SecurityFocus Microsoft Newsletter #114
From: Marc Fossi (mfossi@securityfocus.com)
Date: 11/25/02
- Previous message: Eric Schultze: "Updated version of HFNetChk now available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Nov 2002 15:50:06 -0700 (MST) From: Marc Fossi <mfossi@securityfocus.com> To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #114
---------------------------------------
This Issue is Sponsored by: Qualys
Strengthening Network Security: FREE Guide Network security is a
constantly moving target - even proven solutions lose their punch over
time. Find out how to get COMPLETE PROTECTION against ever-growing
security threats with our FREE new Guide. Get your copy today at:
https://www.qualys.com/forms/nsguideh_376.php
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Complete Snort-based IDS Architecture, Part Two
2. SecurityFocus DPP Program
3. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL)
II. MICROSOFT VULNERABILITY SUMMARY
1. Multiple Unspecified Opera 7 Vulnerabilities
2. Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone...
3. IISPop Remote Buffer Overflow Denial of Service Vulnerability
4. Netscape/Mozilla JAR Remote Heap Corruption Vulnerability
5. Perception LiteServe CGI Source Disclosure Vulnerability
6. Lonerunner Zeroo HTTP Server Remote Buffer Overflow Vulnerability
7. NeoSoft NeoBook 4 ActiveX Control Arbitrary File Type Inclusion...
8. Perception LiteServe Malformed GET Request Buffer Overflow...
9. AOL Instant Messenger Screen Name Buffer Overflow Vulnerability
10. PHPBB2 ViewTopic.PHP Cross Site Scripting Vulnerability
11. TFTPD32 Long Filename Buffer Overflow Vulnerability
12. MailEnable Email Server Buffer Overflow Vulnerability
13. TFTPD32 Arbitrary File Download/Upload Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. outlook 2000 vs latest outlook express deployment (Thread)
2. How to secure Internet Explorer (Thread)
3. SecurityFocus Microsoft Newsletter #113 (Thread)
4. re: Unknown Workgroup in Network Neighborhood (Thread)
5. Active Directory network security (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. QuickStart Data Rescue
2. BRU-Pro
3. NetSign CAC
4. CryptoGram Secure Login
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. NATAS v3.00.01
2. Pluto v1.2b
3. Coopersniff v0.1
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Complete Snort-based IDS Architecture, Part Two
by Anton Chuvakin, Ph.D. and Vladislav V. Myasnyankin
Many companies find it hard to justify acquiring the IDS systems due to
their perceived high cost of ownership. However, not all IDS systems are
prohibitively expensive. This is second part of a two-part article that
will provide a set of detailed directions to build an affordable intrusion
detection architecture from hardware and freely available software. In
this installment we shall discuss Web interface configuration, summaries
and daily reporting, automated attack response, sensor installation,
installation of the central station, and big distributed IDS systems.
http://online.securityfocus.com/infocus/1643
2. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
3. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)
Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11
Solutions to today’s security concerns; hands-on experts; blockbuster
vendor expo; the CISO Executive Summit; invaluable networking
opportunities. InfoSec World has it all!
Go to: http://www.misti.com/10/os03nl37inf.html
II. BUGTRAQ SUMMARY
-------------------
1. Multiple Unspecified Opera 7 Vulnerabilities
BugTraq ID: 6184
Remote: Yes
Date Published: Nov 14 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6184
Summary:
Opera is web browser software which is available for a number of
platforms, including Microsoft Windows, Linux and Unix variants and Apple
MacOS.
A reliable source has announced two major unspecified vulnerabilities in
the beta version of Opera 7. It has been reported that these issues in
combination may allow attackers to gain full read access to a client
filesystem or may allow scripting across any domain. It may also be
possible to view websites that a user of the client visits.
An attacker may exploit these issues by embedding malicious script code in
a webpage.
This record will be updated when further details become publicly
available.
Opera 7 is only available for Microsoft Windows platforms at the time of
writing. These issues are not present in earlier versions of the browser.
2. Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability
BugTraq ID: 6205
Remote: Yes
Date Published: Nov 19 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6205
Summary:
Microsoft Internet Explorer includes support for dialog windows through
script calls to the two functions showModalDialog and showModelessDialog.
These functions accept a URL location for the dialog content, and an
option argument parameter to allow data to be passed to the dialog from
the calling page.
A vulnerability has been reported in Explorer that may allow for script
code to be executed in the Local Zone. When an IFRAME in a dialog changes
its location or Zone, the dialogArguments object provided by the calling
content should not be accessible. It has been reported that this is not
the case. The dialogArguments object is accessible despite the fact that
its originating location/Zone is different from the parent.
In some circumstances, this may result in code being executed in the Local
Zone. One method of accomplishing this is by exploiting the local
"res://shdoclc.dll/privacypolicy.dlg", which happens to write the
dialogArguments property "cookieUrl" to the document body. If the value
of this property is set to script code, the code will execute when the
document is rendered. This technique is demonstrated by the discoverer of
this vulnerability.
Using the method developed by Andreas Sandblad, attackers may also exploit
this vulnerability to execute commands on victim hosts.
3. IISPop Remote Buffer Overflow Denial of Service Vulnerability
BugTraq ID: 6183
Remote: Yes
Date Published: Nov 14 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6183
Summary:
IISPop is a small POP3 mail server designed to be used with the SMTP
service in Microsoft Windows 2000 with IIS 5.
IISPop is vulnerable to a denial of service due to a buffer overflow. It
is possible to connect to TCP port 110 on the IISPop server and send an
unusually large amount of data (289999 bytes) which will cause IISPop to
throw an unhandled exception due to an access violation. This will cause
the IISPop service to fail.
Execution of arbitrary code may be possible.
4. Netscape/Mozilla JAR Remote Heap Corruption Vulnerability
BugTraq ID: 6185
Remote: Yes
Date Published: Nov 14 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6185
Summary:
Netscape and Mozilla are freely available web browsers. They are available
for various platforms including Linux variant and Microsoft Windows
operating systems.
A heap corruption vulnerability has been reported for Mozilla and Netscape
browsers.
The vulnerability is present in the JAR (Java Archive) URI handler used by
Netscape and Mozilla. The vulnerability is due to inadequate checks when
decompressing JAR files.
An attacker can exploit this vulnerability by creating a malformed JAR
file that contains invalid information about the sizes of the files it
contains. When a victim user is enticed to view a file contained within
the malformed JAR file, the vulnerable browser will attempt to decompress
the JAR file. During decompression, proper bounds checking of inflated
data against the allocated buffer is not performed. Consequently, an
overrun condition in the heap can occur. This may be exploited by
attackers to cause code to be executed.
An attacker can overwrite arbitrary values in heap memory to execute
malicious attacker-supplied code.
5. Perception LiteServe CGI Source Disclosure Vulnerability
BugTraq ID: 6188
Remote: Yes
Date Published: Nov 14 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6188
Summary:
LiteServe provides web, email, and ftp server functionality. It is
available for the Microsoft Windows operating system.
The Windows operating system treats a file appended with a period (.), as
if the character did not exist. LiteServe fails to treat this issue the
same, which may allow a remote attacker to disclose CGI script source by
requesting a file appended with a period.
Information gained by exploiting this issue may aid an attacker in
launching further attacks against the target system.
6. Lonerunner Zeroo HTTP Server Remote Buffer Overflow Vulnerability
BugTraq ID: 6190
Remote: Yes
Date Published: Nov 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6190
Summary:
Zeroo HTTP server is a freely available, open source web server. It is
available for the Linux and Microsoft Windows platforms.
A problem with Zeroo HTTP server could lead to remote code execution.
It has been reported that Zeroo HTTP server does not sufficiently check
bounds on some requests. This occurs when a string of excessive length is
received by the server. This can result in the overwriting of stack
memory, and potential code execution.
It is not required that this data be sent in HTTP request format.
Sending a string of 1024 bytes or greater to the server without structure
has been reported to reproduce this issue.
Previous versions of the software may also be affected.
7. NeoSoft NeoBook 4 ActiveX Control Arbitrary File Type Inclusion Vulnerability
BugTraq ID: 6191
Remote: Yes
Date Published: Nov 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6191
Summary:
NeoBook is a commercially available multimedia authoring software package.
It is available for Microsoft Windows.
A problem with NeoBook 4 could lead to arbitrary file inclusion, and
command execution.
It has been reported that the ActiveX control used by NeoBook does not
sufficiently filter types of files that are included in NeoBook content.
This may allow the packaging of malicious files in NeoBook content. When
interpretted by the ActiveX control, the placement and execution of files
could occur.
This vulnerability requires the NeoBook ActiveX control. This control is
not distributed with default implementations of web browsers.
8. Perception LiteServe Malformed GET Request Buffer Overflow Vulnerability
BugTraq ID: 6192
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6192
Summary:
Perception LiteServe provides web, email, and ftp server functionality. It
is available for the Microsoft Windows operating system.
A buffer overflow vulnerability has been reported for Perception LiteServe
HTTP server. The vulnerability occurs when the web server attempts to
process malformed GET requests. Reportedly, when processing overly long
GET requests consisting of illegal '%' sequences, the web server will
crash.
An attacker can exploit this vulnerability by issuing a long, malformed
GET request consisting of at least 290,759 '%' characters. This will cause
the LiteServe HTTP server to crash.
Although unconfirmed, it may be possible to cause the web server to
execute malicious attacker-supplied code.
9. AOL Instant Messenger Screen Name Buffer Overflow Vulnerability
BugTraq ID: 6194
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6194
Summary:
AOL Instant Messenger (AIM) is an instant messenging client for Microsoft
Windows, MacOS, and other platforms.
AIM contains an unchecked buffer which could result in a denial of service
or arbitrary code execution.
When viewing the information for a user with a screen name containing 88
characters or more, a buffer in AIM will be overrun, causing the client to
terminate with an error reading memory. Although not yet confirmed,
arbitrary code execution may be possible.
This vulnerability was discovered in AIM v5.1.3036. It is not yet known
whether other versions are affected.
** There have been conflicting reports as to the existence of this
vulnerability. See the Reference section for details.
10. PHPBB2 ViewTopic.PHP Cross Site Scripting Vulnerability
BugTraq ID: 6195
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6195
Summary:
phpBB2 is an open-source web forum application that is written in PHP and
supported by a number of database products. It will run on most Unix and
Linux variants, as well as Microsoft Windows operating systems.
A cross site scripting vulnerability has been discovered in the
'viewtopic.php' script included with phpBB2.
An attacker may exploit this vulnerability by enticing a victim user to
follow a malicious link. Attacker-supplied HTML and script code may be
executed on a web client in the context of the site hosting the web forum.
This may allow for theft of cookie-based authentication credentials and
other attacks.
This vulnerability was reported for phpBB 2.0.3. Other versions may also
be affected.
11. TFTPD32 Long Filename Buffer Overflow Vulnerability
BugTraq ID: 6199
Remote: Yes
Date Published: Nov 19 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6199
Summary:
Tftpd32 is a freely available TFTP (Trivial FTP) server available for use
on Microsoft Windows operating systems.
A buffer overflow vulnerability has been reported for Tftpd32. The
vulnerability is due to insufficient checks on user supplied input.
Specifically, proper bounds checking is not implemented on requested
filenames.
A remote attacker is able to exploit this vulnerability by supplying a
long string, consisting of at least 116 characters, as a name of the file
to retrieve. This will trigger the buffer overflow condition. Successful
exploitation of this issue will result in the execution of
attacker-supplied code, with the privileges of the Tftpd32 process.
This vulnerability affects Tftpd32 2.50.2 and earlier.
12. MailEnable Email Server Buffer Overflow Vulnerability
BugTraq ID: 6197
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6197
Summary:
MailEnable is a commercially available POP3 and SMTP server available for
the Microsoft Windows operating systems.
A buffer overflow vulnerability has been reported for MailEnable's POP3
server. The vulnerability is due to insufficent bounds checking of the
USER login field.
An attacker can exploit this vulnerability by connecting to a vulnerable
MailEnable server and sending an overly long string, consisting of more
than 512 characters, as the value for the USER login prompt. This will
trigger the buffer overflow condition.
Although unconfirmed, an attacker may be able to exploit this
vulnerability to cause MailEnable to execute malicious attacker-supplied
code.
13. TFTPD32 Arbitrary File Download/Upload Vulnerability
BugTraq ID: 6198
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6198
Summary:
Tftpd32 is a freely available TFTP (Trivial FTP) server designed for use
with Microsoft Windows operating systems.
A vulnerability has been discovered in Tftpd32, which allows a remote
attacker to download and/or upload files. By exploiting this vulnerability
it is possible for an attacker to disclose arbitrary system files, by
using the GET command, which may contain sensitive user credentials. It
may also be possible for an attacker to replace key system files with
trojaned copies, using the PUT command, which could be used to open
backdoors into a target system.
This vulnerability affects Tftpd32 2.50.2 and earlier.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. outlook 2000 vs latest outlook express deployment (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300601
2. How to secure Internet Explorer (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300604
3. SecurityFocus Microsoft Newsletter #113 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300590
4. re: Unknown Workgroup in Network Neighborhood (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300406
5. Active Directory network security (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300357
1. outlook 2000 vs latest outlook express deployment (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300601
2. How to secure Internet Explorer (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300604
3. SecurityFocus Microsoft Newsletter #113 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300590
4. re: Unknown Workgroup in Network Neighborhood (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300406
5. Active Directory network security (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300357
1. outlook 2000 vs latest outlook express deployment (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300601
2. How to secure Internet Explorer (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300604
3. SecurityFocus Microsoft Newsletter #113 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300590
4. re: Unknown Workgroup in Network Neighborhood (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300406
5. Active Directory network security (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/300357
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. QuickStart Data Rescue
by TOLIS Group
Platforms: FreeBSD, Linux, Netware, OpenBSD, OS/2, SCO, Solaris, Unixware,
Windows 2000, Windows 95/98, Windows NT, Windows XP
http://www.tolisgroup.com/qsdr3.html
Summary:
QuickStart Data RescueTM is a PC crash and disaster recovery utility that
recovers damaged systems while virtually eliminating the human error
associated with the process. And, you can even recover to a larger hard
disk! QuickStart Data RescueTM is a self-contained product. Other
disaster recovery products rely on interaction with some other utility or
application, or require a base OS reinstall, in order to do their job.
QuickStart can write an image backup of the disk to the target device,
and verify the backup for accuracy as well as manage the disaster
recovery process. Used independently, or in conjunction with your normal
backup procedure, QuickStart gets you up and running simply and
effectively.
2. BRU-Pro
by TOLIS Group
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, MacOS, OpenBSD, Solaris,
Windows 2000, Windows 95/98, Windows NT
http://www.tolisgroup.com/bru-pro3.html
Summary:
BRU-Pro[tm], provides backup and recovery services on medium to large
heterogeneous network systems. Implemented on a Linux tape server,
BRU-Pro delivers market leading reliable data protection and "makes
sense" value across client/server topologies. BRU-Pro is the only
professional level backup solution that literally backs itself up to
provide the highest availability to your archived data. The functionally
robust BRU-Pro employs multiple technologies to protect your critical
data.
3. NetSign CAC
by SSP Solutions
Platforms: Windows 2000, Windows 95/98, Windows NT
http://www.sspsolutions.com/products/netsigncac/
Summary:
NetSign® CAC is a complete smart card client package that provides
network security and desktop protection for users of the GSA Common
Access Card (CAC). With a NetSign CAC-enabled system, users can be
assured of strong authentication, confidentiality and non-repudiation.
NetSign CAC allows users to digitally sign and encrypt email, access
secure restricted web sites, enter physically secure areas and login
systems using PKI digital certiciates. CAC also acts as identification to
provide authentication for benefits and entitlement management. Supported
by Windows NT smart card logon, Windows 2000 certificate-based logon and
workstation locking using CAC smart cards issued by Department of Defense
(DoD), NetSign CAC offers unparalleled desktop security. In addition to
PKI and desktop security, NetSign CAC also provides multi-application
support for non-PKI secure data storage applications through support of
the GSA defined Basic Services Interface (BSI) and DoD CAC Extended
Service Interface (XSI). NetSign CAC is also available as an SDK,
providing a complete client application library support for PKCS #11,
Microsoft CAPI or BSI-based applications.
4. CryptoGram Secure Login
by CryptoGram SA
Platforms: Windows 2000, Windows NT, Windows XP
http://www.cryptogram-fr.com/english/securelogin.htm
Summary:
As computer crime rises (computer theft, fraud, piracy, etc.) secure
access to information has become a key factor in the architecture of
computer systems. To combat these threats, only a hardware based
authentication solution can fully protect access to your computers. With
CryptoGram Secure Login, users must possess a token and provide
information to be authenticated. Using the latest cryptographic and
biometric technologies, the CryptoGram Secure Login solution protects
access to your Windows NT 4.0, Windows 2000 and Windows XP computers and
keeps all unauthorized users out
V. NEW TOOLS FOR MICROSOFT PLATFORMS
-------------------------------------
1. NATAS 3.00.01
by Björn Stickler, stickler@rbg.informatik.tu-darmstadt.de
Relevant URL:
http://intex.ath.cx/natas.shtml
Platforms: Windows 2000
Summary:
Natas is an advanced network packet capturing and analysing programm
designed for Windows 2000. It only works with the new Windows 2000
winsock v2.2 which supports raw sockets like *nix operating systems. You
have to be admin on the machine you are running Natas on.
2. Pluto v1.2b
by Dr.Astral astral@astralclinic.com
Relevant URL:
http://www.astralclinic.com/tools.asp
Platforms: Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
Pluto is a tool that allows you to perform automated vulnerability
assesment against remote host. Features included are:
- Multi thread portscanner
- CGI scanner
- Port fingerprinting (under construction, can cause GUI to hang)
- MSSQL Audit
- FTP Audits
- SMTP Audits
- Password Audit
- Great database of vulnerable software
3. Coopersniff 0.1
by Brett Cooper, BrettJCooper@hotmail.com
Relevant URL:
http://www4.50megs.com/sniffer/index.html
Platforms: Windows NT
Summary:
NT Sniffer 0.01 - For NT4.0 includes a packet driver. Sniffs packets from
networks and displays full information for: Ethernet, IP, TCP (data
also), and UDP
VI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: Qualys
Strengthening Network Security: FREE Guide Network security is a
constantly moving target - even proven solutions lose their punch over
time. Find out how to get COMPLETE PROTECTION against ever-growing
security threats with our FREE new Guide. Get your copy today at:
https://www.qualys.com/forms/nsguideh_376.php
-------------------------------------------------------------------------------
- Next message: Harris, Ken: "Question: Buffer Overrun in Microsoft Data Access Components Coul d Lead to Code Execution (Q329414)"
- Previous message: Eric Schultze: "Updated version of HFNetChk now available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
