Napalm Magazine issue #9 - In this issue: Cable Modem Quicky: Hiding Inside the Data Link Layer, The Hacker's Survival Kit, On Binary Size and Reduction, Hacker 'Zines and Information Security Magazine, Press Release: Cybertech Magazine, More Holes in Sun Cluster 2.x, Masquerading as IPSEC for Fun and Profit.
dedb8e8a9b95f67032c7a7c0efd1b65c9536deadbf497f674ec744b788f0990eThe Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and privileged IP aliases for kernel 2.0.
344f3a6d2f4002b6b02bf7331ee38b2611faf4b19354bdd970e2fec9c9a74cfdThe Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and privileged IP aliases for kernel 2.0.
b6430969c8e562784874ef4735ebc4e84e5be9eac68657408bbaa3acbc5877a1Massbind combines binfo-udp with a shell script to get the Named version on mass host lists. Allows entire TLD scanning.
b49a070a2161ab7aef07ed727fe8fe844b879373c7a7cfbbf9d26b3dcded9dc3Bind prior to 8.2.3-REL remote root exploit - exploits the named INFOLEAK and TSIG bug. Includes shellcode for Linux. Slightly broken.
034cca5e2df8deb3c0e4e7f8e10041e5a69ac9dbe3534447eecc3a643245711bSquirt is a perl tool for finding and exploiting local buffer overflow vulnerabilities which is very configurable and platform independent. It is possible to exploit almost any local overflow on any system by providing the correct values as arguments (or brute forcing them), telling the program how the overflow must be triggered, and by eventually loading (system specific) desired shellcode.
88278cfb3fbfb29856c07040e2ffd772e5316987021af405e4424e3215848f04OpenBSD Security Advisory - OpenSSH-2.3.1, a development snapshot, only checked if a public key for public key authentication was permitted. In the protocol 2 part of the server, the challenge-response step that ensures that the connecting client is in possession of the corresponding private key has been omitted. As a result, anyone who could obtain the public key listed in the users authorized_keys file could log in as that user without authentication. This vulnerability affects only OpenSSH version 2.3.1 with support for protocol 2 enabled. The latest official release OpenSSH 2.3.0 is not affected by this problem. The latest snapshot version OpenSSH 2.3.2 is not affected either. Fix available here.
68fbfb4c37fcf6a2ccb203e9d14a67d3faefbbe5b690c673b4d718c46e3d1004Razor Bindview Advisory - A remote root vulnerability exists in the crc32 compensation attack detector (deattack.c) of most ssh daemon installations (F-SECURE, OpenSSH, SSH from ssh.com, OSSH). Insufficient range control calculations (16-bit unsigned variable is used instead of 32-bit, which causes integer overflow) in the detect_attack() function leads to table index overflow bug. This effectively allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with uid 0, and this can be leveraged to obtain general root access to the system. This is fixed in OpenSSH 2.3.0, ossh-1.5.8, and SSH-2.4.0.
72f0b876373954999b3e48c286d832d9874353833141a0ee8db15f4cd9b2c873ORE SDI Security Advisory CORE-20010207 - SSH1 CRC-32 compensation attack detector vulnerability. In 1998 a design flaw was fixed in SSH1 which allowed an attacker to inject malicious packets into an SSH session. In fixing this bug, a new vulnerability in deattack.c was created which allows remote attackers to execute arbitrary commands on the server. OpenSSH prior to v2.3.0 is vulnerable, as are ssh.com's ssh-1.2.24 through 1.2.31, and F-Secure SSH-1.3.x.
fdc00415fdba450c4d5644f7ad33db0ce3a7dd4e86d112d5602ed9d33c296dedCORE SDI Security Advisory CORE-20010116 - SSH protocol 1.5 session key recovery vulnerability. An attacker who obtains all the encrypted packets of a session can obtain the session key and decrypt the stored session, or even alter it if it is still active. Some SSH2 servers which fall back to SSH1 are also vulnerable. OpenSSH and SSH2 from ssh.com is not vulnerable.
a78ea5475621a69079002d160cd0ae72cd81f9445059bac41af7e7560de10a54Angst is an active packet sniffer, based on libpcap and libnet. Dumps into a file the payload of all the packets received on the specified ports. Two methods of active sniffing are implemented - Angst is able to monitor ARP requests, and after enabling IP forwarding on the local host, it sends ARP replies mapping all IPs to the local MAC address. In addition, it has the ability to flood the local network with random MAC addresses (like macof), causing switches to send packets to all ports. Tested on Linux and Free/Net/OpenBSD. Readme available here.
249850a9a68c4357d938e509aae3008f25196a7c756185ea9bcc9f5793422a9aThe Network Security Monitor Daemon is a lightweight network security monitor for TCP/IP LANs which will capture certain network events and record them in a relational database. The recorded data is then made available for analysis via a CGI-based interface.
ab9891e81ba3cb1b4a27b6137788cdf4cec4118f065ba6d2f8369055d8d6b851LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here.
caf83a28fc770c6747dd4d40e9f056db5145a0b88b7cdcc12e2a41c24117c3a8Tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities. Requires Libpcap.
94624c673d0dad3e64f0ad7971330a641928b6b780511db7870afa7a525e7bafLibpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump.
a551ea7368b1b58e329535e2d4cea9f6a65ed79e1b5bdd8b5c07cb108bbae6e5HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories iff they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
1ec3f85589533a855813a3831a0426e8c5df488ec2e2d29e74188b4d63c9dd09tcpstat reports certain network interface statistics much like vmstat does for system statistics. It gets its information by either monitoring a specific interface, or by reading previously-saved tcpdump data from a file.
1ddcfe381f7a13ea79d5995aee91be5fff52c13701326fa4150536f51119da74SAStk (Slackware Administrators Security tool kit) aims to provide a set of tools and utilities to install and maintain a reasonable level of security for the Slackware GNU/Linux distribution. At the same time, it should ease administration with a new centralized initialization setup and background information on what each daemon does.
bfc842ed54590f871c5aab2b980ff916609dc165135fa4eeb3a897ac00e4517fBugtraq.c is an exploit for the Bind tsig bug which has been crippled somewhat. Tested against Slackware 7.0.
76a57df25b9052d61775586136f76374287faa9aa43d5da33294c2b0e828877fPerlforce is a perl version of Mirkforce, a program that allows you to load a lot of clones using addresses on your subnet. Now much more powerful than the origional mirkforce - Works on many IRC networks.
5cd27a5066cdc0c2d898454cfc1ca40a164a9b1760b6e67593c1d4d2b612b1c4How to use Iptables - Explains the new features, how to use them, how to write rulesets, and includes a sample firewall script.
4466b2b5cdbeb6765ffa0cab3810925ead1ec435fdc75b1f44b3f4c9267bad2dGraded Risk Based Security Configuration for Windows NT - How to secure a Windows NT machine, based upon the agreed security risk profile of the target system. Includes Initial Installation, System Accounts, User Accounts and Rights, File and Registry Access Control, Network Access Control, Subsystems, Malicious Code, and Event Logging.
ffbf23df911e7c5224b0d2b57e46c3f1a5f6a965a21380ca0fc33b79f8cf576bBackLog is a Windows NT service that facilitates the real time central collection and processing of Windows NT Event Log information. All three event logs (Application, System and Security) are monitored, and event information is converted to comma delimited text format, then delivered over UDP to a remote server. BackLog is currently configured to deliver audit information to a SYSLOG server running on a remote (or local) machine.
2a7e60ba1adf27e0116c79bce183db5f3823d8c50de29fce265044f753654e8eRazorback is a log analysis program for Gnome which interfaces with the Snort Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. Screenshot here.
033824d50de2071828f3fb0259ca7de33e837ed9c03584736ce5c5cc2a0db09aICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH. This version is still under development.
9a498d683d07bd810a34575d0cfbf080070540e73c0df70ba09a0a8880e40a98
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed