Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IV, Issue: 11
March 18, 2005

SANS Newsletters Home

Although this week's new vulnerabilities are mostly not critical, four new exploits have been posted, some of which exploit older critical vulnerabilities on Windows and cross platform. See ##6 through #9 below.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 0 (#6, #9)
    • Third Party Windows Apps
    • 5 (#1, #3)
    • Linux
    • 2 (#5)
    • Unix
    • 2
    • Cross Platform
    • 10 (#2, #7, #8)
    • Web Application
    • 17 (#4)
    • Network Device
    • 1
    • Hardware
    • 2

********************* Sponsored by SANS 2005 ***************************

SANS 2005, in San Diego in early April (on the ocean) is SANS' largest security and audit training conference and expo. Wonderful teachers who teach material you can put to work immediately upon returning to work. Extraordinary teachers present the most current tools and techniques. Late registration deadline is today. March 18. Details at http://www.sans.org/sans2005 What attendees say: "SANS is the gold standard in network security training, in terms of relevance of material, knowledgeable instructors, and sheer usefulness." (Steve Keifling, SGI)

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Unix
Cross Platform
Web Application
Network Device
Hardware

*********************** SPONSORED LINKS *********************************

This link goes to a site outside SANS: Free Threat Management Software for Home Lab Use: IDP, File Integrity, Service Monitoring and More http://www.sans.org/info.php?id=736

*************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar (rohitd_at_tippingpoint.com) at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) MODERATE: Ipswitch IMAP Server EXAMINE Command Overflow
  • Affected:
    • Ipswitch Collaboration Suite IMail Server version 8.13 and prior

  • Description: Ipswitch Collaboration Suite (ICS), an email and workgroup collaboration solution reportedly used by over 60 million people world-wide, contains an overflow in its IMail IMAP server. The flaw can be triggered by a specially crafted EXAMINE command with an argument longer than 259 bytes. An authenticated attacker can exploit the flaw to execute arbitrary code with the privileges of the IMAP daemon, possibly SYSTEM. Note that the IMail server is being used by many ISPs. Thus, any subscriber may leverage this flaw to control a vulnerable ISP's mail services.

  • Status: Ipswitch has released version 8.15 Hotfix 1.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (2) LOW: MySQL Database Multiple Vulnerabilities
  • Affected:
    • MySQL version 4.0.23 and prior, version 4.1.10

  • Description: MySQL database contains vulnerability in "CREATE FUNCTION" procedure that may be exploited to execute arbitrary code with the privileges of the "mysql" user. Another vulnerability in the "udf_init" function allows an authenticated user to load functions from an arbitrary library into the database. In order to exploit these flaws, an attacker needs the credentials to invoke "INSERT" and "DELETE" procedures on the MySQL administrative database (typically available to "root" user). Proof-of-concept exploits have been included in the discoverer's postings. It is worth pointing out that a similar privilege escalation vulnerability was exploited by a worm in January 2005 by targeting the Windows MySQL installations with weak "root" passwords.

  • Status: MySQL has confirmed the flaws. Version 4.0.24 and 4.1.10a have been released to address the issues. A workaround to prevent attacks originating from the Internet is to choose strong MySQL "root" and other user passwords.

  • Council Site Actions: Most of the council sites are responding to this item. Some sites have already upgraded to the fixed version and other sites plan to upgrade during their next regularly scheduled system update process. In addition, several sites commented that they have no Internet exposure to this problem. One site is investigating if the 3.x series is vulnerable as well. If so they will install the updated packages produced by Linux vendors, as they become available.

  • References:
Other Software
  • (5) MODERATE: SuSE Openslp Multiple Buffer Overflows
  • Affected:
    • SUSE Linux Enterprise Server 9
    • Novell Linux Desktop 9

  • Description: Service Location Protocol (SLP) allows networking applications to discover the existence, configuration and location of networked services (such as printers) in an enterprise. OpenSLP is an open-source implementation of this protocol. SuSE team, who audited the OpenSLP protocol, has found multiple buffer overflow vulnerabilities. A malformed SLP message may exploit these overflows to possibly execute arbitrary code with the privileges of the slpd daemon. Technical details about the overflows have not been published yet.

  • Status: SuSE/Novell has released binary packages to fix the flaws. The OpenSLP has been ported to multiple OSs, which may also be affected (not confirmed). A workaround is to block ports 427/tcp and 427/udp to limit attacks from the Internet.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Exploit Code
  • (7) Safenet Sentinel License Manager Buffer Overflow

  • Description: Hat-Squad team has released an exploit for the "CRITICAL" overflow in the Sentinel License Manager service discussed in the last week's @RISK newsletter.

  • Council Site Actions: The affected software is not in production or widespread use, or is not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (9) Internet Explorer Cross Zone Vulnerability (MS05-014)

  • Description: Exploit code for one of the Internet Explorer cross-zone scripting vulnerability patched by MS05-014 is now publicly available.

  • Council Site Actions: Most of the council sites have already patched their affected systems. One site is still investigating and another site commented that browser patching on servers is a lower priority.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 11, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 4106 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 05.11.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: GoodTech Systems Telnet Server Remote Buffer Overflow
  • Description: GoodTech Systems Telnet Server is vulnerable to a remote buffer overflow condition. An attacker may leverage this issue to execute arbitrary code with SYSTEM privileges on a computer running a vulnerable version. All current versions are affected.
  • Ref: http://www.securityfocus.com/archive/1/393295
  • 05.11.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec AntiVirus SMB Scan Evasion
  • Description: Symantec AntiVirus is vulnerable to a scan evasion issue. This issue is due to a design error and may allow potentially malicious files to bypass detection. Files placed by a malicious client on a SMB share are not scanned when clients open them. Symantec AntiVirus Corporate Edition 9.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/393255
  • 05.11.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PlatinumFTPServer Denial of Service
  • Description: PlatinumFTPServer is vulnerable to a denial of service condition. The issue exposes itself when a remote user makes 50 or more connections with a malformed user name. PlatinumFTPserver versions 1.0.18 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/393038
  • 05.11.4 - CVE: CAN-2005-0734
  • Platform: Third Party Windows Apps
  • Title: Active Webcam Webserver Multiple Vulnerabilities
  • Description: PY Software Active Webcam is an application used for capturing and sharing video streams from various video devices. It is vulnerable to multiple insecurities including a denial of service and a file system information disclosure.
  • Ref: http://www.securityfocus.com/bid/12778/
  • 05.11.15 - CVE: CAN-2005-0707
  • Platform: Third Party Windows Apps
  • Title: Ipswitch Collaboration Suite IMail Server Buffer Overflow
  • Description: Ipswitch Collaboration Suite (ICS) provides e-mail and real-time collaboration. The IMAP service included with it is vulnerable to a buffer overflow issue due to insufficient boundary checks performed on arguments to the EXAMINE command and may allow a remote attacker to run arbitrary code. IMail Server versions 8.13 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/392871
  • 05.11.5 - CVE: CAN-2005-0384
  • Platform: Linux
  • Title: Linux Kernel PPP Driver Remote Denial of Service
  • Description: Linux Kernel Point-to-Point (PPP) protocol driver is prone to an unspecified remote denial of service vulnerability. The issue can allow a malicious PPP client to crash the server. Linux Kernel version 2.6.8 is affected.
  • Ref: http://www.securityfocus.com/advisories/8229
  • 05.11.6 - CVE: CAN-2005-0398
  • Platform: Linux
  • Title: racoon ISAKMP Header Denial of Service
  • Description: Kame racoon is an IKE (Internet Key Exchange) daemon. It is vulnerable to a denial of service issue due to a failure to handle ISAKMP packets with malformed headers. racoon versions 20050307 and earlier are known to be vulnerable. Ref: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view
  • 05.11.7 - CVE: Not Available
  • Platform: Unix
  • Title: OpenSLP Multiple Unspecified Buffer Overflow Vulnerabilities
  • Description: OpenSLP is an implementation of SLP (Service Location Protocol). It is vulnerable to multiple unspecified buffer overflow conditions. Attackers could leverage these issues to cause a denial of service or execute arbitrary code on a vulnerable system. All current versions are affected.
  • Ref: http://www.securityfocus.com/advisories/8224
  • 05.11.8 - CVE: CAN-2005-0706
  • Platform: Unix
  • Title: Grip CDDB Multiple Matches Buffer Overflow
  • Description: Grip is a GTK front-end for command line CD ripping tools. It is vulnerable to a buffer overflow issue when processing CDDB replies containing more than 16 matches. Grip versions 3.1.2 and 3.2.0 are known to be vulnerable. Ref: http://sourceforge.net/tracker/?group_id=3714&atid=103714&func=detail&aid=834724
  • 05.11.9 - CVE: Not Available
  • Platform: Cross Platform
  • Title: RXVT-Unicode Escape Sequence Remote Buffer Overflow
  • Description: RXVT-Unicode is an X11-based terminal emulation application. It is vulnerable to a remote buffer overflow issue due to a failure of the application to securely copy externally supplied input into process buffers and may be leveraged by an attacker to execute arbitrary code. RXVT-Unicode versions prior to 5.3 are affected.
  • Ref: http://dist.schmorp.de/rxvt-unicode/Changes
  • 05.11.10 - CVE: CAN-2005-0083
  • Platform: Cross Platform
  • Title: MaxDB Multiple Denial of Service Vulnerabilities
  • Description: MaxDB is a version of SAP DB. The WebAgent is vulnerable to multiple remote denial of service vulnerabilities due to the failure of sanitization of user-supplied functions. MaxDB versions 7.5.00.24 and earlier are reported to be vulnerable. Ref: http://www.idefense.com/application/poi/display?id=218&type=vulnerabilities&flashstatus=true
  • 05.11.11 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Lime Wire Multiple Remote Unauthorized Access Vulnerabilities
  • Description: Lime Wire is a file sharing utility. It is vulnerable to multiple remote unauthorized access vulnerabilities due to a failure in handling malicious requests. This can be exploited by an attacker to gain access to sensitive information. Lime Wire versions 4.8 and earlier are affected.
  • Ref: http://www.limewire.com/english/content/features_history.shtml
  • 05.11.12 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Status Bar Spoofing
  • Description: Mozilla is vulnerable to a URI spoofing weakness due to a "Save Link As.." function working with nested anchor tags in a table tag. Mozilla verions 1.7.x are vulnerable.
  • Ref: http://secunia.com/advisories/14568/
  • 05.11.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apache Tomcat Malformed Request Denial of Service
  • Description: Apache Tomcat is vulnerable to a remote denial of service issue due to improper handling of malformed requests and can be leveraged by an attacker remotely. Apache Tomcat versions 3.x are affected.
  • Ref: http://www.kb.cert.org/vuls/id/204710
  • 05.11.14 - CVE: CAN-2005-0709, CAN-2005-0710, CAN-2005-0711
  • Platform: Cross Platform
  • Title: MySQL AB Multiple Remote Vulnerabilities
  • Description: MySQL is vulnerable to multiple remote vulnerabilities. The issues include insecure temporary file creation, insufficient sanitization of input and remote arbitrary code execution. MySQL released version 4.0.24 and 4.1.10a to address these issues.
  • Ref: http://secunia.com/advisories/14547/
  • 05.11.16 - CVE: CAN-2005-0742
  • Platform: Cross Platform
  • Title: Sun Java Application Server Cross-Site Scripting
  • Description: Sun Java System Application Server is vulnerable to an unspecified cross-site scripting issue. The issue is due to a failure to sanitize user-supplied input before using it in dynamically generated web page content. Please refer to the referenced link for the versions of the software that are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1&searchclause=%22category:security%22%20%22availability,%20security%22
  • 05.11.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Antivirus Products Malformed ZIP File Scan Evasion
  • Description: Multiple antivirus products from various vendors are affected by a vulnerability that may allow potentially malformed ZIP archives to bypass detection. This issue affects H+BEDV AntiVirus, AVG Anti-Virus, Sybari Antigen for Microsoft Exchange, and products by Symantec, McAfee, and BitDefender.
  • Ref: http://www.securityfocus.com/archive/1/392974
  • 05.11.18 - CVE: CAN-2005-0746
  • Platform: Cross Platform
  • Title: Novell iChain Mini FTP Server Remote Path Disclosure
  • Description: Novell iChain is shipped with an FTP server called Mini FTP server. Novell iChain Mini FTP server is affected by a remote path disclosure due to access validation issues. Novell iChain versions 2.2, 2.3 and 2.3 Support Pack 2 are affected.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096886.htm
  • 05.11.19 - CVE: CAN-2005-0729
  • Platform: Cross Platform
  • Title: XPand Rally Remote Format String Vulnerability
  • Description: XPand Rally is a network game developed by Techland. A remote format string issue is exposed due to the failure of the application to sanitize data before calling the printing function. Techland XPand Rally versions 1.0 and 1.1 are affected.
  • Ref: http://aluigi.altervista.org/adv/xprallyfs-adv.txt
  • 05.11.20 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPOpenChat Multiple Remote File Include Vulnerabilities
  • Description: PHPOpenChat is a web chat server. Insufficient sanitization of user-supplied input exposes the application to multiple remote file include issues. PHPOpenChat version 3.0.1 and earlier are affected.
  • Ref: http://www.albanianhaxorz.org/advisory/phpopenchaten.txt
  • 05.11.21 - CVE: Not Available
  • Platform: Web Application
  • Title: ZPanel Multiple SQL Injection and File Include Vulnerabilities
  • Description: ZPanel is a hosting control interface. It is vulnerable to multiple SQL injection and file include issues due to improper sanitization of user-supplied input to the "uname" parameter of the "index.php" script and the "page" parameter of the "zpanel.php" script. ZPanel versions 2.5 beta and earlier are affected.
  • Ref: http://secunia.com/advisories/14602/
  • 05.11.22 - CVE: CAN-2005-0744
  • Platform: Web Application
  • Title: iChain Sensitive Information Disclosure
  • Description: Novell iChain is an identity-based web security application. It is vulnerable to an information disclosure issue because it does not encrypt the communications between the client and server. Novell iChain Server versions 2.2 and 2.3 SP2 and SP3 are reported to be vulnerable.
  • Ref: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096885.htm
  • 05.11.23 - CVE: Not Available
  • Platform: Web Application
  • Title: phpAdsNew AdFrame.PHP Cross-Site Scripting
  • Description: phpAdsNew is a web site banner management application. It is reported to be vulnerable to a cross-site scripting issue due to improper sanitization of user-supplied input to the "refresh" parameter of "adframe.php" script. phpAdsNew version 2.0.4 -pr1 is vulnerable.
  • Ref: http://secunia.com/advisories/14592/
  • 05.11.24 - CVE: Not Available
  • Platform: Web Application
  • Title: VoteBox Votebox.PHP Remote File Include
  • Description: VoteBox is a web-based voting system. VoteBox is affected by a remote PHP file include vulnerability. VoteBox versions 2.0 and earlier are known to be vulnerable.
  • Ref: http://www.systemsecure.org/wwwboard/messages/295.html
  • 05.11.25 - CVE: Not Available
  • Platform: Web Application
  • Title: Phorum Multiple HTML Injection Vulnerabilities
  • Description: Phorum is a content management system. Insufficient sanitization of user-supplied input exposes the application to multiple HTML injection issues. Phorum versions 5.0.14 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/393192
  • 05.11.26 - CVE: Not Available
  • Platform: Web Application
  • Title: SimpGB Guestbook.PHP SQL Injection
  • Description: SimpGB is a web-based guestbook application. SimpGB is affected by an SQL injection vulnerability. SimpGB version 1.0 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/393149
  • 05.11.27 - CVE: Not Available
  • Platform: Web Application
  • Title: Spinworks Application Server Remote Denial of Service
  • Description: Spinworks is a web-based development application. It is vulnerable to a denial of service issue when handling malformed "sid" URI parameters. Spinworks versions 3.x are known to be vulnerable.
  • Ref: http://secunia.com/advisories/14579/
  • 05.11.28 - CVE: CAN-2005-0674
  • Platform: Web Application
  • Title: paBox Post Icon HTML Injection Vulnerability
  • Description: paBox is a web-based guestbook application. It is reported to be vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input to the "value" parameter of "pabox.php" script. paBox version 2.0 is vulnerable to this issue.
  • Ref: http://secunia.com/advisories/14590/
  • 05.11.29 - CVE: Not Available
  • Platform: Web Application
  • Title: paFileDB Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: paFileDB is a web-based file management utility. It is vulnerable to multiple SQL injection and cross-site scripting issues due to improper user input sanitization and can be exploited to perform session hijacking and database modification. paFileDB versions 3.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/393022
  • 05.11.30 - CVE: Not Available
  • Platform: Web Application
  • Title: HolaCMS Voting Module Remote File Corruption
  • Description: HolaCMS is a content management system. It is vulnerable to a remote file corruption issue. The issue presents itself when a remote attacker specifies an arbitrary location using the "vote_filename" parameter. All current versions are vulnerable.
  • Ref: http://secunia.com/advisories/14566/
  • 05.11.31 - CVE: CAN-2005-0726
  • Platform: Web Application
  • Title: UBB.threads Editpost.PHP SQL Injection
  • Description: UBBCentral UBB.threads is a web forum. Insufficient sanitization of the "Number" parameter in the "editpost.php" script exposes the application to an SQL injection issue. UBB.threads version 6.0 is affectced.
  • Ref: http://www.securityfocus.com/archive/1/392951
  • 05.11.32 - CVE: CAN-2005-0274
  • Platform: Web Application
  • Title: PhotoPost PHP Pro Multiple Remote Vulnerabilities
  • Description: PhotoPost PHP Pro is a web-based image gallery application. Insufficient sanitization of user-supplied input and invalid access rights checks exposes the application to various cross-site scripting and access bypass issues. PhotoPost PHP Pro version 5.0 RC3 is affected.
  • Ref: http://www.securityfocus.com/bid/12779/info/
  • 05.11.33 - CVE: CAN-2005-0691
  • Platform: Web Application
  • Title: SocialMPN Module Arbitrary Remote PHP File Include
  • Description: SocialMPN is web portal software. It is vulnerable to a remote file include issue due to improper sanitization of user-supplied input in the module section. SocialMPN versions 1.2.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/12774
  • 05.11.34 - CVE: CAN-2005-0720
  • Platform: Web Application
  • Title: McNews Remote File Execution
  • Description: McNews is a news management script. It is vulnerable to a remote file execution issue due to a failure to sanitize user-supplied input to the "skinfile" variable of the "header.php" script. McNews versions 1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/392548
  • 05.11.35 - CVE: Not Available
  • Platform: Web Application
  • Title: Zorum Multiple Remote Vulnerabilities
  • Description: PHPOutsourcing Zorum is a web-based forum application. It is vulnerable to multiple security issues such as HTML injection, cross-site scripting, SQL injection and authentication bypass. Zorum version 3.5 is known to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/12777
  • 05.11.36 - CVE: CAN-2005-0748
  • Platform: Web Application
  • Title: WEBInsta Mailing Manager Remote File Include
  • Description: WEBInsta Mailing Manager is vulnerable to a remote file include issue. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer. WEBInsta Mailing Manager version 1.3d is affected.
  • Ref: http://www.securityfocus.com/bid/12773/
  • 05.11.37 - CVE: Not Available
  • Platform: Network Device
  • Title: Symantec Gateway Remote DNS Cache Poisoning
  • Description: Symantec Gateway Security provides firewall and intrusion detection functionality. The DNS caching server in the device is vulnerable to a DNS cache poisoning issue. The issue can be exploited by an attacker to manipulate cache data and cause a denial of service. Please refer the link provided for a list of vulnerable products and versions. Ref: http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html
  • 05.11.38 - CVE: Not Available
  • Platform: Hardware
  • Title: Xerox Document Centre ESS Remote Buffer Overflow
  • Description: Xerox Document Centre ESS is reported to be vulnerable to a remote buffer overflow vulnerability. This could be used towards a denial of service attack or remote command execution on the vulnerable system. Ref: http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheB.xerox.com/downloads/usa/en/c/CERT_Xerox_Security_XRX04-04.pdf
  • 05.11.39 - CVE: Not Available
  • Platform: Hardware
  • Title: Xerox Document Centre Remote Authentication Bypass
  • Description: The Xerox Document Centre ESS/Network Controller includes an HTTP server. It is affected by a remote authentication bypass issue due to improper validation of access credentials. Please refer to the attached link for a list of vulnerable versions.
  • Ref: http://www.xerox.com/downloads/usa/en/c/cert_XRX05_003.pdf

(c) 2005. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

To subscribe, at no cost, go to https://portal.sans.org where you may also request subscriptions to any of SANS other free newsletters. To change your subscription, address, or other information, visit http://portal.sans.org Copyright 2005. All rights reserved. No posting or reuse allowed, other that listed above, without prior written permission.

Since I am fresh out of college this was a definite eye opener. This course was very valuable in that it gives a view of most tools available for auditing networks.
-Ryan Awai, Eisner LLP

Security 760

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc