBSD which makes ipfilter always accept packets from a certain IP.
197676aa8158610f0465e0cbff238d7ad65f3f6f057fb6ddd92a4d63386fcc6c
Arpgen is a denial of service tool which demonstrates that a flood of arp requests from a spoofed ethernet and IP addresses would be a a practical attack on a local network. Includes a standalone version and a client-server version which can be instructed to dos its local network via udp.
aa791b7fdafbdd3fb523b84ea6c96d2d50eeaa85e87cd2c7632276b418b532c9
ARPCI2 automates the task of sending rpcinfo requests to a mass of hostnames. ARPCI2 is intended to be a small package with a fair amount of features including time stamp, vulnerability notifications and logging, and a clean interface.
64db2d0645d08aaebe160cbc0b4ea24fae1d43f4cd949d8ca82d0eb6986e6480
Xwindows remote dos attack - creates a sequence of socket connections to tcp port 6000. Xwindows slows to a crawl and sometimes does not respond to user input.
efe31e621870f97e050c9ccd97b857ea4370bb4acee4752fe8205face4d0fa94
Windows Security Digest - May 24, 2000. In this issue: Is PKI Secure Enough?, Offline Explorer Exposes System Files, NiteServer FTP Server Denial of Service, Windows IP Fragment Reassembly, Internet Explorer Frame Domain Verification, Internet Explorer Unauthorized Cookie Access, Internet Explorer Malformed Component Attribute, Unchecked Buffer in Lotus Domino 5.0.1, Crashing NetProwler 3.0, and BlackICE Blank Password and Code Execution.
d7ead0ef6dcd337e450e2e948b87a9e423745e7eed5918eb9ed7a0709b54d2c2
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.
f8164e4e16f6ab55872213c99bed2acc5191236d18e66f25f7ef49467101a235
CERT Advisory CA-2000-07 - Severe Microsoft Office 2000 UA ActiveX Control Vulnerability. Arbitrary code can be executed without any warnings by simply viewing an HTML document via a web page, newsgroup posting, or email message. Systems with Internet Explorer and Microsoft Office 2000 components are vulnerable, including Word 2000, Excel 2000, PowerPoint 2000, Access 2000, Photodraw 2000, FrontPage 2000, Project 2000, Outlook 2000, Publisher 2000, and Works 2000 Suite.
af4e50e3ab0903bafd940611b761caf724f15c7aa9f0df38e6461697a9c632da
The Cerberus Security Team has discovered that a flaw in the Carello web shopping cart enables remote attackers to vi ew .asp files on the the server's computer Affected system: Windows NT running IIS.
660eb984197ab48859340fb6d1ef3d916beb70b6534fb06bb49318f17b072048
USSR Advisory #42 - HP Web JetAdmin remote denial of service attack. HP Web JetAdmin Version 6.0 for Windows NT / 2000 has a heap overflow. Sending a malformed URL the JetAdmin service which runs on port 8000 will cause it to stop responding.
b4251729211b04a255d527fe18341e1736747e209fc075c277e456f5b72bec0c