Packet Storm new exploits for October, 2006.
f6ec553c60f72a7491d855aa1b7654761bfa22d6d856afefefd4c942cde38bc2Nuface is a Web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.
5328fe4f3047cd2249e1074c1a43ab7fc5382996d2363bbbdf74137ca32fbc42Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
38b9741b81ebaf7b98cddd882333869f2b6ad6ce97e0495b11b6c14b3642d26dSecurity Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
32b4dec44d7ac00e4544cc45eed115e9a99c7513e9e2bc2d0e1083373a2bb97aAdvchk (Advisory Check) reads security advisories so you do not have to. Advchk gathers security advisories using RSS feeds, compares them to a list of known services, and alerts you if you are vulnerable. Since adding hosts and services by hand would be quite a boring task, advchk leverages nmap for automatic service and version discovery.
536270dea9354bb0320963b63097be0149f116b999482a58a12ecb6c48e8ec71strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
998231c62cc2a27060fe9523c64cfd12f42865a9e3a0bf1a2f27e5a7aa900fa2Foremost is a console program that recovers files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc., or directly on a drive. The headers and footers can be specified by a configuration file, or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format, allowing for a more reliable and faster recovery. It was originally developed by the United States Air Force Office of Special Investigations and The Center for Information Systems Security Studies and Research.
3ea2ddd81247ef114be6f796cca86e1d2920dcb9b0d03212ec11aa71e4684c25Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
a8a77854dfdc6cee71344527510e64d1985222d20637c08f0b46b8d709c2e766SnortSMS is a highly configurable sensor management system that provides the ability to remotely administer Snort [and Barnyard] based Intrusion Detection Systems (IDS), push configuration files, add/edit rules, and monitor system health and statistics, all from a simple and clean Web interface console. Whether you have one or multiple Snort sensors, it can help unify and synchronize all sensor configurations.
453c52e38779345aa2bc93f1fd658903baaa66b0231d8c26b8818a7df9367122Secunia Security Advisory - Red Hat has issued an update for qt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
d81180655cd5ae798cffcc68f9214805c6557d54cf0f64c6b0bbc749f88805a0Secunia Security Advisory - Ubuntu has issued an update for imagemagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
6a939ecbb3865677ccb4f489b452ce0a0f17f2e26044a01c5610ada10edbac47Secunia Security Advisory - Ubuntu has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
a1d867a8285788449863b45c1dbc54541fc91589330f55d6b28550abf2b43b42Secunia Security Advisory - Ubuntu has issued an update for screen. This fixes some vulnerabilities, which can be exploited to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
a2b574e4daf760bb98180352f4c99833484ee5f805d487f7c9d8d006c8b59f84Secunia Security Advisory - Luigi Auriemma has reported some vulnerabilities in libmodplug, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
519b9000939c15041d3fc7f71296a727307d8ae15f631267fd9f3f013caf6abeSecunia Security Advisory - HP has acknowledged some vulnerabilities in VirtualVault and Webproxy, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or to compromise a vulnerable system.
5839cf6364eacedd4bd85721701c1fd49630a01be29e6947700f479c2f81004bSecunia Security Advisory - rPath has issued an update for tshark and wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
4bd904da0026bbde025602e768414ceb637a895c11e72e940521d36b69282a89Secunia Security Advisory - Matousec has discovered a vulnerability in Outpost Firewall, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
9a876951fb4f2c67d065fb51cfac13240784b549554828c289d96bc8ffb5f56cSecunia Security Advisory - securfrog has discovered some vulnerabilities in TikiWiki, which can be exploited by malicious people to disclose certain sensitive information and to conduct cross-site scripting attacks.
930dd96f6173c4f168bb3c973e1611d14d84287414df05ee7bf3d2f9ddf9c077Secunia Security Advisory - Ubuntu has issued an update for wvWare. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
53012dba480e34b4e2f28aacd45db379a58afd2d7f3bb4cc19217ece9b9d205eSecunia Security Advisory - Greg Linares has discovered a vulnerability in Easy Address Book Web Server, which can be exploited by malicious people to disclose sensitive information.
1060f3608630cb23995b63739f0470b18190ef1a095bdd1ec0adb96c6596c35dSecunia Security Advisory - Some vulnerabilities with unknown impacts have been reported in WordPress.
ec103ff6f96cecb3ca7bf705dbd1e90ed1ef83730c5170bf3c46fc6f17b171fdSecunia Security Advisory - A vulnerability has been reported in Cisco Security Agent Management Center (CSAMC), which can be exploited by malicious people to bypass certain security restrictions.
5f3949eba8be933aa94003426e203430448ea5773854a56e287532d24998ea88Secunia Security Advisory - Ubuntu has issued an update for mutt. This fixes some vulnerabilities, which can be exploited by malicious people to perform certain actions with escalated privileges.
8e3b1f62f5250459ddc0fd46b4044a2f3a7d601686b8c09ea9f93c5be1601bc9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed