Joe 2.8 local exploit - Requires sysadmin intervention. Tested on FreeBSD 4.2-Release.
f9e4feab1aeef09555b1b33372679785c883b5a1fe388035f561b68cdbce1373
Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
f7f922f8f16946ab95f37c07600d7d52e13c7d3e3b2865374f613ca83947a95c
Saint Jude LKM is a Linux Kernel Module for 2.2.0 and greater kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work equally well for both known and unknown exploits.
c105819d64f6618d2359f51876d4b6557c65033cc7bb9236e94192f35a1f1e23
Logplay is a sound-capable alert system with a modular design. It can monitor system logs, load averages, network connectivity, and is modular to support user-specific monitors. Logplay alerts the user via a sound (using anything Sox's play script understands), an e-mail, or system commands. It should run on almost any *nix system, or any system that has Perl, given that you can run it in the background and you write a module.
81716dcb4f91ce68a1dbfbeff61585a3fc2553f70d0edda0ffb5643a161688b8
fwipe overwrites your file a specified number of times (default: 5) and then deletes it. It is extremely secure; it will not be confused by filenames containing special characters, and is suitable for use against law enforcement.
fee232d53a5cc6244852f216e41d1e0b4976221f14a16c93e40c90ae6c7eaf0f
Crypto-gram for March 15, 2001. In this issue: The Security Patch Treadmill, Harvard's "Uncrackable" Crypto, TCP/IP Initial Sequence Number Flaw, The Doghouse: iBallot.com, The "Death" of IDS?, and 802.11 Security.
15d5a54d2bf20c20aaa2f201d2cd3da75827f22c25859732288b038f6c69f784
OpenBSD 2.7/2.8 patch which causes the timestamp to start at 0 for each connection, confusing nmap's remote uptime guess.
9f8d780d338bfcf9705e50d5403172b5cecfa21ac94b2d592238d13110f33a83
ICQr Information v1.3b reads out ICQ Database (DAT) files including personal data such as passwords.
91d83cd9ab4c8edade7b3a57e3a28aab4eafb03200097a7b8bab5bffec6eded8
This guide intends to teach the basics of buffer overflow to the average C programmer without the need for complex knowledge of assembly. Written with FreeBSD 4.2-Release in mind, but written for x86 *nix.
cb58a5e28f825f34f22a59c92b55d25701b5d23ebf652a924fb49ea2eaa8a82b
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
c7f4e6320da70c87700b46fd93d309f30f3422d7a7a862c35e8e1fcfc277b5b2
Zorp is a new-generation modular proxy firewall suite to fine tune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize out of band authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).
e2254f775099eb55ab808331c393b0eea7ab526d7ebdc902e096457995ce54e3
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
f729531a492d04be06ca697599161e6844352023230474180464d8d06a3c189f
Sniffer is a packet sniffer with a ncurses user interface. Shows network statistics, active TCP connections, UDP and ICMP packets. Features the ability to view and log the 48bit arp protocol. Multithreaded so that the user interface does not interfere with any of the packet capturing methods. View and log the following user space protocols FTP, POP3, HTTP, and more.
bd0fa0c14919b2b589b7677ef4e3e8700cc2b7010cbe8e042769c1c37e53960d
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.10 / 8.11 and will alter or delete various parts of a MIME message according to a flexible configuration file.
902417f6d9f0311f6e8a421151f443b23982df7a9d5d3b90bee15845d9b0654f
Arping is an arp level ping utility which broadcasts a who-has ARP packet on the network and prints answers. Very useful when you are trying to pick an unused IP for a net that you don't yet have routing to.
58bd9d2542327b065389a4c6bfb66092dc87a14ca2c399ae071af81fd5339411
Inflex is an email scanner which encapsulates your existing sendmail server setup. It scans both incoming and outgoing email and it does not alter your current /etc/sendmail.cf file. It can scan for email viruses, unwanted file types (eg. EXE, BMP, MPEG) and file names (eg. prettypark.exe). It can also be used to scan for text snippets within emails.
66ad62d009299c969251f0b9d6d962b5f3a6ccc99be476963ea06f9f62983074
MindTerm is a complete ssh-client in pure java which can be used either as a standalone java-application or as a java-applet. Includes a vt102/xterm-terminal with the ssh protocol and also "drop-in" socket replacements to use ssh tunnels transparently from a java application/applet.
36b73f3dcb05c96281c1d2e354b7df64078559e80ebc22d9517b6d1729fe5f51
USSR Advisory USSR-2001001 - The Windows SSH server (sshd) v2.4 is vulnerable to a denial of service attack. It can not handle more than 64 simultaneous connections. Fixed in v2.5.
3bdcb948c7b107ba1452c0a142cd268be0238e2a66b1e53cfb568e358b5c21ed
The Stick DDOS tool is a resource starvation attack against IDS systems. Many IDS systems are affected.
fb3c089efbb1b77760eceff0d11ba3affad8b80eb75f0658ffc53976bb76031a
ISS X-Force has been researching a new attack tool that can be used to launch a stress test against many popular intrusion detection systems (IDS). The new tool, dubbed Stick by its creators, has been reported to reduce performance, and/or deny service to many commercial IDS products. Stick has been reported to direct thousands of overt attacks at IDS systems. The additional processing required by IDS systems to handle the new load causes a Denial of Service (DoS) to manifest.
da1612bccb80ba244587e23c1bfb6b0a07c6e7e404ffbe49e615f9ba4a14b6a8
Red Hat Security Advisory RHSA-2001:027-02 - The sgml-tools uses temp files in an insecure fashion. Upgrade to the newest version.
39eb11b23194fe2bfc8dddc989a9876eeb485ff682d70ccd2fa97242f8657279
Red Hat Security Advisory RHSA-2001:029-02 - Format string vulnerabilities have been found in the IMAP code included with the mutt mail reader previous to v1.2.5, allowing a compromised or malicious IMAP server to execute code on the local machine.
651182840249b7d25c5e1384bd25fa4e5a19abf492e0af16ec9899b35d4b156a
Red Hat Security Advisory RHSA-2001:028-02 - An overflow exists in the slrn package as shipped in Red Hat Linux 7 and Red Hat Linux 6.x, which leads to remote users executing arbitrary code as the user running slrn.
da1dfcdf5e3c474abd98091c906590120e6935b352dfa01345aa842c9d76f583
Synapsis is a LKM rootkit for Linux which features file hiding, process hiding, user hiding, magic UID, and netstat hiding.
299a271382e7e36674ad25e835c29e4593253f9ee645b9906c074ec6c3d5e012
Checkp.sh checks which sun recommended patches need to be installed. Useful for Solaris admins! Uses the 2.6 patch list, but you can change it for others.
48ff8452cb9d9a63feae607a0029586fb3506c2a22be48c86b204ed33c7de576