Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
feb230813d221faf79a1196325a4df8f3616d44fb54212a4cd41cbfb1ed57c84
Logcheck parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
8c0430d579bab11eaa1f923ffc2abab4bcfb5db6116cf7099435f580ea7267d3
GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
ed85ad660e60b3cffa0341e6201d6ef480069e963296b3370cceda204297362c
Chkrootkit checks locally for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.
a6d2f67e1ec0e015cc4054c00654d076ede9156b89ed9bb360dbd47c8dd0d208
NISCC Vulnerability Advisory 758884/NISCC/DNS - Several vulnerabilities have been discovered within the Domain Name System (DNS) protocol by two DNS experts.
f5067cbeef82c7e9ebe4319e90b7534d271c600b27efa839a3fc53279645a68f
Sun Security Advisory - A security vulnerability in iPlanet Messaging Server/Sun ONE Messaging web-based e-mail may allow a remote unprivileged user the ability to gain unauthorized access to a webmail user's e-mail using a specially crafted e-mail message.
9960b64c657d1f090674bbc783b9277a42f87da8827b7db07a02cdf095dd27bc
Microsoft Security Advisory MS04-039 - A spoofing vulnerability exists that can enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site.
064efe33186d9c48dd686d2d40f88f2be3bece822a8b4753e81a66b11827539c
Gentoo Linux Security Advisory GLSA 200411-17 - mtink is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
0cb52e0b8edaf71f97709c5e924fe329859a89bb0d5dfad80190af0c49686ec8
eEye Security Advisory - eEye Digital Security has discovered a severe denial of service vulnerability in the Kerio Personal Firewall product for Windows. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the component that performs low level processing of TCP, UDP, and ICMP packets. Kerio Personal Firewall 4.1.1 and prior.
fc6f56e7525fecf78e38a0422cab20e07b4c2aaa3e3c445f0184c3b32f6f9403
Gentoo Linux Security Advisory GLSA 200411-16 - zip contains a buffer overflow when creating a ZIP archive of files with very long path names. This could lead to the execution of arbitrary code.
15b7427391c292b38aca553baa876a691747809daa18db5a46144518b0c17eb3
Debian Security Advisory 590-1 - Khan Shirani discovered a format string vulnerability in gnats, the GNU problem report management system. This problem may be exploited to execute arbitrary code.
003edaa09e05f34991c3b13efb82a96a16b8b67162fd2a345235220b28eb9b6c
Secunia Security Advisory - A vulnerability has been reported in SQLgrey Postfix greylisting service, which can be exploited by malicious people to conduct SQL injection attacks.
61841bdae0e827e307486597a0d94776db9d3d0d0f0d93f8e93978b9a496419d
Secunia Security Advisory - Positive Technologies has reported some vulnerabilities in Infuseum ASP Message Board, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
9d564683d836a04b4f7739d2a82591711e258f736c3f0e228ebe3c6ea8d5dd02
Secunia Security Advisory - A vulnerability has been reported in Samhain, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error in the database update code. This can be exploited to cause a buffer overflow when a malicious directory is checked with Samhain. The vulnerability has been reported in versions 1.8.9 through 2.0.1.
d3cbc48d883a21087ebecd4355fae7ab4303c6a2ad69919784fe94d2334cc6d9
Secunia Security Advisory - Positive Technologies has reported some vulnerabilities in Nucleus, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
00c5308514f15323bb450a8b79c4fd05accf5b06b3170cb826de444057fe790b
Netgear DG834 is susceptible to a denial of service attack and URL filtering bypass vulnerabilities.
5a9f33401454c1dd2cd894c887ab4df056a377c097ac5e4c9d56c45c802d51de
JAF CMS is susceptible to path disclosure and directory traversal attacks.
7072af4eb62c08137389015e4f2b4cd7805e59cbb744ba7cd4239a01a4338488
iDEFENSE Security Advisory 11.08.04 - Remote exploitation of an input validation error in Samba could allow an attacker to consume system resources and potentially cause the target system to crash.
131548f64663e091c700d9c86eed756350dffa82c05ce5da3dfe0dec012e41a5
truste.org is susceptible to cross site scripting flaws.
76d0098145229faa2de84016e96ea7c0a415314736ee1baafb2ca0847c857008
Secunia Security Advisory - A vulnerability has been reported in JAF CMS, which can be exploited by malicious people to disclose sensitive information.
52eca8656b068c07e67ee83aebf6a55f4be17338eb0917b94569a2a8d4c2cd8b
Secunia Security Advisory - Two vulnerabilities have been reported in Mantis, which can be exploited by malicious users to gain knowledge of potentially sensitive information.
c26acae6d4f5d4a2bb53bac2c9834814ab643d5c3f00629c9c6d87bf15808248
Java Runtime Environment versions 1.4.2, 1.5.0, and possible others are susceptible to a remote denial of service attack.
0834f0d8c97e493e37382431176c3e2b024f4b9c11cb1d4bb30104ea6d9bcaef
Gentoo Linux Security Advisory GLSA 200411-15 - groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
5025e3a05de356f4a2bd6b79e20a9aeefb98a062e3e5bdcaac7dab2552bedf0f
Debian Security Advisory 586-1 - The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles.
2806acec54a192be97e35fa9729590802c0f92926e29bd6b5388f7a2a57ba55b
Article about evidence mounting that the vote was hacked. The FBI has been called in to Florida.
4e6b3faab1f4246e83aeaa66d635bec477d9bbbb64ccb1f0d68befd79bd414fd