Corporation

Products

Services

Research

Community

S/V Jule III

Intranet

Home


What's New

Contact Us

Credits

What's New

Advanced Research submitted the following announcements for July-September 2006

    20 August 2006 (SARA 7.0.2b)
    • Fixed another problem with https
    • added netapi.sara to check for ms06-040
    • Does not work too well wilth Win 2003 targets

    26 July 2006 (SARA 7.0.2a)
    • fixed problem http.sara calling https.sara
    • fixed Oracle /fcgi-bin/echo test
    • added Oracle /demo/ test
    • Built coSARA 7.0.2a

    13 July 2006 (SARA 7.0.2)
    • Discarded use of Net::SSLeay in faver of 'openssl s_client' for https
    • Corrected two bugs in relay.sara
    • Fixed a problem where freetds was not cleared on a 'make distclean'

    10 July 2006 (SARA 7.0.1)
    • Changed look and feel a bit.
    • Fixed minor configuration bugs
    • Built coSARA 7.0.1

Advanced Research submitted the following announcements for January-June 2006

    21 June 2006 (SARA 7.0.0 (beta)
    • Added National Vulnerability Database (NVD) functionality
    • Re-vamped CVE processing and idenification
    • Updated many of the version testing modules
    • Dropped tests that have high false positive rates
    • Dropped custom tutorials in favor of NVD reporting
    • Completed rules based testing modules
    • Updated to support secure http (https) tests

    1 March 2006 (SARA 6.0.7f)

    • Changed firewall testing ports to include mysql
    • Fixed depends.sara to minimize JetDirect false positives
    • Added workaround for MS ICS (coSARA) false reporting of ftp services
    • Fixed a bug in ftp.sara (improperly reporting severity for 'no anon')
    • Updated reconfig to always put proper perl version on bin files.
    • Defined workarounds for Solaris and Samba builds (README.SMB).
    • Added dont_smb_guess to sara.cf to inhibit full account/pwd guessing
    • Added a more definitve hosttype guesser for Windows platforms
    • Corrected libdl problem with sssh build

Advanced Research submitted the following announcements for July-December 2005

    17 October 2005 (SARA 6.0.7)
    • Provided a large improvement in speed for fwping discovery
    • Fixed a problem with http.sara for ill behaved web servers
    • Fixed a problem with pnp.sara
    • Added basic test for MSDTC vulnerability (MS05-051)
    • Added several improvements for coSARA.

    16 August 2005 (SARA 6.0.6)

    • Fixed library rsolution with openssl 0.9.8
    • Fixed install for problems with linux and solaris
    • Updated http.sara to reflect vulnerable apache servers
    • Added test for pnp vulnerability (MS05-039)

    20 July 2005 (SARA 6.0.5)

    • Expanded check on PHP IAW BID 11964
    • Updated samba detection for new samba TNG
    • Updated SANS Top 20
    • Added version test for multiple ORACLE vulnerabilities (TA05-194A)
    • Updated hosttyping for both nmap and non-nmap fingerprinting
    • Performed general tidying up of forms

Advanced Research submitted the following announcements for April-June 2005

    19 May 2005 (SARA 6.0.4)

    • Fixed to build under 64 bit SUSE
    • Fixed bug in generating SANS Top 20 report.
    • Fixed problem with oracletns.sara detecting open passwords.
    • Fixed problem with sss.pl in reporting proper fields.
    • Fixed problem with make install (html directory not being loaded)

    21 April 2005 (SARA 6.0.3)

    • Expanded oracle coverage to ports 1521-1529.
    • Tweaked timing parameters for better performance.
    • Added ability to change ports that fwping uses.
    • Fixed problems in 'make install'

Advanced Research submitted the following announcements for January-March 2005

    1 March 2005 (SARA 6.0.1)
    • Fixed problem in sss.pl
    • Added community strings to snmp.sara
    • Added test for AWStat cgi vulnerability
    • Fixed critical problem with mssql.sara (sqlat)
    • Working on framework for coSARA (coLinux and SARA)
    • Added account checking for mysql
    • Corrected minor firewall problem

Advanced Research submitted the following announcements for November-December 2004

    9 December 2004 (SARA 5.4.0)
    • Added Oracle Application Server tests
    • Added Oracle version number testing
    • Mitigated false positives in rdesktop
    • Adjusted timing in config/sara.cf to handle slow SARA machines
    • Added additional test for mssql buffer overflow tests

    15 November 2004 (SARA 5.3.0)

    • corrected problem of scanning local machine when specifying external IP.
    • fixed fp.c to compile correctly under freeBSD.
    • tweaked ssh.sara to handle -v and %HOST argument
    • fixed README for sss to include a copy of fping.
    • added optional rdesktop support for offline testing

Advanced Research submitted the following announcements for August-October 2004

    21 October 2004 (SARA 5.2.0)
    • encoded t2r so that McAfee would not flag it as a virus.
    • fixed logic bug in oracletns.sara
    • Cleaned up SSS installation and firewall support
    • Changed architecture to automatically detect and probe firewalled systems.
    • Updated to latest CVE (20040901)
    • Updated to latest SANS Top 20 (20041008)

    16 September 2004
      Our beloved founder and author of SARA, Bob Todd (me), had a minor heart attack. All appears to be well as he had great treatment from his medical provider, Kaiser Permanente. Still, his wild life (yeah, right) must be curtailed for a while.

Advanced Research submitted the following announcements for April-July 2004

    14 July 2004 (SARA 5.1.0)
    • Adding ssh, imap, pop3 login tests
    • Added additional tests for mysql
    • Fixed code flaw in ftp_scan.c
    • Improved performance of smb.sara

    14 June 2004 (SARA 5.0.6)

    • Added a Oracle component (issues in the past prevented testing on port 1521)
    • Updated test for unpatched MSSQL 2000 servers (Cert CA-2002-22)
    • Corrected problem with -F option and reportwriter
    • Added test for lsaenumsids in smb.sara (yield user names under null sessions)
    • Tweaked test for TNG in reconfig

    17 May 2004 (SARA 5.0.5)

    • Corrected problem with http.sara5
    • Increased scanning time-outs for slow customer networks
    • Corrected version number

    2 May 2004 (SARA 5.0.4)

    • Updated snmp to increase communities and improve OS fingerprinting
    • Added test for LSASS vulnerability (CAN-2003-0533)

Advanced Research submitted the following announcements for January-March 2004

    25 March 2004 (SARA 5.0.3)
    • Fixed minor formatting problems in xml.pl
    • Added test for jetdirect null password (telnet)
    • Testing posibility of APC default password
    • Testing for Polycom password disclosure
    • Added new typing to hosttypes (Enterasys, Polycom, Delmonte)
    • Fixed problem with getfqdn.pl on dumping hosts (with dns misconfiguration).
    • Added definitive test for MSSQL SA open password

    19 February (SARA 5.0.2)

    • added encoding/decoding feature to stop virus checkers from incorrecly labelling msadc.pl as virus.
    • Added basic test for MyDoom worm backdoor
    • Fixed sss.pl (changed sense of -r)
    • Fixed Green/Gray summary problem when all services were green
    • Inproved domain login support for smb.sara

    15 January 2004 (SARA 5.0.1)

    • Added additional security to html.pl
    • Clarified that there is no 'make install'
    • Fixed dscan.c to eliminate the '//' comment (problem with some cc's)
    • Again builds under MAC OS/X
    • Added rules/drop for EPSON printers for writable directories
    • Tweaked htm.cf for appendix references
    • Fixed telnet.sara to further reduce false positives
    • Updated ssl test to address SSL vulnerabilites below 0.9.6j and 7c.
    • Added stealth standalone password guesser (smb-sspg.sara)
    • Cleaned up CVE lookup.

Advanced Research submitted the following announcements for December 2003

    15 December 2003 (SARA 5.0.0)
    • Fixed compiling problem with dscan.c with MAC OS X
    • Fixed false positive switching when text has a "/" (htm)
    • Fixed false positive switching back to true vuln (htm)
    • Fixed problem with total host color counts (xml)
    • Fixed various format problems in htm.pl
    • Updated http.sara5 to generate proper headers for mod_security
    • Updated http.sara5 to reflect dysfunctional web servers
    • Changed Analysis and Reporting screens to:
      1. Dislay Windows Domain (if applicable)
      2. Display all well known services
      3. Display vulnerabilities and false positives
      4. Change vulnerability to false positive and the reverse
    • Changed ReportWriter:
      1. Default mode is to generate reports (-r turns it off)
      2. Added Windows Domain
      3. Added Class to vulnerability listings
      4. Added CVE to vulnerability listing
      5. Improved and updated SANS Top 20 generation
      6. Made reports configurable (config/xml.cf, config/htm.cf)
      7. Format of report.csv has been altered dramatically.
      8. Format of report.xml has been modified slightly
      9. Format of report.html has been modified.
    • Changing many of the tutorials and formats
    • Added SARA Overview briefing
    • Status files will be tied to the database (e.g., status-mytest)

Advanced Research submitted the following announcements for November 2003

    Alpha Release of SARA 5 (4.9.99) (29 Nov 03)
    • Updated http.sara5 to generate proper headers for mod_security
    • Updated http.sara5 to reflect dysfunctional web servers
    • Changed Analysis and Reporting screens to:
      1. Display Windows Domain (if applicable)
      2. Display all well known services
      3. Display vulnerabilities and false positives
      4. Change vulnerability to false positive and the reverse
    • Changed ReportWriter:
      1. Default mode is to generate reports (-r turns it off)
      2. Added Windows Domain
      3. Added Class to vulnerability listings
      4. Added CVE to vulnerability listing
      5. Improved and updated SANS Top 20 generation
      6. Made reports configurable (config/xml.cf, config/htm.cf)
      7. Format of report.csv has been altered dramatically.
      8. Format of report.xml has been modified slightly
      9. Format of report.html has been modified.
    • Changing many of the tutorials and formats
    • Added SARA Overview briefing
    • Status files will be tied to the database (e.g., status-mytest)

Advanced Research submitted the following announcements for October 2003

    27 October 2003 (SARA-4.2.7)
    • Updated to comply with SANS-20 V4
    • Continued updates to new reportwriter
    • Fixed account lockout problem in smb.sara
    • Added Netbios Domain to database and reports
    • Added definitive test for ms-043 vulnerability

Advanced Research submitted the following announcements for September 2003

    29 September 2003 (SARA-4.2.6)
    • Upgraded ssh.sara to check version IAW CA-2003-24
    • Upgraded sendmail.sara to check version IAW CA-2003-25
    • Upgraded http.sara5 to check Apache version IAW with TBD CA

    12 September 2003 (SARA-4.2.5c)

    • updated dscan to handle ms 039 vulnerability and patch

Advanced Research submitted the following announcements for August 2003

    16 August 2003 (SARA-4.2.5b)
    • Added definitive test for ms-rpc (non destructive)
    • Alpha version of new xml/csv/htm generator
    • Added subnet tags for xml output
    • Minor fixes throughout
    • Improved WebDAV exploit test (wd.pl)

    Advanced Research submitted the following announcements for July 2003

    18 July 2003 (SARA-4.2.1e)

    • Tweaked NMAP processing
    • Fixed race problem with t2r (samba exploit)
    • Fixed problem with smb.sara and user accounts
    • Fixed problem with http.sara5
    • Fixed problem with standard reports and cert advisories
    • Fixed race problem with perl/contrib/wd.pl
    • Added port check for Microsoft RPC services (CA-2003-16)
    • Added test for Microsoft backdoor (svchost)

    Advanced Research submitted the following announcements for June 2003

    20 June 2003 (SARA-4.2.1)

    • Updated to CVE Version 20030402
    • Fixed problem with walld in rules/facts
    • Added version test for sendmail vulnerability (many false positives)
    • Downgraded Netware Remote Manager to a Brown
    • Provided 50 % speed enhancement to bin/depends.sara
    • Provided a 30 % speed enhancement to smb.sara
    • Integrated samba-tng for improved registry and null session enumeration (*)
    • Added password guessing and user enumeration to smb.sara (*).
    • Added registry.sara to evaluate software version and correctness (*)
    • Corrected problem with ssh.sara
    • Added definitive test for vulnerable x86 Samba servers
    • Added definitive test for vulnerable IIS/WebDav servers
    • Added test for vulnerable Sun One servers [CVE-2002-0846]
    • Added md5 integrity check for distribution

      (*) Be sure to read the README.SMB


    Advanced Research submitted the following announcements for May 2003

    13 May 2003: Back from Sailing

      Bob and Ann Todd arrived back home on 13 May 2003. They travelled through Florida and the Exumas Bahamas. Travel logs of our trip can be viewed at http://jule-iii.com/trips/voyage2002. With the help of our GlobalStar satellite phone we were able to conduct our information assuarance activities.


    Advanced Research submitted the following announcements for February 2003

    14 February 2003: Gone Sailing

      Bob and Ann Todd have continued their Voyage 2K2 sailing trip to the Bahamas. Check www.jule-iii.com for details. Subscribers to the SARA list server have been informed of methods for contacting us regarding SARA issues.
    13 February 2003: (SARA-4.1.4)

    • More (last?) xml fixes
    • Enabled tooltalk event for Solaris 7 and 8.
    • Updated open share alert to include account info
    • Added CERT advisories for several vulnerabilities
    • Added definitive test for MSSQL Worm (-a3 and above)
    • Added pause feature through ./sara-pause file
    • Changed xml and csv to include Green/Grey hosts
    • Added xfs (font server) test
    • Added cachefs advisory
    • Added rpc.walld advisory
    • Made cosmetic changes to SSS


    Advanced Research submitted the following announcements for December 2002

    25 December 2002: SARA 4.1.3

    • Beginning rules-based facility for SARA 5.
    • Added cgi test for newdsn.exe (CVE-1999-0191)
    • Added tests for Microsoft IIS Executable File Parsing (CVE-2000-0886)
    • Updated smb.sara to check for user enumeration (CVE-1999-0503)
    • Updated smb.sara to infer registry access (CVE-1999-0562)
    • Updated smb.sara to check for guessable passwords (CVE-1999-0518)
    • Updated to detect vulnerable mysql services (CVE-2000-0148), (CAN-2002-1373),(CAN-2002-1373)
    • Updated dns-chk.sara to detect CAN-2002-0029
    • Fixed minor bugs in xml generator
    • Updated Copyright notice in COPYING


    Advanced Research submitted the following announcements for Noveember 2002

    5 November 2002: SARA-4.1.2

    • Major changes to XML report generator
    • Scheduler updated for faster scans
    • sara.cf updated for faster scans
    • tcpscan.sara updated for faster scans


    Advanced Research submitted the following announcements for October 2002

    2 October 2002

    The Advanced Research Corporation (r), supporting the FBI/SANS Vulnerability Consensus, is releasing SARA-4.1.1 which fully incorporates the new Top 20 list and the industry consensus of relevant vulnerabilities (as referenced by Common Vulnerabilities and Exposures (CVE) items). This feature will be available in the SARA ReportWriter and will be migrated into the XML report in future releases.

    SARA will be available from the Advanced Research Corporation (ARC) web site at:

    http://www-arc.com/sara/downloads/sara-4.1.1.tgz

    General information on SARA and the ARC can be found at:

    http://www-arc.com


Advanced Research submitted the following announcements for August 2002

20 August 2002: Release of SARA 4.0.1

  • Added XML format to ReportWriter
  • Updated to CVE Version 20020625
  • Added 'dig' support for dns checks
  • Updated smb.sara to handle new rpcclient arguments
  • Added test for backdoor based on bnc variant
  • Added test for binshell backdoor.
  • Added test for OpenSSL vulnerabilities
  • Added test for OpenSSH vulnerabilities
  • Added tests for PHP vulnerabilities
  • Added test for Apache pre 2.0.39 (non Unix) exploit
  • Fixed configure to build rpcgen correctly
  • Fixed problem with tcpscan.sara
  • Fixed problem with MS Terminal tutorial
  • Fixed HTML error in tutorials (problem with MS Word conversion)
  • Enhanced the correction facility in the ReportWriter

15 August 2002: Release of TARA 3.0.3c

    First public update since late 1999. TARA has been enhanced to handle the latest Linux, IRIX, and SunOS operating environments. In addition, work has begun on a Mac OSX interface.

Advanced Research submitted the following announcements for June 2002.

26 June 2002 (SARA-3.6.2)

  • Fixed problem with CSS tutorial that corrupted other tutorials
  • Fixed AYT tutorial pointer
  • Add service name to "SARA found on non-standard port"
  • Fixed false positive for F-Secure ssh
  • Added test for new Apache vulnerabilities
  • Updated ReportWriter to support importing to OpenOffice
  • Fixed false positive on YaBB Web exploit.
  • Added test for OpenSSH challenge-response vulnerability

1 June 2002 (SARA-3.6.1)

  • Added support for MAC OS X (IE browser only)
  • Updated check for MSSQL for heap/stack overflow
  • Added test for SSH Configuration Overriding Vulnerability
  • Minor fixes to http.sara and tutorials
  • Fixed http PUT false positives on Tom Cat servers
  • Update portscanner (config/sara.cf) to find more backdoors
  • Minor fix on tutorials
  • Properly report a blank report in ReportWriter

Advanced Research submitted the following announcements for April 2002.

30 April 2002 (SARA-3.5.6)

  • Added Exim MTA pipe command execution
  • Added test for Cisco Catalyst
  • Added test for Tektronix backdoor
  • Added test for Yabb unauthorized access
  • Added test for IIS/MSSQL and IIS/PHP vulnerabilities
  • Added test for vulnerable Lotus Domino servers
  • Improved test for vulnerable telnetd using AYT
  • Changed -O to -x switch (hosts to be excluded)
  • Added -X filename to identify file of excluded hosts
  • Added warning for Cross Site Scripting(CSS) weaknesses (tutorial pending)
  • Added tests for IIS multiple vulnerabilities
  • Added configure for making SARA

4 April 2002 SARA-3.5.5 Released

  • Upgraded to CVE Version 20020309
  • Upgraded test for ms-sql server
  • Updated ssh.sara for new ssh vulnerabilities
  • Updated apache test for new vulnerabilities
  • Added test for Netware Remote Manager vulnerability

Advanced Research submitted the following announcements for March 2002.

7 March 2002 SARA 3.5.4 Released

  • Set default from SANS-20 to full reporting
  • Updated ftp.sara for latest ftp issues
  • Update test for bnc chat bots (extreme only)
  • Fixed bug in nfs-chk.sara
  • Adjusted parameters for better 'thru firewall' operation
  • Developed test for rsyncd vulnerability.
  • Fixed sanity checking in http.sara
  • Added -R switch to enable rules/timing

Advanced Research submitted the following announcements for January 2002.

S/V Jule III has a New Home Page

    S/V Jule III web site has moved to www.Jule-III.com. Let us know what you think!

SARA 3.5.3 Released

  • Added test for uPnP.
  • Upgraded test for X access control from YELLOW to RED.
  • Added alpha tools for SARA Support Scan agent.
  • Fixed minor problem with http.sara.
  • Check for Exim (Sendmail replacement) vulnerabilities.
  • Test for CDE dtspcd vulnerability.

Advanced Research submitted the following announcements for October through December 2001:

FCC License Granted.

    In November, Bob Todd received his Extra Class Amateur Radio licence. He will use this for the upcoming Voyage 2002 aboard the S/V Jule III.

SARA Releases
    4 December 2001 (SARA-3.5.2)
       o Fixed problem with Agranat-EmWeb server falsely reporting OK in http.sara
       o Test for nqt.php vulnerability (bid 3455)
       o Added tests for Nimda.e evidence
       o Expanded tests for SSH to address falback problems
       o Included a sample plugin
       o Added test for vulnerable Net Commerce servers (cve-2001-0318)
       o Added test for vulnerable sgi_espd program (cve-2001-0319)
       o Updated test for wu-ftpd vulnerabilities
       o Updated to the latest CVE list
    
    
    12 October 2001 (SARA-3.5.1)
       o Fixed ReportWriter to collate tutorials properly.
       o Fixed ftp.sara to not report on certain non-vulnerable servers
       o Updated test for printer to not report for Windows
       o Developed self scanning Web interface
       o Added test for SMB Null Sessions.
       o By Default, SARA will run in SANS Top 20 Mode.  To change, update
         config/sara.cf or use the -s off switch when starting it up.
    
    01 October 2001 (SARA-3.5.0)
       o Updated for SANS Top 20
       o Updated tutorials
       o Added tests for Nimda infection
    

Advanced Research submitted the following announcements for July-September 2001:

An Attack on our Homeland

    Advanced Research extends its sorrow for the suffering of the terrorist attack on the United States. We replaced our logo with a representation of our flag at half staff.

Jule III has been granted commercial status

    The Sailing Vessel Jule III, a German built research and business support vessel, has been granted commercial coastwise status by the United States Maritime Administration and the United States Coast Guard. S/V Jule III is a primary business office for the Advanced Research Corporation.

SARA Releases
    Over four SARA releases have been generated during the time period. In addition, CIS-SARA has been released by the Center for Internet Security (CIS) at http://www.cisecurity.org. Further, SARA is working with SANS to support new reporting initiatives. Lastly, we initiated the SARA Partners initiative for pre-release testing.

Advanced Research submitted the following announcements for June 2001:

27 June 2001 (SARA 3.4.6)

  • Updated authoritative test for IIS ISAPI exploit
  • Added authoritative test for IIS Index services exploit
  • Added authoritative test for IIS FrontPage-RAD exploit
  • Corrected minor bugs in http.sara
  • Corrected minor bugs in configuration management
  • Improved hosttype-ing of Windows 2000

12 June 2001 (SARA 3.4.5)
  • Upgraded to CVE Version 20010507
  • Fixed problem RED/YELLOW repeats for Vulnerable Web Server
  • Downgraded cim.sara color to yellow due to difficulty in assessing all components
  • Added test for iPlanet 4.1 buffer overflow vulnerability
  • Added test for Oracle Application Server buffer overflow
  • Added test for PDG_Cart exploits
  • Added inew tests for remote root backdoors
  • Added test for the Cheese backdoor
  • Added test for rpc.yppasswdd backdoors and vulnerability:
  • Upgraded pop3 test for additional vulnerable QPOP servers
  • Added test for ftp anonymous directory traversal
  • Added test for Mailman Web exploit.

Advanced Research submitted the following announcements for May 2001:

  • 16 May 2001 (SARA 3.4.3)
    • Developed test for latest IIS Directory Traversal (15 May Announcement)
    • Developed test for IIS password backdoor (15 May announcement)
    • Developed reliable test for buffer overflow (IIS/WIN 2K)
    • Upgraded CIM test for latest exploits
    • Tweaked tcp_scan for better performance.
    • Added test for bugzilla vulnerabilities
    • fixed bug in rlogin.sara
    • Updated Web tutorials
    • Clarified reporting for "directory traversal (command execution)"
    • Improved test for the IIS 5.0/Windows 2000 vulnerability
    • Tightened up NAI FTP vulnerability test
    • Fixed a JavaScript error
    • Fixed printing error
    • Generic test for NAI identified vulnerable FTP services
    • Fixed false positive on http showcode
    • Improved detection of command execution via directory traversal
    • Downgraded many RED's to YELLOW's to minimize false alarms in the current environment
    • Fixed problem with detection of duplicate ssh daemons.
    • Upgraded fping to handle 'number of bytes sent' for worms.sara
    • Combined worms.sara and ddosscan.sara into backdoor.sara

  • 02 May 2001 (SARA Updates)
      The last notification of the SARA Certification Class was wrong. The correct date is 30 May 01. It is free to US Government employees.

      Several new exploits and bug reports have been received since the release of sara-3.4.1. A host fix is provided at the usual SARA doenload site (under sara-3.4.1.tar.gz)

      Hotfixes (SARA 3.4.1.d)

      • Test for IIS 5.0 vulnerability under Windows 2000 (no tutorial)
      • Generic test for NAI identified vulnerable FTP services (no tutorial)
      • Fixed false positive on http showcode
      • Improved detection of command execution via directory traversal
      • Downgraded many RED's to YELLOW's to minimize false alarms in the current environment
      • Fixed problem with detection of duplicate ssh daemons.
      • Upgraded fping to handle 'number of bytes sent' for worms.sara
      • Combined worms.sara and ddosscan.sara into backdoor.sara

    Advanced Research submitted the following announcements for April 2001:

  • 29 April 2001 (SARA Certification)
      Advanced Research announced a SARA Certification class for managers and system administrators. The first class, on May 28th, will be offered to U.S. Government personnel in the Washington/Baltimore area.
  • 29 April 2001 (SARA 3.4.1)
      New feature include:
      • Added plugin facility for proprietary testing and reporting
      • Released US Government only Adore worm detector to public domain
      • Improved tests for rsh, rlogin, netstat, and systat
      • Upgraded sendmail tests
      • Upgraded dns tests to check for zone transfers
      • Added tests for doubtful rpc services
      • Added test for poor pre-login banners for telnet.
      • Added facility to modify SARA menu subsystem (perl/menu.pl)
      • Added JavaScript to menu subsystem.
      • Provided additional documentation for report correction and fact drop.
      • Removed port scans that caused Oracle listener to terminate.
      • Minimized Windows XX false alarms to backdoors
  • 20 April 2001 (S/V Jule III returns)
      The research vessel S/V Jule III returned from a 6 month exercise in the evaluation of communications systems and capabilities in the western North Atlantic region. Advanced Research will publish their findings by 1 August 2001.

    Advanced Research submitted the following announcements for March 2001:

  • 25 March 2001 (SARA 3.3.5)
      SARA 3.3.5 was released in response to two significant exploits that have been identified within the last week. The primary one is the Lion worm, which is the result of a Linux compromise (usually through a bind attack). The second is the SunOS snmpXdmid exploit which can lead to a remote root compromise.

      We also enhanced our SSH detection logic to address not only the new vulnerabilities but also its use as a backdoor.

      We improved several system functions, such as telnet.sara in response to customer requirements.

      As always, SARA is free, open, and current.

  • 11 March 2001 (Jule III)
      Jule III/Advnaced Research Corporation have finished their preliminary survey of coastal data communications options in the Mid-Atlantic , Southeastern Altantic, Florida Straits, Dry Tortugas, and Bahamas. Observations were made on digital wireless, analog cellular, single sideband (SSB)(email only), VHF digital, and Satcom. Report will be issued in relevent trade magizines in late Fall 2001.


    Advanced Research has provided the following press releases for the month of January 2001:

  • 31 January 2001 (SARA 3.3.4)
      New features include:
      • Updated to CVE Version 20010122
      • Rewrote cim.sara to detect new CIM vulnerabilities
      • Tests for new DNS vulnerabilities
      • Fixed an induced error in reconfig
      • Corrected problem and added filter to CSV reporting
      • Fixed code associated with CSV
      • Added tutorial for MS Terminal Server
      • Still free, open, and current.

  • 26 January 2001 (SARA 3.3.3)
      New features include:
      • Fixed two small format errors in ReportWriter
      • Corrected some typos in tutorials
      • Fixed tutorial build process
      • Fixed multiple vulnerability reporting of mail relay
      • Reduced RDS false positive by incorporating rfp_msadc.pl
      • Added test for LPRng vulnerability
      • Changed severity codes for possible false positive readings
      • Added check for Interbase database backdoor
      • Configured attack level 6 [custom 3] for the Ramen signature
      • Added csv (comma delimited) format for the ReportWriter
      • Added false reporting notation in all ReportWriter products
      • Dropped writable ftp vulnerabilities on Lexmark printers

    Advanced Research has provided the following press releases for the month of October 2000:

  • 21 October 2000 (SARA 3.2.3)
      New features include:
      • Added http tests for Web Shopper, Shopping Cart, PHP, and PUT
      • Fixed problem with smb.sara while handling very large shares
      • Adding SARA Reporter manual correction facility (see README)
      • Fixed small format problem with Reporter reports generated with "-r"
      • Improved tcp wrapper detection
      • Improved login.sara operation

  • 2 October 2000 (SARA 3.2.2b)
      New features include:
      • Corrected error in Makefile for sunos5
      • Updated tutorials (http-cgi and tacacs)
      • Updated to detect "wrapped" versions of ssh, telnet, ftp
      • Updated testing for Subseven DDOS tool.
      • Added additional "custom" attack modes
      • Fixed problem in configuration management module
      • Added timing options to start SARA (full date)
      • Added -r option to command line to generate SARA Reporter report.
      • Added a Delete option to Data Management
      • Tweaked ftp.sara and tutorial for current threat

    Advanced Research has provided the following press releases for the month of September 2000:

  • 18 September 2000 (International Maritime Security Demonstration)

      Advanced Research is sponsoring a demonstration for secure maritime communications. We will be evaluating low cost communications options for the coastal and blue water voyagers. Demonstration will begin on or about 1 November 2000. Comments and questions are solicited.
  • 18 September 2000 (SARA 3.2.1)
      New features include:
      • Corrected problem in SARA Report filters
      • corrected various Makefile problems
      • Added trinity DDOS (XF Advisory 59)
      • Added test for Web bulletin board (YaBB)
      • Added PhotoAlbum Web vulnerability
      • Added t0rn server Trojan test.
      • Improved mail relay reporting
      • Submitting SARA to industry evaluation
      • Enhanced Report Writer for SARA/SAINT/SATAN
      • Updated to maintian SANS/CVE Certification/Compliance

    Advanced Research has provided the following press releases for the month of August 2000:

  • 31 August 2000 (SARA 3.1.8)
      New features include:
      • Improved tutorials for http and smb
      • Added multi tasking support
      • Fixed error reporting date in daemon mode.
      • Fixed errors in html.pl introduced in 3.1.7
      • Added test for IRIX telnetd vulnerability
      • Fixed a problem importing SARA Report data into Office 2000.
      • Fixed problem with get_targets (FW vs non FW)
  • 11 August 2000 (SARA 3.1.7)
      New features include:
      • Fixed false positive on latest ColdFusion
      • Tuned http.sara for JetDirect and other ill-reporting servers
      • Tuned nfs-chk.sara for non-world access
      • Reformatted some of the tutorials
      • Fixed relay.sara to minimize false positives
      • Made minor tweaks on smb.sara (e.g. visible shares and verbose)
      • Fixed sendmail.sara to respond properly to v 8.10.x (thanks to J. McNair)
      • Expanded services database to reflect new definitions
      • Added test for Answerbook2 vulnerability (Sun Security Bulletin # 00196)
      • Fixed problem with crashing PCDuo servers (default attack level only)
      • Cleaned up configuration management routines
      • Provides a qualified date/time entry in the status file.


  • 1 August 2000 (SANS Certification)
      SANS has announced that:
        "This message is to let you know that SARA version 3.1.6 has achieved a qualification level of 'certified' in the SANS/ISTS top 10 testing. This is the highest level of certification that can be achieved. In addition, SARA is the first product to reach this level of qualification. You should be extremely proud of your accomplishment and we thank you for your wonderful contribution to the security community".


    Advanced Research has provided the following press releases for the month of July 2000:
    • 31 July 2000 (SARA 3.1.6)
        New features include:
        • Corrected smb.sara to properly target share level vs user level access
        • Added options to smb.sara for standalone and tailored operation
        • Added network.vbs test in smb.sara
        • Fixed a problem in ftp.sara to eliminate false negatives on writable dirs
        • Fixed Configuration Management GUI error.
        • SARA updated for the latest perl (5.6.0) dist. (thanks to A. Pendleton)
    • 21 July 2000 (SARA 3.1.5)
        New features include:
        • Updated IAW with SANS guidance
        • Updated smb.sara to test for null logins
        • Updated rules to 'catch' all smb services
        • Added O'Reilly test to http.sara (BID 1487)
        • Added source.asp test to http.sara (BID 1457)
        • Fixed NFS/Mountd/statd anamolies (BID 1480)
        • Tweaked login.sara for really slow targets
    • 12 July 2000 (SARA 3.1.4)
        New features include:
        • Improved SMB logic for Windows 9X
        • Improved processing for nfs exports for non world access
        • Corrected numerous typos in tutorial links (thanks to Walt Jones)
        • Fixed corrupted udpscan.sara file
        • Fixed more problems with relay.sara
        • Updated tutorials and FAQ.
        • Updated X Server logic to reduce false positives
        • Changed default start-up mode (a typo, really)
        • Added Big Brother test
    • 5 July 2000 (SARA 3.1.3)
        New features include:
        • Incorporated SANS recommended additions to Top 10 (2,7,8,10)
        • Corrected typos in tutorial links (thanks to Walt Jones)
        • Fixed distclean to delete all swap files
        • Corrected typo in http.sara
        • Test for vulnerability in wu-ftpd 2.6.0(1)
        • Corrected false negative problem with relay.sara

    Advanced Research has provided the following press releases for the month of June 2000:

    • 16 June 2000 (SARA 3.1.2)
        New features include:
        • Added switch to slow the scan to minimize impact to slower networks
        • Added custom and multiple hosts on GUI (Target Mgt)
        • Added test for INN 2.x.x vulnerability
        • Improved JetAdmin logic in http.sara
        • Improved the Custom attack level (see config/sara.cf)
        • Improved printer logic in depends.sara
        • Fixed ftp.sara to properly report MS FTP status
        • Fixed Documents to properly display CVE
    • 12 June 2000 (SARA 3.1.1)
        New features include:
        • Fixed FrontPage test IAW CIAC recommendations
        • Changed sara.cf to avoid NCD X- terminal lock ups
        • Removed DNS checking in data management mode (improves performance)
        • Added more rpc program checking
        • Added test for tacacs server
        • Added test for Sub 7 backdoor
        • Added test for JetAdmin directory traversal (thanks to Steven Lodin)
        • Added test for QPOP 3.53 vulnerability.
        • Added test for Cisco Catalyst Vulnerability (CVE 2000-0267)
        • Added test for Suse imap server (CVE 2000-0233)
        • Updated SARA's CVE Compliance Matrix to version 20000602

    Advanced Research has provided the following press releases for the month of May 2000:

    • 31 May 2000 (SARA 3.1.0)
        New features include:
        • Included SARAPRO report writer into SARA
        • Provided report writer to SATAN and SAINT users
        • Added SANS-10 top vulnerability filter to report writer
        • Correct tutorial problem with pcanywhere and kerberos
        • Fixed man page to include the "-n" option.
    • 24 May 2000 (SARA and SARAPRO 3.0.5)
        New features include:
        • Added depends.sara to minimize OS oriented false positives
        • Fixed login.sara to minimize false positives with JetDirect
        • Fixed multiple subnet scanning in firewall mode
        • Mitigated lockups in SARA daemon mode
        • Added new mode (vulnerabilities) to SARA Search
        • Updated http.sara to minimize FrontPage vulnerabilities
        • Added eight new tests to http.sara
        • Added test for kerberos
    • 16 May 2000 (SARA and SARAPRO 3.0.4)
        New features include:
        • Added a range argument to target spec (e,g, 192.168.0.11-192.168.0.223)
        • Incorporated target specs in interactive mode (e.g., supernets and range)
        • Added test for SunOS netpr vulnerability [work in progress](BugTraq)
        • Added test for counter vulnerability (BugTraq)
    • 11 May 2000 (SARA and SARAPRO 3.0.3)
        New features include:
        • Fixed mstream test (PONG vs pong)
        • Added test for timbuktu
        • Added tutorial for pcanywhere and timbuktu
        • Incorporated Steve Rader's new relay.sara (many more tests)
    • 1 May 2000 (SARA and SARAPRO 3.0.2)
        New features include:
        • Added pirahna test (password vulnerability in Linux Web server)
        • Updated http.sara to reduce false alarms on non 404 servers
        • Updated sara.cf to avoid answerbook2 inadvertent denial of service
        • Added test for pcanywhere
        • Added test for mstream DDOS agents
        • Need to do tutorials for pirahna and pcanywhere

    Advanced Research has provided the following press releases for the month of April 2000:
    • 25 April 2000 (SARA and SARAPRO 3.0.1)
        New features include:
        • Added CVE compliance matrix to documents and tutorials
        • Added Search to SARA (was only in SARAPRO)
        • Added sgi_pmcd vulnerability test
        • Added Solaris nisd vulnerability test
        • Added Compaq CIM server vulnerability test (thanks to Steve Lodin)
        • Improved tutorial reporting in SARAPRO report writer
        • Added numerous new cgi vulnerability tests
        • Corrected bugs
    • 10 April 2000 (SARAPRO 2.4.13 and SARA 2.1.13)
        New features include:
        • Added daemon mode of SARA! (thanks to Adam Pendleton of VGS)
        • Improved SMB analysis (fewer false positives)
        • Added basic Shaft DDoS detection
        • Improved http.sara (fewer false positives on php and FP)
        • Fixed makefile problem with IRIX and swp files (Thanks Adam P.)
        • Added test for IRIX 5.x - 6.2 objectserver exploit

    Advanced Research has provided the following press releases for the month of March 2000:
    • 22 March 2000 (SARAPRO 2.4.12 and SARA 2.1.12)
        New features include:
        • Added test for Subseven backdoor
        • Fixed new CUI/GUI problem with Analysis Reporting
        • Supporting older Linux releases (thanks to Sam Kline)
        • Added the SARA Search capability (SARA Pro)
    • 17 March 2000 (SARAPRO 2.4.11 and SARA 2.1.11)
        New features include:
        • Fixed CUI/GUI problem with Lynx and Netscape 4.72
        • Fixed problem with multiple reports with SNMP
        • Updated hosttyping database
        • Still adding SARA Search capability
    • 12 March 2000 (SARAPRO-2.4.10) and SARA 2.1.10)
        New features inlcude:
        • Added yet more http vulernability testing incl infosrch
        • Fixed Netscape buffer overflow detection
        • Fixed some of the GUI interfaces
        • Adding SARA Search capability
        • Added Napster detection
    • 03 March 2000 (SARAPRO 2.4.9 and SARA 2.1.9)
        New feaures include:
        • Added test for the sgi_fam buffer overflow vulnerability
        • Added the trojan_trinoo DDOS test
        • Fixed false alarms from Web cache manager
        • Updated snmp reporting
        • Added support for hpux 11.x (thanks to Andrew Mossberg)

    Advanced Research has provided the following press releases for the month of February 2000:
    • 28 February 2000 (SARAPRO 2.4.8a and SARA 2.1.8a)
        Advanced Research released an upgrade to SARA 2.x.8 which includes the distributed denial of service (DDOS) test for the Windows-based trinoo, trojan_trinoo.
    • 25 February 2000
        Advanced Research Corporation ® is pleased to announce the addition of Roadrunner (www.rr.com) to our family of licensees of SARA Pro.
    • 23 February 2000 (SARAPRO 2.4.8 and SARA 2.1.8)
        New features include:
        • Added Corporate template insertion into SARA Pro reports.
        • Added timing/delay command line option.
        • Administrative release. Credit given where credit due.
        • Corrected minor bugs on the SARA menu.
    • 15 February 2000: SARA 2.1.7 and SARA Pro 2.4.7 released.
        New features for SARA nad SARA Pro are:
        • Added Dave Dittrich's Distributed DOS test
        • fixed typo in http.sara and sample.sara.ext
        • Added a new tutorial for possible wuftpd vulnerability
        • Added Linux include/ansi to update the old rpc libraries
        • Added Linux include/netinet to make available older net files
        • Added trusted-sunos5 make option (thanks to Ward Ponn)

    • 1 February 2000: SARA 2.1.6 and SARA Pro 2.4.6 released.
        New features for SARA and SARA Pro are:
        • Tweaked the documentation
        • Fixed problem with mimetyping
        • Documented fact that doesn't work with Lynx 2.8
        • Added SARA extensions to SARA (offered in SARA Pro 2.4.1)


    Advanced Research has provided the following press releases for the month of January 2000:
    • 23 January 2000: SARA 2.1.5 and SARA Pro 2.4.5 released.
        New features for SARA and SARA Pro are:
        • Fixed false alarms in webdist and handler cgi exploits
        • Added more distributed denial of service exploit detection
        • Developed bar chart generation in report writer (SARA Pro)
        • Corrected minor errors in the analysis section
        • Corrected problem with login.sara
        • Corrected minor problem with http.sara

    • 13 January 2000: A member of the family has passed away.
        The inspiration for the Advanced Research Corporation and our work ethic has passed away. Our thoughts will always be with Walter E. Todd, W4JXI.

    • 01 January 2000: SARA 2.1.4 and SARA Pro 2.4.4 released.
        New features for SARA are:
        • Fixed trailing blank problem in -F filename
        • Fixed bug in firewall enabling logic


    Advanced Research has provided the following press releases for the month of December 1999:

    • 15 December 1999: SARA 2.1.3 and SARA Pro 2.4.3 released.
        New features for SARA are:
        • Added test for trinoo
        • Added test for sadmind exploit
        • Added test for Hack a Tack
        • Corrected pop3 to find obscure Qualcomm configurations
        • Added a post analysis filter, ammends (SARA-Pro only)

    • 8 December 1999: SARA out scans its peers
        During the month of November, SARA has scanned more than 120,000 documented host computers on our customers' networks. We believe that this far exceeeds the statistics of our fellow "freeware" providers.

    • 8 December 1999: SARA 2.1.2 and SARA Pro 2.4.2 released.
        New features for SARA include
        • Added "-F hostfile" to scan a list of hosts (not subnets)
        • Added custom attack level (level=4)
        • Added submask control for subnet scanning (command line only)
        • Added test for DRAT backdoor test
        • Added test for /tmp/bob exploit (ingreslock and pcserver)
        • Added test for vulnerable DNS Servers (NXT records)
        • Added many CGI vulnerability tests
        • Made NMAP non-default (problems with most OSs)
        • Corrected minor problems in configuration builds and dual reporting.

    • 1 December 1999: SARA and RockLinux
        SARA became a standard component of the RockLinux distribution. RockLinux/SARA will be present at the Chaos Communications Congress in Berlin (99-12-27 through 99-12-29).

    Advanced Research has provided the following press releases for the month of November 1999:

    • 30 November 1999: SARA Pro 2.4.1
        SARA Pro has the following enhancements:
        • Added "-F hostfile" to scan a list of hosts (not subnets)
        • Added custom attack level (level=4)
        • Added submask control for subnet scanning (command line only)
        • Added test for /tmp/bob exploit (ingreslock and pcserver)
        • Added test for vulnerable DNS Servers (NXT records)
        • Added many CGI vulnerability tests
        • Added subnet mask to command line arguments (/16 through /32)
        • Made NMAP non-default (problems with most OSs)

    • 8 November 1999: SARA Pro 2.2.10 SARA 2.0.10
        SARA and SARA Pro have added the following enhancements:
        • Upgraded tooltalk and calendar manager to RED
        • Corrected problem in login.sara
        • Corrected problem in relay.sara
        • Updated sendmail.sara for Ver 8.9.1 vulnerability
        • Updated ftp.sara to trap the wu-ftpd 2.5.0 vulnerability
        • Upgraded build environment for Linux (still needs work)


    Advanced Research has provided the following press releases for the month of September 1999:

    • 24 September 1999: S/V Jule III Update
        The SV Jule III is sad to report the loss of BM 1 Alfred L. Todd to prostate cancer. BM 1 Todd was a member of the crew since September 1995. He is sorely missed!

    • 20 September 1999: SARA Pro 2.2.9
        SARA Pro has added the following enhancements:
        • Upgraded tooltalk and calendar manager to RED
        • Corrected problem in login.sara
        • Corrected problem in relay.sara
        • Updated sendmail.sara for Ver 8.9.1 vulnerability
        • Updated ftp.sara to trap the wu-ftpd 2.5.0 vulnerability

    • 15 September 1999: Validation of Integrated Data Suite (IDS)
        The S/V Jule III (chartered Advanced Research research vessel) performed a week long sea trial of the IDS. The IDS provides a single entry, secure communications and navigation facility for small passenger vessels. Secure electronic mail, database updates, and command and control are provided over VHF, SSB, and wireless telephony.

    Advanced Research has provided the following press releases for the month of August 1999:

    • 4 August 1999: SARA 2.0.8
        Advanced Research added several new tutorials to SARA as well as as detection of a possible vulnerability in the calendar manager (rpc.cmsd).

    • 3 August 1999: Windows NT Security Checklist
        Advanced Research developed a security checklist for Windows NT systems which is available to IIM members.

    Advanced Research has provided the following press releases for the month of July 1999:

    • 31 July 199: Upgrade to the Jule III
        Advanced Research has upgraded the communications, environmental, and electrical system of Jule III. The Jule III will deploy to the lower Chesapeake Bay in early Winter to evaluate the impacts of the Mid Atlantic drought to the lower Bay ecosystem.

    • 24 July 1999: Interview with the New York Times
        Advanced Research was contacted by the New York Times to discuss the Company's work in uncovering the Calendar Manager security exploit. Details of the interview are documented in the 26 July Edition of the New York Times

    • 8 July 1999: SARA-PRO 2.2.8
        Advanced Research added several new tutorials to SARA-PRO as well as as detection of a possible vulnerabilitity in the calendar manager (rpc.cmsd). The changes will be added to SARA shortly.

    Advanced Research has provided the following press releases for the month of June 1999:

    • 5 June 1999: Integrated Incident Management
        Advanced Research's Integrated Incident Management (IIM) is now available to our clients. IIM subscribers will benefit from Advanced Research's new product lines which include SARA-PRO and TARA-PRO. Contact

    Advanced Research has provided the following press releases for the month of May 1999:

    • 30 May 1999: Release of TARA 2.2.6
        TARA system security scanner now has an optional HTML output generator. This feature produces easy to read hypertext listings of TARA output. Also, several features dealing with IRIX 6.x have been fixed including NFS exports. Lastly, a new TARA module tests for remote root login permissions.

    • 30 May 1999: Release of SARA 2.0.6
        The following additions/corrections have been incoporated into the latest version:
        • Fixed NMAP and SAMBA detection
        • Fixed GREEN FTP when there re vulnerabilities
        • Fixed false alarm on relay.sara for certain Sun systems

    • 20 May 1999: Release of TARA 2.2.5
        The Tiger Analytical Research Assistant (TARA) is a security system scanner that is an upgrade to the Tiger package developed by Texas A&M University in 1993. TARA has been upgraded to support the current operating systems from SMI, SGI, and Linux. Cosmetic changes and minor bug fixes have been incorporated. See the Security page for download sight.

    • 19 May 1999: Release of SARA 2.0.5
        • Compiles under Red Hat 6.0
        • Yet another fix on login.sara

    • 18 May 1999: Release of SARA 2.0.4
        The following enhancements have been added to SARA:

        • Added ftp bounce test
        • Addedd mail relay test
        • Improved login.sara
        • Improved timeouts for various tests
        • improved http.sara tests

    • 6 May 1999: Release of SARA 2.0.3
        Based on hacker activity, Advanced Research has upgraded SARA to address FrontPage, IIS, and ColdFusion vulnerabilities. In addition, false alarms with WU-ftpd servers have been reduced. Tutorials have been upgraded. Download can be found at the SARA home page.

    • 5 May 1999: Beta Release of TARA 2.2.4
        Advanced Research has released the initial Tiger Analytical Research Assistant (TARA), system security scanner for UN*X platforms. TARA is an update of the popular Tiger program developed by Texas A&M University (TAMU). Organizations inteested in participating in the TARA beta test should contact

    • 5 May 1999: Public Release of SARA 2.0.2
        Advanced Research has released the first public release of the Security Auditor's Research Assistant (SARA). SARA is a third generation network security scanner based on the popular Security Administrator's Tool for Analyzing Networks (SATAN). Information and dowload information can be found at http://www-arc.com/sara


    Advanced Research has provided the following press releases for the month of April 1999:

    • 11 Apr 99: Final Beta Release of SARA 2.0.1
        Advanced Research has released the final Beta release of SARA 2.0.1 to our Beta community. General release should be not later than 22 April.

    • 2 Apr 99: Beta Release of SARA 2.0.01
        Advanced Research is offering SARA 2.0.01 to selected Beta test facilities. SARA was tested successfully on over 2,000 hosts (Unix, Microsoft, Routers, etc.) during the limited release testing. This beta testing will insure the best possible product for general release on 1 May 99.

    Advanced Research has provided the following press releases for the month of March 1999:

    • 7 Mar 99: Limited Release of SARA 2.0.0(B)
        Advanced Research released to selected Government facilities the Security Auditor's Research Assistant (SARA) security assessment tool. SARA is a third generation tool based on the SATAN and SAINT tools. SARA provides a liberal license for use in both no-commercial and commercial applications. SARA will be available to the public on 2 April 99.

    • 5 Mar 99: Bob Todd Joins Advanced Research Corporation
        Advanced Research is pleased to announce the appointment of Bob Todd as the head of the Information Technology Systems and Security Engineering activity. Bob is no stranger to Advanced Research. He was the founder and chief scientist of Advanced Research from 1984 to 1995 when he left the company to pursue other goals. Bob is the developer of both the Security Administrator's Integrated Network Tool (SAINT) and the Security Auditor's Research Assistant (SARA). He has been a major contributor in major transportation safety systems including TCAS and the 406 MHz EPIRB.

    • 1 Mar 99: Ann Todd becomes a USCG Master
        Ann becomes the latest member of the Maritime Operations and Services (MOS) to obtain the United States Coast Guard "License of US Merchant Marine Officer". Ann Todd is the Chief Executive Officer of the Advanced Research Corporation. Her USCG license will enable her to participate more fully in the MOS activity.