SecurityFocus Microsoft Newsletter #117
From: Marc Fossi (mfossi@securityfocus.com)
Date: 12/16/02
- Previous message: Marc Fossi: "Users Peeved at Microsoft Security Effort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Dec 2002 12:46:07 -0700 (MST) From: Marc Fossi <mfossi@securityfocus.com> To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #117
---------------------------------------
This issue is sponsored by: Qualys
Strengthening Network Security: FREE Guide Network security is a
constantly moving target - even proven solutions lose their punch over
time. Find out how to get COMPLETE PROTECTION against ever-growing
security threats with our FREE new Guide.
Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Securing Outlook, Part One: Initial Configuration
2. Drop that E-Book or I'll Shoot!
3. A Year-end Mailbag
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL)
II. MICROSOFT VULNERABILITY SUMMARY
1. Sapio WebReflex Directory Traversal Vulnerability
2. vBulletin HTML Injection Vulnerability
3. Mollensoft Software Enceladus Server Suite Directory Traversal...
4. Kunani FTP File Disclosure Vulnerability
5. Mollensoft Software Enceladus Server Suite CD Buffer Overflow...
6. myServer File Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. IIS 4 Security (Thread)
2. ISM Permissions? (Thread)
3. FW: /Rpc virtual directory in IIS - How did it get there? (Thread)
4. SecurityFocus Microsoft Newsletter #116 (Thread)
5. /Rpc virtual directory in IIS - How did it get there? (Thread)
6. issues with syskey in NT 4.0 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. AiS AliveProxy Professional
2. eTrust Intrusion Detection Log View
3. LogCaster
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. 007 SafetyNet 1.0
2. Password Policy Enforcer v3.5
3. QuarantineAttachment v1.0
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Securing Outlook, Part One: Initial Configuration
By Scott Granneman
Millions of Outlook users around the world, in homes, organizations, and
businesses, have had to face the insecurities inherent in their email
program, sometimes painfully. This article is the first of a two-part
article that will examine ways that Outlook users can secure their email
client.
http://online.securityfocus.com/infocus/1648
2. Drop that E-Book or I'll Shoot!
By Mark Rasch
Last Thursday federal prosecutors wrapped up their direct case against
Russian software company ElcomSoft for creating and distributing software
that would "crack" Adobe's proprietary software designed to prevent
copying of electronic books - the defense will argue their side this week.
http://online.securityfocus.com/columnists/128
3. A Year-end Mailbag
By George Smith
"Why are you rambling?," and other feedback received by your anti-virus
columnist.
http://online.securityfocus.com/columnists/130
4. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)
Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11
Solutions to today’s security concerns; hands-on experts; blockbuster
vendor expo; the CISO Executive Summit; invaluable networking
opportunities. InfoSec World has it all!
Go to: http://www.misti.com/10/os03nl37inf.html
II. BUGTRAQ SUMMARY
-------------------
1. Sapio WebReflex Directory Traversal Vulnerability
BugTraq ID: 6327
Remote: Yes
Date Published: Dec 06 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6327
Summary:
WebReflex is a software package designed to operate a HTTP server off a
cdrom, providing web hosting on Microsoft Windows systems. This webserver
is intended for use on such systems as Windows 95 and Windows 98. It is
written and maintained by Sapio Design Ltd.
It has been reported that WebReflex fails to properly sanitize web
requests. By sending a malicious web request to the vulnerable server,
using directory traversal sequences, it is possible for a remote attacker
to access sensitive resources located outside of the web root.
An attacker is able to traverse outside of the established web root by
using dot-dot-slash (../) directory traversal sequences. An attacker may
be able to obtain any web server readable files from outside of the web
root directory.
Disclosure of sensitive system files may aid the attacker in launching
further attacks against the target system.
This vulnerability was reported for WebReflex 1.53. It is not known
whether other versions are affected.
2. vBulletin HTML Injection Vulnerability
BugTraq ID: 6337
Remote: Yes
Date Published: Dec 09 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6337
Summary:
vBulletin is commercial web forum software written in PHP and back-ended
by a MySQL database. It will run on most Linux and Unix variants, as well
as Microsoft operating systems.
Problems with vBulletin could make it possible for an attacker to inject
arbitrary HTML in vBulletin forum messages.
vBulletin does not sufficiently filter potentially malicious HTML code
from posted messages. As a result, when a user chooses to view a message
posting that contains malicious HTML code, the code contained in the
message would be executed in the browser of the vulnerable user. This will
occur in the context of the site hosting the vBulletin forum software.
Attackers may potentially exploit this issue to manipulate web content or
to steal cookie-based authentication credentials. It may be possible to
take arbitrary actions as the victim user.
This vulnerability was reported for vBulletin 2.2.7 and 2.2.8. It is not
known whether other versions are affected.
3. Mollensoft Software Enceladus Server Suite Directory Traversal Vulnerability
BugTraq ID: 6338
Remote: Yes
Date Published: Dec 09 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6338
Summary:
Enceladus Server Suite is a Web and FTP server designed for use with
Microsoft Windows operating systems.
It has been reported that Enceladus fails to properly sanitize web
requests. By sending a malicious web request to the vulnerable server,
using directory traversal sequences, it is possible for a remote attacker
to view and download sensitive resources located outside of the web root.
An attacker is able to traverse outside of the established web root by
using dot-dot-slash (../) directory traversal sequences. An attacker may
be able to obtain any web server readable files from outside of the web
root directory.
Disclosure of sensitive system files may aid the attacker in launching
further attacks against the target system.
This vulnerability was reported for Enceladus Server Suite 2.6.1. It is
not known whether other versions are affected.
4. Kunani FTP File Disclosure Vulnerability
BugTraq ID: 6355
Remote: Yes
Date Published: Dec 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6355
Summary:
Kunani FTP is a publically available server which uses any ODBC compatible
datasource to authenticate users/passwords. It is available for the
Microsoft Windows Operating system.
A vulnerability has been discovered in Kunani FTP server. By passing a
malicious request containing dot-dot-slash (../) directory traversal
sequences, it is possible for a remote attacker to access arbitrary system
files outside of FTP directories. Information gathered through successful
exploitation of this vulnerability may aid an attacker in launching
further attacks against a target system.
This issue was discovered in Kunani FTP server 1.0.10. It is not known
whether other versions are affected.
5. Mollensoft Software Enceladus Server Suite CD Buffer Overflow Vulnerability
BugTraq ID: 6345
Remote: Yes
Date Published: Dec 09 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6345
Summary:
Enceladus Server Suite is a Web and FTP server designed for use with
Microsoft Windows operating systems.
Enceladus Server Suite is prone to a remotely exploitable buffer overflow
vulnerability. It is possible to trigger this condition by supplying an
overly long value for the FTP change directory (CD) command. The issue is
due to insufficient bounds checking of the vulnerable FTP command. By
triggering this condition an attacker may corrupt process memory,
including stack variables such as the return address, with
attacker-supplied data. Given the ability to corrupt memory with
attacker-supplied data, it is possible for an attacker to cause the
execution of arbitrary code.
To exploit this issue, the attacker must be able to authenticate to the
FTP server included in Enceladus and issue a maliciously crafted CD
command.
Successful exploitation will enable a remote attacker to execute arbitrary
code with the privileges of the Enceladus Server Suite software, which
will most likely run with SYSTEM (or equivalent) privileges. This
vulnerability may also be used to cause a denial of service.
This issue has been reported for Enceladus Server Suite 3.9. Other
versions may also be affected.
6. myServer File Disclosure Vulnerability
BugTraq ID: 6359
Remote: Yes
Date Published: Dec 11 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6359
Summary:
myServer is a freely available Web server designed for use with Microsoft
Windows operating systems.
It has been reported that myServer fails to properly sanitize web
requests. By exploiting this issue, an attacker is able to traverse
outside of the established web root by using dot-dot-slash (../) directory
traversal sequences. An attacker may be able to obtain any web server
readable files from outside of the web root directory.
Disclosure of sensitive system files may aid the attacker in launching
further attacks against the target system.
This vulnerability was reported for myServer 0.2 and earlier.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. IIS 4 Security (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/303276
2. ISM Permissions? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/302989
3. FW: /Rpc virtual directory in IIS - How did it get there? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/302613
4. SecurityFocus Microsoft Newsletter #116 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/302608
5. /Rpc virtual directory in IIS - How did it get there? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/302565
6. issues with syskey in NT 4.0 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/302385
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. AiS AliveProxy Professional
by AtomInterSoft
Platforms: Windows 2000, Windows 95/98, Windows NT
Relevant URL:
http://www.atomintersoft.com/products/alive-proxy/
Summary:
AiS AliveProxy Pro extracts proxy servers addresses from specified
Internet pages, or files, checks the type (transparent or anonymous), and
measures connection speed, tracerout and timeout. Result of its work is a
list of "alive" proxies, without duplicates. High-efficiency
multy-threaded engine allow you to check more than 100 proxy per second.
High-speed export proxy from URLs or files. Export/Import data from/to
XML,Excel, TXT, HTML, RTF
2. eTrust Intrusion Detection Log View
by Computer Associates International, Inc.
Platforms: Windows 95/98, Windows NT
Relevant URL:
http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/product_info/sw3_log_view.htm
Summary:
The eTrust Intrusion Detection Log View is designed to allow you to target
a specific archive database and subsequently browse and view the details
of usage over an extended period of time. It allows the consolidation of
multiple eTrust Intrustion Detection's session information in a relational
database. The system includes the database front end and distributed
collection components that are invoked by events in eTrust Intrustion
Detection based on eTrust Intrustion Detection rules.
3. LogCaster
by Ripple Technologies, Inc.
Platforms: Windows 2000, Windows NT
Relevant URL:
http://www.rippletech.com/main.php
Summary:
RippleTech LogCaster is a Windows NT and Windows 2000 Systems and
Applications management software that provides an all-in-one solution for
real-time application, server and Windows NT/2000 monitoring. Through a
central console, RippleTech LogCaster allows network administrators to
efficiently monitor and manage their environment by utilizing
pre-configured application templates for Microsoft Exchange Server, SQL
Server, Internet Information Server and Citrix MetaFrame. In addition,
RippleTech LogCaster monitors NT/2000 event logs, services, performance
counters, ASCII logs, TCP/IP devices and security parameters.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
-------------------------------------
1. 007 SafetyNet 1.0
by WebGrip, Inc
Relevant URL:
http://www.sitecensor.com/
Platforms: Windows NT
Summary:
SafetyNet was designed for parents, educators, and employers who need to
ensure that their computers and networks are not compromised, either
intentionally or not, by exposure to web sites, pictures, or software that
they find objectionable.
2. Password Policy Enforcer v3.5
by ANIXIS
Relevant URL:
http://www.anixis.com/products/ppe
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Password Policy Enforcer allows network administrators to create and
enforce a password policy. A password policy ensures that users are
choosing strong (difficult to crack) passwords. PPE checks every new
password for compliance with the policy. Passwords that do not comply with
the policy are rejected. PPE also displays password policy messages that
help users to choose compliant passwords without having to call the
helpdesk for assistance.
3. QuarantineAttachment v1.0
by John Conover john@email.johncon.com
Relevant URL:
http://www.johncon.com/john/QuarantineAttachments/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
QuarantineAttachment is a short procmail(1) script to quarantine e-mail
with potentially malicious Outlook attachments.
VI. SPONSOR INFORMATION
-----------------------
This issue is sponsored by: Qualys
Strengthening Network Security: FREE Guide Network security is a
constantly moving target - even proven solutions lose their punch over
time. Find out how to get COMPLETE PROTECTION against ever-growing
security threats with our FREE new Guide.
Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php
-------------------------------------------------------------------------------
- Next message: Damon McMahon: "ipsecpol on Windows 2000"
- Previous message: Marc Fossi: "Users Peeved at Microsoft Security Effort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
