IE 6sp1 for Windows 2000 and 98 has bugs in the showModalDialog and showModelessDialog methods of displaying dialog boxes which can be used to execute arbitrary commands. Most unpatched IE and Outook installations are vulnerable. Online demonstration exploit MS02-023, but IE 5.5 and 5.0 are still vulnerable.
adc13976e792486d71a781d3724cb4456937c63b31fb36bdbe418a967f248f48
Psf (Process Stack Faker) attempts "hide" UN*X processes (those seen by "ps auwx" & "top") without having root. Tested on FreeBSD 4.3, Linux 2.4, NetBSD 1.5, Solaris 2.7.
ffd5499ea1acc668c21132d2d2b62372eee0fee6a248e80beefaf9b2255d496c
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here. Now includes a brand new NetWare Core Protocol dissector. Several bugs were fixed and support for new protocols was added, including AFP, AODV, ASAP, ASP, ATP, DCCP, LMP, M2UA, and WebDAV (HTTP).
6e8b86b17cefe3c4b762179fffaedaea98948dfcad366fdf1750976457a009cc
SmtpRC is a fully configurable, multithreaded open mail relay scanner which supports scanning of IP blocks and can print the results to a Web page. It is intended for Systems Administrators to check IP blocks under their control.
48d4a526b72403290f253647441942b2ec61149ea1cdae8ccbdeb08d001e1342
Zorp is a proxy firewall suite which allows the administrator to fine tune proxy decisions (with its built-in script language), and fully analyze complex protocols (including SSH with several forwarded TCP connections, or SSL with an embedded POP3 protocol). FTP, HTTP, finger, whois, and SSL protocols are fully supported with an application-level gateway.
59490e1d34e1dcc5df27ac8da8680d5d7db1622e90c2b960eec8a809c14acbc4
Fwlogwatch analyzes the ipchains, netfilter, iptables packet filter, and Cisco logfiles and generates text and HTML summaries. Features realtime anomaly alerting capability, an interactive report generator, and the ability to cut off attacks by adding firewall rules.
4f5868cff5f1d2202af74ca8e89b1fc517da7d56bcdfe51d01bb9ef9c19343b9
Qmail-Scanner, (previously known as scan4virus) is an addon that enables a Qmail Email server to scan all gatewayed Email for certain characteristics. It is typically used for its anti-virus protection functions, in which case it is used in conjunction with commercial virus scanners, but also enables a site to react to Email (at a server/site level) that contains specific strings in particular headers, or particular attachment filenames or types.
29cde40716da54b1ba0db3f4ff882cd452424a28031857aba6fef1346de7a22e
Firewall Builder consists of object-oriented GUI and set of policy compilers for various firewall platforms. In Firewall Builder, firewall policy is a set of rules, each rule consists of abstract objects which represent real network objects and services (hosts, routers, firewalls, networks, protocols). Firewall Builder helps user maintain database of objects and allows policy editing using simple drag-and-drop operations. Firewall Builder can be used to manage firewalls built on variety of platforms including, but not limited to, Linux running iptables and FreeBSD or Solaris running ipfilter.
bd1de4f797427a5349fc42bbbdf410addd12428fe4a2639aa72371c2b956adf0
Remote Nmap is a python client/server package which allows many authorized clients to connect to a centralized nmap server to do their port scanning. This could be useful for security companies who want to have all their scans come from a dedicated machine.
53983633d05cd8c595dc6b2176cc627bb812846757eaf68fcef54e014d83c4b3
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
f3e73051c8780f7ebb6d3106fec7d584c33baff1a3a3aa5e831467983b03a4a6
Cisco Security Advisory - The Cisco Content Service Switch (CSS) 11000 series switches are susceptible to a denial of service attack caused by a soft reset due to improper handling of HTTP POST requests to the web management interface.
e29943737ca226061c14b1b2491f2630dacbeff69249ba2082bc21be47222621
Cisco Security Advisory - Cisco Cache Engines and Content Engines provide a transparent cache for world wide web pages retrieved via HTTP. The default configuration of the proxy feature can be abused to open a TCP connection to any reachable destination IP address and hide the true IP source address of the connection allowing for anonymous port scanning, dos attacks, spam, etc.
90dda9032936ddaa76e20df2b74ee75c7232797f81c592acdd20f58b6db84f78
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
d4632762d732834c6d5d536b3bd1e906e6ac0119d08bd24f775fe32a393b2de1
SuSE Linux security advisory SuSE-SA:2002:018 - A buffer overflow that allows remote code execution has been found in the code used by Lukemftp to process information returned from the PASV FTP command. Lukemftp is the standard ftp client in /usr/bin/ftp.
7c7016461f31b2c17ff9ef92c9ea6a3b7f1866c0f809f7be06301dba36e585b5
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
df124e1c78ead003f5b8af1a4ad047f887cbd6b4541aa532717789a87e33e29a
I know how to take meat away from a dog. How do I take a dog away from meat? This is not, unfortunately, a joke.
c7f89f29d7da757ca84d7f26d7624d026f4bbf38e9c8fcb52f17e9670eab783f
Linux Kernel Hooker library (LKH) version 1.1 (the subject of an article in phrack #58) provides a general purpose hooking interface with easy to use C primitives. It allows you to Hijack a kernel function, Add up to 8 callbacks for the function, Access the original parameters and modify them (retroactive changes), Add or remove a callback when you want, and more. Available for kernel versions 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.10, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, and 2.4.18.
803bdaeb7ed2a10b053826d87231306f31f5fc0f0193613ae6bf7613d1ff4f7a
Cerberus is an experimental tool kernel based for hardening systems. The main idea in local is that, except particular cases, a process can't have better privileges than his father. If Cerberus intercepts anomalies it kills the process before it starts to run. Cerberus stops remote exploits by ensuring that processes like in.telnetd or tcpd will never drop a shell.
ece7a2338f4b29250fdaba7920917dd49233ba0b3d8227b617f18aca8314fb92
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Secure Programming HOWTO here.
1303fe146d980871fbbb9a3977338f4f426e10e1cd35fbd9cd8bb88dd1326246
Exec Denier is a kernel module for NetBSD that restricts exec syscalls for certain UIDs. It is very useful for blocking exec calls for named and ntpd. It can also restrict exec calls for users to a certain directory. Changelog available here.
816dab99545116044312de51e57697d14c66c992ce590f81b6e8a869ce6115ae
Sms.c allows you to control any unix server via mobile phone, two way pager, or email.
558d302d5d92ab6b9af8f527507419ba6ec3a6780578cceb0207bfe44d4a8571
Microsoft Security Advisory MS02-023 - Six new serious vulnerabilities were discovered in Internet Explorer 5.01, 5.5, and 6.0. Some allow malicious web sites or HTML email to execute code, while others disclose information or allow malformed executables on a web page to download and run on the users system. Microsoft patch available here.
7b147f778fa5f76ed2a9b82c5714bdf381438322a2a03688726bcb9480e64611
GSM Demystified - A basic paper on GSM.
810d243fbbcd7f715eb0c8733a39281b3c365e3cd753bf16017e509e98aa2ddd
Tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities. Requires here. Incorporates libpcap-0.7.1.
5636ca5872f0972609c6744213516f0cc89c6ce6c68a567ade2e76314da23052
Linux and FreeBSD shellcode which reboots the machine. Info on Multi-OS shellcode here.
e1a494bd987d475eca05396c759a60fa126d13be3a265afb1c815b4af37d5f8d