Advanced Research submitted the following announcements for July-September 2006
20 August 2006 (SARA 7.0.2b)
- Fixed another problem with https
- added netapi.sara to check for ms06-040
- Does not work too well wilth Win 2003 targets
26 July 2006 (SARA 7.0.2a)
- fixed problem http.sara calling https.sara
- fixed Oracle /fcgi-bin/echo test
- added Oracle /demo/ test
- Built coSARA 7.0.2a
13 July 2006 (SARA 7.0.2)
- Discarded use of Net::SSLeay in faver of 'openssl s_client' for https
- Corrected two bugs in relay.sara
- Fixed a problem where freetds was not cleared on a 'make distclean'
10 July 2006 (SARA 7.0.1)
- Changed look and feel a bit.
- Fixed minor configuration bugs
- Built coSARA 7.0.1
Advanced Research submitted the following announcements for January-June 2006
Advanced Research submitted the following announcements for July-December 2005
17 October 2005 (SARA 6.0.7)
- Provided a large improvement in speed for fwping discovery
- Fixed a problem with http.sara for ill behaved web servers
- Fixed a problem with pnp.sara
- Added basic test for MSDTC vulnerability (MS05-051)
- Added several improvements for coSARA.
16 August 2005 (SARA 6.0.6)
- Fixed library rsolution with openssl 0.9.8
- Fixed install for problems with linux and solaris
- Updated http.sara to reflect vulnerable apache servers
- Added test for pnp vulnerability (MS05-039)
20 July 2005 (SARA 6.0.5)
- Expanded check on PHP IAW BID 11964
- Updated samba detection for new samba TNG
- Updated SANS Top 20
- Added version test for multiple ORACLE vulnerabilities (TA05-194A)
- Updated hosttyping for both nmap and non-nmap fingerprinting
- Performed general tidying up of forms
Advanced Research submitted the following announcements for April-June 2005
Advanced Research submitted the following announcements for January-March 2005
1 March 2005 (SARA 6.0.1)
- Fixed problem in sss.pl
- Added community strings to snmp.sara
- Added test for AWStat cgi vulnerability
- Fixed critical problem with mssql.sara (sqlat)
- Working on framework for coSARA (coLinux and SARA)
- Added account checking for mysql
- Corrected minor firewall problem
Advanced Research submitted the following announcements for November-December 2004
Advanced Research submitted the following announcements for August-October 2004
21 October 2004 (SARA 5.2.0)
- encoded t2r so that McAfee would not flag it as a virus.
- fixed logic bug in oracletns.sara
- Cleaned up SSS installation and firewall support
- Changed architecture to automatically detect and probe firewalled systems.
- Updated to latest CVE (20040901)
- Updated to latest SANS Top 20 (20041008)
16 September 2004
Our beloved founder and author of SARA, Bob Todd (me), had a minor heart
attack. All appears to be well as he had great treatment from his medical
provider, Kaiser Permanente. Still, his wild life (yeah, right) must be
curtailed for a while.
Advanced Research submitted the following announcements for April-July 2004
Advanced Research submitted the following announcements for January-March 2004
Advanced Research submitted the following announcements for December 2003
15 December 2003 (SARA 5.0.0)
- Fixed compiling problem with dscan.c with MAC OS X
- Fixed false positive switching when text has a "/" (htm)
- Fixed false positive switching back to true vuln (htm)
- Fixed problem with total host color counts (xml)
- Fixed various format problems in htm.pl
- Updated http.sara5 to generate proper headers for mod_security
- Updated http.sara5 to reflect dysfunctional web servers
- Changed Analysis and Reporting screens to:
- Dislay Windows Domain (if applicable)
- Display all well known services
- Display vulnerabilities and false positives
- Change vulnerability to false positive and the reverse
- Changed ReportWriter:
- Default mode is to generate reports (-r turns it off)
- Added Windows Domain
- Added Class to vulnerability listings
- Added CVE to vulnerability listing
- Improved and updated SANS Top 20 generation
- Made reports configurable (config/xml.cf, config/htm.cf)
- Format of report.csv has been altered dramatically.
- Format of report.xml has been modified slightly
- Format of report.html has been modified.
- Changing many of the tutorials and formats
- Added SARA Overview briefing
- Status files will be tied to the database (e.g., status-mytest)
Advanced Research submitted the following announcements for November 2003
Alpha Release of SARA 5 (4.9.99) (29 Nov 03)
- Updated http.sara5 to generate proper headers for mod_security
- Updated http.sara5 to reflect dysfunctional web servers
- Changed Analysis and Reporting screens to:
- Display Windows Domain (if applicable)
- Display all well known services
- Display vulnerabilities and false positives
- Change vulnerability to false positive and the reverse
- Changed ReportWriter:
- Default mode is to generate reports (-r turns it off)
- Added Windows Domain
- Added Class to vulnerability listings
- Added CVE to vulnerability listing
- Improved and updated SANS Top 20 generation
- Made reports configurable (config/xml.cf, config/htm.cf)
- Format of report.csv has been altered dramatically.
- Format of report.xml has been modified slightly
- Format of report.html has been modified.
- Changing many of the tutorials and formats
- Added SARA Overview briefing
- Status files will be tied to the database (e.g., status-mytest)
Advanced Research submitted the following announcements for October 2003
27 October 2003 (SARA-4.2.7)
- Updated to comply with SANS-20 V4
- Continued updates to new reportwriter
- Fixed account lockout problem in smb.sara
- Added Netbios Domain to database and reports
- Added definitive test for ms-043 vulnerability
Advanced Research submitted the following announcements for September 2003
Advanced Research submitted the following announcements for August 2003
16 August 2003 (SARA-4.2.5b)
- Added definitive test for ms-rpc (non destructive)
- Alpha version of new xml/csv/htm generator
- Added subnet tags for xml output
- Minor fixes throughout
- Improved WebDAV exploit test (wd.pl)
Advanced Research submitted the following announcements for July 2003
18 July 2003 (SARA-4.2.1e)
- Tweaked NMAP processing
- Fixed race problem with t2r (samba exploit)
- Fixed problem with smb.sara and user accounts
- Fixed problem with http.sara5
- Fixed problem with standard reports and cert advisories
- Fixed race problem with perl/contrib/wd.pl
- Added port check for Microsoft RPC services (CA-2003-16)
- Added test for Microsoft backdoor (svchost)
Advanced Research submitted the following announcements for June 2003
20 June 2003 (SARA-4.2.1)
Advanced Research submitted the following announcements for May 2003
13 May 2003: Back from Sailing
Bob and Ann Todd arrived back home on 13 May 2003. They travelled
through Florida and the Exumas Bahamas. Travel logs of our trip can
be viewed at http://jule-iii.com/trips/voyage2002. With the help
of our GlobalStar satellite phone we were able to conduct our
information assuarance activities.
Advanced Research submitted the following announcements for February 2003
14 February 2003: Gone Sailing
Bob and Ann Todd have continued their Voyage 2K2 sailing trip
to the Bahamas. Check www.jule-iii.com
for details. Subscribers to the SARA list server have been informed of
methods for contacting us regarding SARA issues.
13 February 2003: (SARA-4.1.4)
- More (last?) xml fixes
- Enabled tooltalk event for Solaris 7 and 8.
- Updated open share alert to include account info
- Added CERT advisories for several vulnerabilities
- Added definitive test for MSSQL Worm (-a3 and above)
- Added pause feature through ./sara-pause file
- Changed xml and csv to include Green/Grey hosts
- Added xfs (font server) test
- Added cachefs advisory
- Added rpc.walld advisory
- Made cosmetic changes to SSS
Advanced Research submitted the following announcements for December 2002
25 December 2002: SARA 4.1.3
- Beginning rules-based facility for SARA 5.
- Added cgi test for newdsn.exe (CVE-1999-0191)
- Added tests for Microsoft IIS Executable File Parsing (CVE-2000-0886)
- Updated smb.sara to check for user enumeration (CVE-1999-0503)
- Updated smb.sara to infer registry access (CVE-1999-0562)
- Updated smb.sara to check for guessable passwords (CVE-1999-0518)
- Updated to detect vulnerable mysql services (CVE-2000-0148),
(CAN-2002-1373),(CAN-2002-1373)
- Updated dns-chk.sara to detect CAN-2002-0029
- Fixed minor bugs in xml generator
- Updated Copyright notice in COPYING
Advanced Research submitted the following announcements for Noveember 2002
5 November 2002: SARA-4.1.2
- Major changes to XML report generator
- Scheduler updated for faster scans
- sara.cf updated for faster scans
- tcpscan.sara updated for faster scans
Advanced Research submitted the following announcements for October 2002
2 October 2002
The Advanced Research Corporation (r), supporting the FBI/SANS Vulnerability
Consensus, is releasing SARA-4.1.1 which fully incorporates the new
Top 20 list and the industry consensus of relevant vulnerabilities
(as referenced by Common Vulnerabilities and Exposures (CVE) items).
This feature will be available in the SARA ReportWriter and will be
migrated into the XML report in future releases.
SARA will be available from the Advanced Research Corporation (ARC) web site
at:
http://www-arc.com/sara/downloads/sara-4.1.1.tgz
General information on SARA and the ARC can be found at:
http://www-arc.com
Advanced Research submitted the following announcements for August 2002
20 August 2002: Release of SARA 4.0.1
- Added XML format to ReportWriter
- Updated to CVE Version 20020625
- Added 'dig' support for dns checks
- Updated smb.sara to handle new rpcclient arguments
- Added test for backdoor based on bnc variant
- Added test for binshell backdoor.
- Added test for OpenSSL vulnerabilities
- Added test for OpenSSH vulnerabilities
- Added tests for PHP vulnerabilities
- Added test for Apache pre 2.0.39 (non Unix) exploit
- Fixed configure to build rpcgen correctly
- Fixed problem with tcpscan.sara
- Fixed problem with MS Terminal tutorial
- Fixed HTML error in tutorials (problem with MS Word conversion)
- Enhanced the correction facility in the ReportWriter
15 August 2002: Release of TARA 3.0.3c
First public update since late 1999. TARA has been enhanced to handle
the latest Linux, IRIX, and SunOS operating environments. In addition,
work has begun on a Mac OSX interface.
Advanced Research submitted the following announcements for June 2002.
26 June 2002 (SARA-3.6.2)
- Fixed problem with CSS tutorial that corrupted other tutorials
- Fixed AYT tutorial pointer
- Add service name to "SARA found on non-standard port"
- Fixed false positive for F-Secure ssh
- Added test for new Apache vulnerabilities
- Updated ReportWriter to support importing to OpenOffice
- Fixed false positive on YaBB Web exploit.
- Added test for OpenSSH challenge-response vulnerability
1 June 2002 (SARA-3.6.1)
- Added support for MAC OS X (IE browser only)
- Updated check for MSSQL for heap/stack overflow
- Added test for SSH Configuration Overriding Vulnerability
- Minor fixes to http.sara and tutorials
- Fixed http PUT false positives on Tom Cat servers
- Update portscanner (config/sara.cf) to find more backdoors
- Minor fix on tutorials
- Properly report a blank report in ReportWriter
Advanced Research submitted the following announcements for April 2002.
30 April 2002 (SARA-3.5.6)
- Added Exim MTA pipe command execution
- Added test for Cisco Catalyst
- Added test for Tektronix backdoor
- Added test for Yabb unauthorized access
- Added test for IIS/MSSQL and IIS/PHP vulnerabilities
- Added test for vulnerable Lotus Domino servers
- Improved test for vulnerable telnetd using AYT
- Changed -O to -x switch (hosts to be excluded)
- Added -X filename to identify file of excluded hosts
- Added warning for Cross Site Scripting(CSS) weaknesses (tutorial pending)
- Added tests for IIS multiple vulnerabilities
- Added configure for making SARA
4 April 2002 SARA-3.5.5 Released
- Upgraded to CVE Version 20020309
- Upgraded test for ms-sql server
- Updated ssh.sara for new ssh vulnerabilities
- Updated apache test for new vulnerabilities
- Added test for Netware Remote Manager vulnerability
Advanced Research submitted the following announcements for March 2002.
7 March 2002 SARA 3.5.4 Released
- Set default from SANS-20 to full reporting
- Updated ftp.sara for latest ftp issues
- Update test for bnc chat bots (extreme only)
- Fixed bug in nfs-chk.sara
- Adjusted parameters for better 'thru firewall' operation
- Developed test for rsyncd vulnerability.
- Fixed sanity checking in http.sara
- Added -R switch to enable rules/timing
Advanced Research submitted the following announcements for January 2002.
S/V Jule III has a New Home Page
S/V Jule III web site has moved to
www.Jule-III.com. Let us know
what you think!
SARA 3.5.3 Released
- Added test for uPnP.
- Upgraded test for X access control from YELLOW to RED.
- Added alpha tools for SARA Support Scan agent.
- Fixed minor problem with http.sara.
- Check for Exim (Sendmail replacement) vulnerabilities.
- Test for CDE dtspcd vulnerability.
Advanced Research submitted the following announcements for October through December 2001:
FCC License Granted.
In November, Bob Todd received his Extra Class Amateur Radio licence. He
will use this for the upcoming Voyage 2002 aboard the S/V Jule III.
SARA Releases4 December 2001 (SARA-3.5.2)
o Fixed problem with Agranat-EmWeb server falsely reporting OK in http.sara
o Test for nqt.php vulnerability (bid 3455)
o Added tests for Nimda.e evidence
o Expanded tests for SSH to address falback problems
o Included a sample plugin
o Added test for vulnerable Net Commerce servers (cve-2001-0318)
o Added test for vulnerable sgi_espd program (cve-2001-0319)
o Updated test for wu-ftpd vulnerabilities
o Updated to the latest CVE list
12 October 2001 (SARA-3.5.1)
o Fixed ReportWriter to collate tutorials properly.
o Fixed ftp.sara to not report on certain non-vulnerable servers
o Updated test for printer to not report for Windows
o Developed self scanning Web interface
o Added test for SMB Null Sessions.
o By Default, SARA will run in SANS Top 20 Mode. To change, update
config/sara.cf or use the -s off switch when starting it up.
01 October 2001 (SARA-3.5.0)
o Updated for SANS Top 20
o Updated tutorials
o Added tests for Nimda infection
Advanced Research submitted the following announcements for July-September 2001:
An Attack on our Homeland
Advanced Research extends its sorrow for the suffering of the terrorist attack
on the United States. We replaced our logo with a representation of our
flag at half staff.
Jule III has been granted commercial status
The Sailing Vessel Jule III, a German built research and business support
vessel, has been granted commercial coastwise status by the United States
Maritime Administration and the United States Coast Guard. S/V Jule III
is a primary business office for the Advanced Research Corporation.
SARA Releases
Over four SARA releases have been generated during the time period. In
addition, CIS-SARA has been released by the Center for Internet Security (CIS)
at http://www.cisecurity.org. Further, SARA is working with SANS to support
new reporting initiatives. Lastly,
we initiated the SARA Partners initiative for pre-release testing.
Advanced Research submitted the following announcements for June 2001:
27 June 2001 (SARA 3.4.6)
- Updated authoritative test for IIS ISAPI exploit
- Added authoritative test for IIS Index services exploit
- Added authoritative test for IIS FrontPage-RAD exploit
- Corrected minor bugs in http.sara
- Corrected minor bugs in configuration management
- Improved hosttype-ing of Windows 2000
12 June 2001 (SARA 3.4.5)
- Upgraded to CVE Version 20010507
- Fixed problem RED/YELLOW repeats for Vulnerable Web Server
- Downgraded cim.sara color to yellow due to difficulty in assessing all
components
- Added test for iPlanet 4.1 buffer overflow vulnerability
- Added test for Oracle Application Server buffer overflow
- Added test for PDG_Cart exploits
- Added inew tests for remote root backdoors
- Added test for the Cheese backdoor
- Added test for rpc.yppasswdd backdoors and vulnerability:
- Upgraded pop3 test for additional vulnerable QPOP servers
- Added test for ftp anonymous directory traversal
- Added test for Mailman Web exploit.
Advanced Research submitted the following announcements for May
2001:
16 May 2001 (SARA 3.4.3)
- Developed test for latest IIS Directory Traversal (15 May Announcement)
- Developed test for IIS password backdoor (15 May announcement)
- Developed reliable test for buffer overflow (IIS/WIN 2K)
- Upgraded CIM test for latest exploits
- Tweaked tcp_scan for better performance.
- Added test for bugzilla vulnerabilities
- fixed bug in rlogin.sara
- Updated Web tutorials
- Clarified reporting for "directory traversal (command execution)"
- Improved test for the IIS 5.0/Windows 2000 vulnerability
- Tightened up NAI FTP vulnerability test
- Fixed a JavaScript error
- Fixed printing error
- Generic test for NAI identified vulnerable FTP services
- Fixed false positive on http showcode
- Improved detection of command execution via directory traversal
- Downgraded many RED's to YELLOW's to minimize false alarms in the current environment
- Fixed problem with detection of duplicate ssh daemons.
- Upgraded fping to handle 'number of bytes sent' for worms.sara
- Combined worms.sara and ddosscan.sara into backdoor.sara
02 May 2001 (SARA Updates)
The last notification of the SARA Certification Class was wrong. The
correct date is 30 May 01. It is free to US Government employees.
Several new exploits and bug reports have been received since
the release of sara-3.4.1. A host fix is provided at the usual SARA
doenload site (under sara-3.4.1.tar.gz)
Hotfixes (SARA 3.4.1.d)
- Test for IIS 5.0 vulnerability under Windows 2000 (no tutorial)
- Generic test for NAI identified vulnerable FTP services (no tutorial)
- Fixed false positive on http showcode
- Improved detection of command execution via directory traversal
- Downgraded many RED's to YELLOW's to minimize false alarms in the current environment
- Fixed problem with detection of duplicate ssh daemons.
- Upgraded fping to handle 'number of bytes sent' for worms.sara
- Combined worms.sara and ddosscan.sara into backdoor.sara
Advanced Research submitted the following announcements for April
2001:
29 April 2001 (SARA Certification)
Advanced Research announced a SARA Certification class for managers
and system administrators. The first class, on May 28th, will be
offered to U.S. Government personnel in the Washington/Baltimore area.
29 April 2001 (SARA 3.4.1)
New feature include:
- Added plugin facility for proprietary testing and reporting
- Released US Government only Adore worm detector to public domain
- Improved tests for rsh, rlogin, netstat, and systat
- Upgraded sendmail tests
- Upgraded dns tests to check for zone transfers
- Added tests for doubtful rpc services
- Added test for poor pre-login banners for telnet.
- Added facility to modify SARA menu subsystem (perl/menu.pl)
- Added JavaScript to menu subsystem.
- Provided additional documentation for report correction and fact drop.
- Removed port scans that caused Oracle listener to terminate.
- Minimized Windows XX false alarms to backdoors
20 April 2001 (S/V Jule III returns)
The research vessel S/V Jule III returned from a 6 month exercise in the
evaluation of communications systems and capabilities in the western North
Atlantic region. Advanced Research will publish their findings by 1 August
2001.
Advanced Research submitted the following announcements for March
2001:
25 March 2001 (SARA 3.3.5)
SARA 3.3.5 was released in response to two significant
exploits that have been identified within the last week. The
primary one is the Lion worm, which is the result of a Linux
compromise (usually through a bind attack). The second
is the SunOS snmpXdmid exploit which can lead to a
remote root compromise.
We also enhanced our SSH detection logic to address not
only the new vulnerabilities but also its use as a backdoor.
We improved several system functions, such as telnet.sara
in response to customer requirements.
As always, SARA is free, open, and current.
11 March 2001 (Jule III)
Jule III/Advnaced Research Corporation have finished their preliminary
survey of coastal data communications options in the Mid-Atlantic ,
Southeastern Altantic, Florida Straits, Dry Tortugas, and Bahamas.
Observations were made on digital wireless, analog cellular, single
sideband (SSB)(email only), VHF digital, and Satcom. Report will be
issued in relevent trade magizines in late Fall 2001.
Advanced Research has provided the following press releases for the month
of January 2001:
31 January 2001 (SARA 3.3.4)
New features include:
- Updated to CVE Version 20010122
- Rewrote cim.sara to detect new CIM vulnerabilities
- Tests for new DNS vulnerabilities
- Fixed an induced error in reconfig
- Corrected problem and added filter to CSV reporting
- Fixed code associated with CSV
- Added tutorial for MS Terminal Server
- Still free, open, and current.
26 January 2001 (SARA 3.3.3)
New features include:
- Fixed two small format errors in ReportWriter
- Corrected some typos in tutorials
- Fixed tutorial build process
- Fixed multiple vulnerability reporting of mail relay
- Reduced RDS false positive by incorporating rfp_msadc.pl
- Added test for LPRng vulnerability
- Changed severity codes for possible false positive readings
- Added check for Interbase database backdoor
- Configured attack level 6 [custom 3] for the Ramen signature
- Added csv (comma delimited) format for the ReportWriter
- Added false reporting notation in all ReportWriter products
- Dropped writable ftp vulnerabilities on Lexmark printers
Advanced Research has provided the following press releases for the month
of October 2000:
21 October 2000 (SARA 3.2.3)
New features include:
- Added http tests for Web Shopper, Shopping Cart, PHP, and PUT
- Fixed problem with smb.sara while handling very large shares
- Adding SARA Reporter manual correction facility (see README)
- Fixed small format problem with Reporter reports generated with "-r"
- Improved tcp wrapper detection
- Improved login.sara operation
2 October 2000 (SARA 3.2.2b)
New features include:
- Corrected error in Makefile for sunos5
- Updated tutorials (http-cgi and tacacs)
- Updated to detect "wrapped" versions of ssh, telnet, ftp
- Updated testing for Subseven DDOS tool.
- Added additional "custom" attack modes
- Fixed problem in configuration management module
- Added timing options to start SARA (full date)
- Added -r option to command line to generate SARA Reporter report.
- Added a Delete option to Data Management
- Tweaked ftp.sara and tutorial for current threat
Advanced Research has provided the following press releases for the month
of September 2000:
18 September 2000 (International Maritime Security Demonstration)
Advanced Research is sponsoring a demonstration for secure maritime
communications. We will be evaluating low cost communications options
for the coastal and blue water voyagers. Demonstration will begin
on or about 1 November 2000. Comments and questions are solicited.
18 September 2000 (SARA 3.2.1)
New features include:
- Corrected problem in SARA Report filters
- corrected various Makefile problems
- Added trinity DDOS (XF Advisory 59)
- Added test for Web bulletin board (YaBB)
- Added PhotoAlbum Web vulnerability
- Added t0rn server Trojan test.
- Improved mail relay reporting
- Submitting SARA to industry evaluation
- Enhanced Report Writer for SARA/SAINT/SATAN
- Updated to maintian SANS/CVE Certification/Compliance
Advanced Research has provided the following press releases for the month
of August 2000:
31 August 2000 (SARA 3.1.8)
New features include:
- Improved tutorials for http and smb
- Added multi tasking support
- Fixed error reporting date in daemon mode.
- Fixed errors in html.pl introduced in 3.1.7
- Added test for IRIX telnetd vulnerability
- Fixed a problem importing SARA Report data into Office 2000.
- Fixed problem with get_targets (FW vs non FW)
11 August 2000 (SARA 3.1.7)
New features include:
- Fixed false positive on latest ColdFusion
- Tuned http.sara for JetDirect and other ill-reporting servers
- Tuned nfs-chk.sara for non-world access
- Reformatted some of the tutorials
- Fixed relay.sara to minimize false positives
- Made minor tweaks on smb.sara (e.g. visible shares and verbose)
- Fixed sendmail.sara to respond properly to v 8.10.x (thanks to J. McNair)
- Expanded services database to reflect new definitions
- Added test for Answerbook2 vulnerability (Sun Security Bulletin # 00196)
- Fixed problem with crashing PCDuo servers (default attack level only)
- Cleaned up configuration management routines
- Provides a qualified date/time entry in the status file.
1 August 2000 (SANS Certification)
SANS has announced that:
"This message is to let you know that SARA version 3.1.6 has achieved a
qualification level of 'certified' in the SANS/ISTS top 10 testing. This
is the highest level of certification that can be achieved. In addition,
SARA is the first product to reach this level of qualification. You
should be extremely proud of your accomplishment and we thank you for
your wonderful contribution to the security community".
Advanced Research has provided the following press releases for the month
of July 2000:
- 31 July 2000 (SARA 3.1.6)
New features include:
- Corrected smb.sara to properly target share level vs user level access
- Added options to smb.sara for standalone and tailored operation
- Added network.vbs test in smb.sara
- Fixed a problem in ftp.sara to eliminate false negatives on writable dirs
- Fixed Configuration Management GUI error.
- SARA updated for the latest perl (5.6.0) dist. (thanks to A. Pendleton)
- 21 July 2000 (SARA 3.1.5)
New features include:
- Updated IAW with SANS guidance
- Updated smb.sara to test for null logins
- Updated rules to 'catch' all smb services
- Added O'Reilly test to http.sara (BID 1487)
- Added source.asp test to http.sara (BID 1457)
- Fixed NFS/Mountd/statd anamolies (BID 1480)
- Tweaked login.sara for really slow targets
- 12 July 2000 (SARA 3.1.4)
New features include:
- Improved SMB logic for Windows 9X
- Improved processing for nfs exports for non world access
- Corrected numerous typos in tutorial links (thanks to Walt Jones)
- Fixed corrupted udpscan.sara file
- Fixed more problems with relay.sara
- Updated tutorials and FAQ.
- Updated X Server logic to reduce false positives
- Changed default start-up mode (a typo, really)
- Added Big Brother test
- 5 July 2000 (SARA 3.1.3)
New features include:
- Incorporated SANS recommended additions to Top 10 (2,7,8,10)
- Corrected typos in tutorial links (thanks to Walt Jones)
- Fixed distclean to delete all swap files
- Corrected typo in http.sara
- Test for vulnerability in wu-ftpd 2.6.0(1)
- Corrected false negative problem with relay.sara
Advanced Research has provided the following press releases for the month
of June 2000:
- 16 June 2000 (SARA 3.1.2)
New features include:
- Added switch to slow the scan to minimize impact to slower networks
- Added custom and multiple hosts on GUI (Target Mgt)
- Added test for INN 2.x.x vulnerability
- Improved JetAdmin logic in http.sara
- Improved the Custom attack level (see config/sara.cf)
- Improved printer logic in depends.sara
- Fixed ftp.sara to properly report MS FTP status
- Fixed Documents to properly display CVE
- 12 June 2000 (SARA 3.1.1)
New features include:
- Fixed FrontPage test IAW CIAC recommendations
- Changed sara.cf to avoid NCD X- terminal lock ups
- Removed DNS checking in data management mode (improves performance)
- Added more rpc program checking
- Added test for tacacs server
- Added test for Sub 7 backdoor
- Added test for JetAdmin directory traversal (thanks to Steven Lodin)
- Added test for QPOP 3.53 vulnerability.
- Added test for Cisco Catalyst Vulnerability (CVE 2000-0267)
- Added test for Suse imap server (CVE 2000-0233)
- Updated SARA's CVE Compliance Matrix to version 20000602
Advanced Research has provided the following press releases for the month
of May 2000:
- 31 May 2000 (SARA 3.1.0)
New features include:
- Included SARAPRO report writer into SARA
- Provided report writer to SATAN and SAINT users
- Added SANS-10 top vulnerability filter to report writer
- Correct tutorial problem with pcanywhere and kerberos
- Fixed man page to include the "-n" option.
- 24 May 2000 (SARA and SARAPRO 3.0.5)
New features include:
- Added depends.sara to minimize OS oriented false positives
- Fixed login.sara to minimize false positives with JetDirect
- Fixed multiple subnet scanning in firewall mode
- Mitigated lockups in SARA daemon mode
- Added new mode (vulnerabilities) to SARA Search
- Updated http.sara to minimize FrontPage vulnerabilities
- Added eight new tests to http.sara
- Added test for kerberos
- 16 May 2000 (SARA and SARAPRO 3.0.4)
New features include:
- Added a range argument to target spec (e,g, 192.168.0.11-192.168.0.223)
- Incorporated target specs in interactive mode (e.g., supernets and range)
- Added test for SunOS netpr vulnerability [work in progress](BugTraq)
- Added test for counter vulnerability (BugTraq)
- 11 May 2000 (SARA and SARAPRO 3.0.3)
New features include:
- Fixed mstream test (PONG vs pong)
- Added test for timbuktu
- Added tutorial for pcanywhere and timbuktu
- Incorporated Steve Rader's new relay.sara (many more tests)
- 1 May 2000 (SARA and SARAPRO 3.0.2)
New features include:
- Added pirahna test (password vulnerability in Linux Web server)
- Updated http.sara to reduce false alarms on non 404 servers
- Updated sara.cf to avoid answerbook2 inadvertent denial of service
- Added test for pcanywhere
- Added test for mstream DDOS agents
- Need to do tutorials for pirahna and pcanywhere
Advanced Research has provided the following press releases for the month
of April 2000:
- 25 April 2000 (SARA and SARAPRO 3.0.1)
New features include:
- Added CVE compliance matrix to documents and tutorials
- Added Search to SARA (was only in SARAPRO)
- Added sgi_pmcd vulnerability test
- Added Solaris nisd vulnerability test
- Added Compaq CIM server vulnerability test (thanks to Steve Lodin)
- Improved tutorial reporting in SARAPRO report writer
- Added numerous new cgi vulnerability tests
- Corrected bugs
- 10 April 2000 (SARAPRO 2.4.13 and SARA 2.1.13)
New features include:
- Added daemon mode of SARA! (thanks to Adam Pendleton of VGS)
- Improved SMB analysis (fewer false positives)
- Added basic Shaft DDoS detection
- Improved http.sara (fewer false positives on php and FP)
- Fixed makefile problem with IRIX and swp files (Thanks Adam P.)
- Added test for IRIX 5.x - 6.2 objectserver exploit
Advanced Research has provided the following press releases for the month
of March 2000:
- 22 March 2000 (SARAPRO 2.4.12 and SARA 2.1.12)
New features include:
- Added test for Subseven backdoor
- Fixed new CUI/GUI problem with Analysis Reporting
- Supporting older Linux releases (thanks to Sam Kline)
- Added the SARA Search capability (SARA Pro)
- 17 March 2000 (SARAPRO 2.4.11 and SARA 2.1.11)
New features include:
- Fixed CUI/GUI problem with Lynx and Netscape 4.72
- Fixed problem with multiple reports with SNMP
- Updated hosttyping database
- Still adding SARA Search capability
- 12 March 2000 (SARAPRO-2.4.10) and SARA 2.1.10)
New features inlcude:
- Added yet more http vulernability testing incl infosrch
- Fixed Netscape buffer overflow detection
- Fixed some of the GUI interfaces
- Adding SARA Search capability
- Added Napster detection
- 03 March 2000 (SARAPRO 2.4.9 and SARA 2.1.9)
New feaures include:
- Added test for the sgi_fam buffer overflow vulnerability
- Added the trojan_trinoo DDOS test
- Fixed false alarms from Web cache manager
- Updated snmp reporting
- Added support for hpux 11.x (thanks to Andrew Mossberg)
Advanced Research has provided the following press releases for the month
of February 2000:
- 28 February 2000 (SARAPRO 2.4.8a and SARA 2.1.8a)
Advanced Research released an upgrade to SARA 2.x.8 which includes
the distributed denial of service (DDOS) test for the Windows-based
trinoo, trojan_trinoo.
- 25 February 2000
Advanced Research Corporation ® is pleased to announce the
addition of Roadrunner (www.rr.com) to
our family of licensees of SARA Pro.
- 23 February 2000 (SARAPRO 2.4.8 and SARA 2.1.8)
New features include:
- Added Corporate template insertion into SARA Pro reports.
- Added timing/delay command line option.
- Administrative release. Credit given where credit due.
- Corrected minor bugs on the SARA menu.
- 15 February 2000: SARA 2.1.7 and SARA Pro 2.4.7 released.
New features for SARA nad SARA Pro are:
- Added Dave Dittrich's Distributed DOS test
- fixed typo in http.sara and sample.sara.ext
- Added a new tutorial for possible wuftpd vulnerability
- Added Linux include/ansi to update the old rpc libraries
- Added Linux include/netinet to make available older net files
- Added trusted-sunos5 make option (thanks to Ward Ponn)
- 1 February 2000: SARA 2.1.6 and SARA Pro 2.4.6 released.
New features for SARA and SARA Pro are:
- Tweaked the documentation
- Fixed problem with mimetyping
- Documented fact that doesn't work with Lynx 2.8
- Added SARA extensions to SARA (offered in SARA Pro 2.4.1)
Advanced Research has provided the following press releases for the month
of January 2000:
- 23 January 2000: SARA 2.1.5 and SARA Pro 2.4.5 released.
New features for SARA and SARA Pro are:
- Fixed false alarms in webdist and handler cgi exploits
- Added more distributed denial of service exploit detection
- Developed bar chart generation in report writer (SARA Pro)
- Corrected minor errors in the analysis section
- Corrected problem with login.sara
- Corrected minor problem with http.sara
- 13 January 2000: A member of the family has passed away.
The inspiration for the Advanced Research Corporation and our work
ethic has passed away. Our thoughts will always be with Walter E.
Todd, W4JXI.
- 01 January 2000: SARA 2.1.4 and SARA Pro 2.4.4 released.
New features for SARA are:
- Fixed trailing blank problem in -F filename
- Fixed bug in firewall enabling logic
Advanced Research has provided the following press releases for the
month of December 1999:
- 15 December 1999: SARA 2.1.3 and SARA Pro 2.4.3 released.
New features for SARA are:
- Added test for trinoo
- Added test for sadmind exploit
- Added test for Hack a Tack
- Corrected pop3 to find obscure Qualcomm configurations
- Added a post analysis filter, ammends (SARA-Pro only)
- 8 December 1999: SARA out scans its peers
During the month of November, SARA has scanned more than 120,000
documented host computers on our customers' networks. We believe
that this far exceeeds the statistics of our fellow "freeware"
providers.
- 8 December 1999: SARA 2.1.2 and SARA Pro 2.4.2 released.
New features for SARA
include
- Added "-F hostfile" to scan a list of hosts (not subnets)
- Added custom attack level (level=4)
- Added submask control for subnet scanning (command line only)
- Added test for DRAT backdoor test
- Added test for /tmp/bob exploit (ingreslock and pcserver)
- Added test for vulnerable DNS Servers (NXT records)
- Added many CGI vulnerability tests
- Made NMAP non-default (problems with most OSs)
- Corrected minor problems in configuration builds and dual reporting.
- 1 December 1999: SARA and RockLinux
SARA became a standard component of the
RockLinux distribution.
RockLinux/SARA will be present at the Chaos Communications Congress
in Berlin (99-12-27 through 99-12-29).
Advanced Research has provided the following press releases for the
month of November 1999:
- 30 November 1999: SARA Pro 2.4.1
SARA Pro has the following enhancements:
- Added "-F hostfile" to scan a list of hosts (not subnets)
- Added custom attack level (level=4)
- Added submask control for subnet scanning (command line only)
- Added test for /tmp/bob exploit (ingreslock and pcserver)
- Added test for vulnerable DNS Servers (NXT records)
- Added many CGI vulnerability tests
- Added subnet mask to command line arguments (/16 through /32)
- Made NMAP non-default (problems with most OSs)
- 8 November 1999: SARA Pro 2.2.10 SARA 2.0.10
SARA and SARA Pro have added the following enhancements:
- Upgraded tooltalk and calendar manager to RED
- Corrected problem in login.sara
- Corrected problem in relay.sara
- Updated sendmail.sara for Ver 8.9.1 vulnerability
- Updated ftp.sara to trap the wu-ftpd 2.5.0 vulnerability
- Upgraded build environment for Linux (still needs work)
Advanced Research has provided the following press releases for the
month of September 1999:
- 24 September 1999: S/V Jule III Update
The SV Jule III is sad to report the loss of BM 1 Alfred L. Todd
to prostate cancer. BM 1 Todd was a member of the crew since
September 1995. He is sorely missed!
- 20 September 1999: SARA Pro 2.2.9
SARA Pro has added the following enhancements:
- Upgraded tooltalk and calendar manager to RED
- Corrected problem in login.sara
- Corrected problem in relay.sara
- Updated sendmail.sara for Ver 8.9.1 vulnerability
- Updated ftp.sara to trap the wu-ftpd 2.5.0 vulnerability
- 15 September 1999: Validation of Integrated Data Suite (IDS)
The S/V Jule III (chartered Advanced Research research vessel) performed a
week long sea trial of the IDS. The IDS provides a single entry, secure
communications and navigation facility for small passenger vessels. Secure
electronic mail, database updates, and command and control are provided
over VHF, SSB, and wireless telephony.
Advanced Research has provided the following press releases for the
month of August 1999:
- 4 August 1999: SARA 2.0.8
Advanced Research added several new tutorials to SARA as well as
as detection of a possible vulnerability in the calendar manager
(rpc.cmsd).
- 3 August 1999: Windows NT Security Checklist
Advanced Research developed a security checklist for Windows NT systems
which is available to IIM members.
Advanced Research has provided the following press releases for the
month of July 1999:
- 31 July 199: Upgrade to the Jule III
Advanced Research has upgraded the communications, environmental,
and electrical system of Jule III. The Jule III will deploy to the lower
Chesapeake Bay in early Winter to evaluate the impacts of the Mid
Atlantic drought to the lower Bay ecosystem.
- 24 July 1999: Interview with the New York Times
Advanced Research was contacted by the New York Times to discuss the
Company's work in uncovering the Calendar Manager security exploit.
Details of the interview are documented in the
26 July Edition of the New York Times
- 8 July 1999: SARA-PRO 2.2.8
Advanced Research added several new tutorials to SARA-PRO as well as
as detection of a possible vulnerabilitity in the calendar manager
(rpc.cmsd). The changes will be added to SARA shortly.
Advanced Research has provided the following press releases for the
month of June 1999:
- 5 June 1999: Integrated Incident Management
Advanced Research's Integrated Incident Management (IIM) is now available
to our clients. IIM subscribers will benefit from Advanced Research's
new product lines which include SARA-PRO and TARA-PRO. Contact
Advanced Research has provided the following press releases for the
month of May 1999:
- 30 May 1999: Release of TARA 2.2.6
TARA system security scanner now has an optional HTML output generator.
This feature produces easy to read hypertext listings of TARA output.
Also, several features dealing with IRIX 6.x have been fixed including
NFS exports. Lastly, a new TARA module tests for remote root login
permissions.
- 30 May 1999: Release of SARA 2.0.6
The following additions/corrections have been incoporated into the
latest version:
- Fixed NMAP and SAMBA detection
- Fixed GREEN FTP when there re vulnerabilities
- Fixed false alarm on relay.sara for certain Sun systems
- 20 May 1999: Release of TARA 2.2.5
The Tiger Analytical Research Assistant (TARA) is a security system
scanner that is an upgrade to the Tiger package developed by Texas
A&M University in 1993. TARA has been upgraded to support the current
operating systems from SMI, SGI, and Linux. Cosmetic changes and minor
bug fixes have been incorporated. See the
Security page for download sight.
- 19 May 1999: Release of SARA 2.0.5
- Compiles under Red Hat 6.0
- Yet another fix on login.sara
- 18 May 1999: Release of SARA 2.0.4
The following enhancements have been added to SARA:
- Added ftp bounce test
- Addedd mail relay test
- Improved login.sara
- Improved timeouts for various tests
- improved http.sara tests
- 6 May 1999: Release of SARA 2.0.3
Based on hacker activity, Advanced Research has upgraded SARA
to address FrontPage, IIS, and ColdFusion vulnerabilities. In
addition, false alarms with WU-ftpd servers have been reduced.
Tutorials have been upgraded. Download can be found at the
SARA home page.
- 5 May 1999: Beta Release of TARA 2.2.4
Advanced Research has released the initial Tiger Analytical Research
Assistant (TARA), system security scanner for UN*X platforms. TARA
is an update of the popular Tiger program developed by Texas A&M
University (TAMU). Organizations inteested in participating in
the TARA beta test should contact
- 5 May 1999: Public Release of SARA 2.0.2
Advanced Research has released the first public release of the Security
Auditor's Research Assistant (SARA). SARA is a third generation network
security scanner based on the popular Security Administrator's Tool for
Analyzing Networks (SATAN). Information and dowload information can be
found at http://www-arc.com/sara
Advanced Research has provided the following press releases for the
month of April 1999:
- 11 Apr 99: Final Beta Release of SARA 2.0.1
Advanced Research has released the final Beta release of
SARA 2.0.1 to our Beta community. General release should be not later
than 22 April.
- 2 Apr 99: Beta Release of SARA 2.0.01
Advanced Research is offering SARA 2.0.01 to selected Beta test facilities.
SARA was tested successfully on over 2,000 hosts (Unix, Microsoft, Routers,
etc.) during the limited release testing. This beta testing will insure
the best possible product for general release on 1 May 99.
Advanced Research has provided the following press releases for the
month of March 1999:
- 7 Mar 99: Limited Release of SARA 2.0.0(B)
Advanced Research released to selected Government facilities the
Security Auditor's Research Assistant (SARA) security assessment tool.
SARA is a third generation tool based on the SATAN and SAINT tools.
SARA provides a liberal license for use in both no-commercial and
commercial applications. SARA will be available to the public on 2 April 99.
- 5 Mar 99: Bob Todd Joins Advanced Research Corporation
Advanced Research is pleased to announce the appointment of Bob Todd as
the head of the Information Technology Systems and Security Engineering activity.
Bob is no stranger to Advanced Research. He was the founder and chief scientist
of Advanced Research from 1984 to 1995 when he left the company to pursue other
goals. Bob is the developer of both the Security Administrator's Integrated
Network Tool (SAINT) and the Security Auditor's Research Assistant (SARA). He has been
a major contributor in major transportation safety systems including TCAS and the
406 MHz EPIRB.
- 1 Mar 99: Ann Todd becomes a USCG Master
Ann becomes the latest member of the Maritime Operations and Services (MOS) to
obtain the United States Coast Guard "License of US Merchant Marine Officer".
Ann Todd is the Chief Executive Officer of the Advanced Research Corporation.
Her USCG license will enable her to participate more fully in the MOS
activity.