COMMAND

    Dragon Fire

SYSTEMS AFFECTED

    Dragon Fire 3.1 for unices

PROBLEM

    Stefan Laudat found following.   In the middle of developement  of
    a Linux IDS,  he wanted to  take a short  glimpse at some  similar
    products  on  the  net.   Seems  like  the  most  impressive  (and
    commercial)  is  NSW's  (Network  Security  Wizard's)  Dragon Fire
    3.1, just  released.   Stefan followed  the nice  link there (Live
    demo)  and  has  chosen  there  Database  telnet1,  Forensic  tool
    mkchart,  sensor  ALL  and  as  'IP  one'  |  ls  -lsa  /.  He was
    unpleasantly  surprised  when  he  saw  his  command executed very
    well, with a nice output.   Too bad it doesn't run as  root (maybe
    other tools  in that  package do).   Anyhow, they  don't run  that
    system on a Linux station (try  as 'IP one' | echo `uname  -a` and
    vote for SunOS!?).  Guess is  many customers run it on oher  buggy
    Unices (Irix etc) so watch  your asses and claim your  support, or
    switch to a local tool implemented by your system administrator.

SOLUTION

    The sources  are not  public (and  they are  buggy too)  so it  is
    advisable  IMMEDIATE  protection  of  the  web pages (.htaccess if
    you use Apache).   You may also  keep your mouth  shut unless  NSW
    releases  a  *elementary*  secure  wrapper  and  don't  make  your
    DragonFire URLs public. There is an enterprise version too.