SecurityFocus Microsoft Newsletter #126
From: Marc Fossi (mfossi@securityfocus.com)
Date: 02/25/03
- Previous message: Stuart Fox (DSL AK): "RE: Monitor Services on Windows machines"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Feb 2003 21:02:27 -0700 (MST) From: Marc Fossi <mfossi@securityfocus.com> To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #126
---------------------------------------
This issue is sponsored by: Captus Networks
Instantly identify and automatically stop:
- DDoS Attacks
- Port Scans
- Exploits from Unknown Worms and Viruses
With precise, real-time responses. Hands-on, online demo--launch and
mitigate live attacks. Visit us at:
http://www.captusnetworks.com/landing_pages/sfm
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Exchange 2000 in the Enterprise: Tips and Tricks Part Three
2. Richard Clarke's Legacy of Miscalculation
3. SecurityFocus DPP Program
4. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL)
II. MICROSOFT VULNERABILITY SUMMARY
1. IBM Lotus Domino Web Server iNotes s_ViewName/Foldername...
2. IBM Lotus iNotes ActiveX Control Buffer Overflow Vulnerability
3. Microsoft Riched20.dll Attribute Buffer Overflow Vulnerability
4. PHP CGI SAPI Code Execution Vulnerability
5. IBM Lotus Domino HTTP Redirect Buffer Overflow Vulnerability
6. BitchX Malformed RPL_NAMREPLY Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Windows2000 QuickLaunch (Thread)
2. MS Software Update Service (Thread)
3. AW: MS Software Update Service (Thread)
4. Restricting CmdExec Rights to Sysadmin (Thread)
5. Windows station permissions, remote control programs,lower...
6. AW: Restricting CmdExec Rights to Sysadmin (Thread)
7. [despammed] Defeating password cracking (Thread)
8. Windows station permissions, remote control programs, lower...
9. Defeating password cracking (Thread)
10. Website inside or outside domain (Thread)
11. Ye Olde OWA Topic (Was Website inside or outside domain)...
12. Unhappy face icon on NT 4 workstation (Thread)
13. SecurityFocus Microsoft Newsletter #125 (Thread)
14. website inside or outside the domain? (Thread)
15. Windows 2000 Static arp not static (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Steganos Online Shield
2. East-Tec DiskSanitizer GOV
3. Disk Amnesia
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. PlexCrypt v3.1
2. Traffik tool Troll v0.7
3. labrea v2.5b1
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Exchange 2000 in the Enterprise: Tips and Tricks Part Three
By Timothy M. Mullen
This is the second installment in a two-part series on securing Exchange
2000 in the enterprise. The last segment addressed the security
ramifications of publishing mail content to the Internet via Outlook Web
Access. This installment will discuss configuring IPSec between front-end
and back-end OWA Servers as well as headers.
http://online.securityfocus.com/infocus/1668
2. Richard Clarke's Legacy of Miscalculation
By George Smith
The outgoing cybersecurity czar will be remembered for his steadfast
belief in the danger of Internet attacks, even while genuine threats
developed elsewhere.
http://online.securityfocus.com/columnists/143
3. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)
Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11
Solutions to today’s security concerns; hands-on experts; blockbuster
vendor expo; the CISO Executive Summit; invaluable networking
opportunities. InfoSec World has it all!
Go to: http://www.misti.com/10/os03nl37inf.html
II. BUGTRAQ SUMMARY
-------------------
1. IBM Lotus Domino Web Server iNotes s_ViewName/Foldername Buffer Overflow Vulnerability
BugTraq ID: 6871
Remote: Yes
Date Published: Feb 17 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6871
Summary:
Lotus Domino Server is an application framework for web based
collaborative software. It runs on multiple platforms including Microsoft
Windows and Unix.
Lotus Domino iNotes Web Server does not perform adequate bounds checking
on the s_ViewName/Foldername options of the PresetFields parameter. A
buffer overflow condition can occur if excessively long strings are
supplied as values for these fields when requesting web based mail
services. This could result in sensitive areas of memory being
overwritten to allow attacker-supplied code to be executed. This code
would be executed in the security context of the account running the
Domino Web Services.
2. IBM Lotus iNotes ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 6872
Remote: Yes
Date Published: Feb 17 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6872
Summary:
IBM Lotus iNotes is a web based messaging/collaboration application.
Installation of support for iNotes on client systems includes an ActiveX
control, "Lotus Domino Session ActiveX Control".
A buffer overflow vulnerability is reportedly present in this control.
The condition is in the method "InitializeUsingNotesUserName()" and may be
triggered if the method is called with a parameter of excessive length.
Maclious web content may invoke the control and exploit the vulnerability
to execute instructions on target client systems. Furthermore, other
applications which use the MSIE HTML rendering component may also be
vulnerable if ActiveX support is enabled. It should be noted that any
code executed would run with the privileges of the user who started MSIE.
3. Microsoft Riched20.dll Attribute Buffer Overflow Vulnerability
BugTraq ID: 6874
Remote: No
Date Published: Feb 17 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6874
Summary:
Rich Text Format (RTF) files are parsed by the riched20.dll library on
Windows platforms. This library is included in most versions of Windows
and may also be installed by other applications that are required to parse
.rtf files.
Reportedly, it is possible to overrun a buffer in riched20.dll, causing
the calling application (such as Microsoft Outlook or Word) to fail.
This buffer can be overrun by including more than 65536 bytes of data in
an attribute label contained in the .rtf file. Arbitrary code execution
may be possible.
This vulnerability may be related to BID 807.
** Some reports indicate that this vulnerability could not be reproduced
on riched20.dll v.3.0 (5.30.23.1200) running on Windows NT.
4. PHP CGI SAPI Code Execution Vulnerability
BugTraq ID: 6875
Remote: Yes
Date Published: Feb 17 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6875
Summary:
PHP is a freely available, open source web scripting language package. It
is available for Microsoft Windows, Linux, and Unix operating systems.
An unspecified vulnerability has been reported in the CGI SAPI of PHP
version 4.3.0.
Direct access to the CGI binary can be prevented by using the
configuration option '--enable-force-cgi-redirect' and the php.ini option
'cgi.force_redirect'.
The report states that an unspecified bug could render these options
useless, allowing a remote user to directly access the CGI binary. This
could allow an attacker to read any file that is readable by the web
server user, or to potentially execute arbitrary PHP code. The attacker
would have to be able to inject the PHP code into a file accessible by the
CGI binary, such as the web server access logs.
5. IBM Lotus Domino HTTP Redirect Buffer Overflow Vulnerability
BugTraq ID: 6870
Remote: Yes
Date Published: Feb 17 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6870
Summary:
Lotus Domino Server is an application framework for web based
collaborative software. It runs on multiple platforms including Microsoft
Windows and Unix.
It has been reported that Lotus Domino 6 is affected by a buffer overflow
vulnerability. The condition occurs when the server constructs a HTTP
redirect response.
According to the report, the client-supplied "HOST" HTTP header field is
copied into a local buffer without bounds checking. Consequently, a
buffer overflow occurs if the HOST parameter is of excessive length.
Attackers may exploit this vulnerability by identifying and then
requesting, with a malicious HOST parameter in the request header, a
specific document that causes the server to respond with a redirect.
Successful exploitation of this vulnerability may result in attackers
gaining control of affected servers.
6. BitchX Malformed RPL_NAMREPLY Denial Of Service Vulnerability
BugTraq ID: 6880
Remote: Yes
Date Published: Feb 18 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6880
Summary:
BitchX is a freely available, open source IRC client. It is available for
Unix, Linux, and Microsoft operating systems.
A problem with BitchX could make it possible for a malicious IRC server to
crash a vulnerable client.
It has been reported that BitchX does not properly handle some types of
replies contained in the RPL_NAMREPLY numeric. When a malformed reply is
received by the client, the client crashes, resulting in a denial of
service.
The problem occurs through the handling of the 353 IRC numeric. It is
suspected that this vulnerability may also make possible the execution of
arbitrary code. In the event that this is possible, code executed through
this vulnerability would be in the context of the BitchX user. This could
allow a remote attacker access to the system on which the affected client
is running with the privileges of the BitchX user.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Windows2000 QuickLaunch (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312594
2. MS Software Update Service (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312595
3. AW: MS Software Update Service (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312591
4. Restricting CmdExec Rights to Sysadmin (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312598
5. Windows station permissions, remote control programs,lower priviledge accounts (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312551
6. AW: Restricting CmdExec Rights to Sysadmin (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312547
7. [despammed] Defeating password cracking (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312549
8. Windows station permissions, remote control programs, lower priviledge accounts (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312548
9. Defeating password cracking (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312358
10. Website inside or outside domain (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312264
11. Ye Olde OWA Topic (Was Website inside or outside domain) (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312267
12. Unhappy face icon on NT 4 workstation (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312266
13. SecurityFocus Microsoft Newsletter #125 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312265
14. website inside or outside the domain? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312248
15. Windows 2000 Static arp not static (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/312241
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Steganos Online Shield
by Steganos
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL:
http://www.steganos.com/en/sos/index.htm
Summary:
Features are: - Hackers can delete your data every time you are online.
Protect yourself with the new Steganos Online Shield. - In the event of
danger, simply cut the Internet connection. With one click. - No program
can come in or go out without your permission: You are thus always in
control. - Is your computer online while you are not there? No problem:
you can be informed of averted attacks via SMS. - If you want, your PC
will be "invisible" - thanks to CMP message blocker. Thanks to precise
protocols, you always have a full overview of all processes. - Easy to
use. - Protect yourself against hacker attacks: Send an omission mail to
the provider!
2. East-Tec DiskSanitizer GOV
by EAST Technologies
Platforms: DOS, Linux, UNIX, Windows 2000, Windows 95/98, Windows NT
Relevant URL:
http://www.east-tec.com/dsksanit/index.htm
Summary:
East-Tec DiskSanitizer is a software product designed to remove all traces
of information from a hard disk. East-Tec DiskSanitizer completely
eliminates data from the entire hard disk: every sector and every bit of
information is overwritten and destroyed beyond recovery. East-Tec
DiskSanitizer is based on the East-Tec Advanced Data Removal Technology, a
collection of highly secure data removal capabilities designed to provide
protection against ALL methods of data recovery.
3. Disk Amnesia
by Professional Help Computer Services
Platforms: N/A
Relevant URL:
http://www.professionalhelp.com/diskamnesia.html
Summary:
Disk Amnesia(tm) is a low-level disk clearing and sanitization tool that
uses the computer?s BIOS to identify all physical drives attached to the
computer including SCSI drives (if the SCSI card has a BIOS installed).
V. NEW TOOLS FOR MICROSOFT PLATFORMS
-------------------------------------
1. PlexCrypt v3.1
by plexobject
Relevant URL:
http://www.plexobject.com/software/plexcrypt/index.html
Platforms: AIX, HP-UX, IRIX, Linux, POSIX, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT
Summary:
PlexCrypt is a GUI that allows a set of files or folders to compress using
the Zip format. In addition, it encrypts and decrypts a set of files or a
set of folders using AES, Blowfish, CAST, DES, ElGamal, IDEA, IES, RC4,
RC6, RSA, Rijndael, Serpent Skipjack, Twofish, etc. It allows users to
create digital signatures and digest and verify them. It also allows users
to create and manage digital certificates for encryption and signatures.
2. Traffik tool Troll v0.7
by Alexander Newald alexander@newald.de
Relevant URL:
http://linux.newald.de/
Platforms: N/A
Summary:
The Traffik Tool Troll is a traffic monitoring and managing skript.
Traffic statistics are generated by port, hour, day, month, and year. You
can define a special period for your needs. The script is written in Perl
and uses iptables and MySQL to get and store the traffic.
3. labrea v2.5b1
by Tom Liston tliston@hackbusters.net
Relevant URL:
http://labrea.sourceforge.net/
Platforms: Os Independent
Summary:
labrea is a program that creates a "sticky honeypot" by taking over unused
IP addresses on a network and creating virtual machines that answer to
connection attempts. labrea answers those connection attempts in a way
that causes the machine at the other end to get "stuck", sometimes for a
very long time.
VI. SPONSOR INFORMATION
-----------------------
This issue is sponsored by: Captus Networks
Instantly identify and automatically stop:
- DDoS Attacks
- Port Scans
- Exploits from Unknown Worms and Viruses
With precise, real-time responses. Hands-on, online demo--launch and
mitigate live attacks. Visit us at:
http://www.captusnetworks.com/landing_pages/sfm
-------------------------------------------------------------------------------
- Next message: Marc Fossi: "Administrivia: Results"
- Previous message: Stuart Fox (DSL AK): "RE: Monitor Services on Windows machines"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
