SecurityFocus Microsoft Newsletter #128

From: Marc Fossi (mfossi@securityfocus.com)
Date: 03/10/03

  • Next message: Campbell, Ian C: "RE: Exchange/MAPI/RPC"
    Date: Mon, 10 Mar 2003 13:15:29 -0700 (MST)
    From: Marc Fossi <mfossi@securityfocus.com>
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #128
    ---------------------------------------

    I. FRONT AND CENTER
         1. Cryptographic Filesystems: Design and Implementation
         2. Windows Forensics - A Case Study: Part Two
         3. An Analysis of Simile
         4. Spam Wars Make Strange Bedfellows
         5. SecurityFocus DPP Program
         6. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL)
    II. MICROSOFT VULNERABILITY SUMMARY
         1. CoffeeCup Software Password Wizard Remote Password Retrieval...
         2. GTCatalog Remote File Include Vulnerability
         3. PY-Livredor index.php HTML Injection Vulnerability
         4. Pastel Accounting ACCUSER.DAT Obfuscation Weakness
         5. TCPDump Malformed ISAKMP Packet Denial Of Service...
         6. Logan Pro HTTP Header Code Injection Vulnerability
         7. iPlanet 6.0 Log Viewing Utility Concealed Log Entry Vulnerability
         8. SurfStats Log Analyzer Logfile HTML Injection Vulnerability
         9. WebLog Expert Logfile HTML Injection Vulnerability
         10. InstantServer ISMail Remote User Fields Buffer Overflow...
         11. Typo3 Showpic.PHP File Enumeration Vulnerability
         12. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File...
         13. Sendmail Header Processing Buffer Overflow Vulnerability
         14. WebLog Expert HTTP Header Code Injection Vulnerability
         15. iPlanet Log Analyzer Logfile HTML Injection Vulnerability
         16. Typo3 Log HTML Injection Vulnerability
         17. Typo3 Translations.PHP Remote File Include Vulnerability
         18. Typo3 Translations.PHP File Disclosure Vulnerability
         19. Typo3 Webroot Folders Information Disclosure Weakness
         20. Typo3 HTML Hidden Form Field Information Disclosure Weakness
         21. Netscape Communicator Password Disclosure Weakness
         22. Typo3 Runtime Error Page Information Disclosure Vulnerability
    III. MICROSOFT FOCUS LIST SUMMARY
         1. User rights on Terminal Services (Thread)
         2. Article Announcement: Windows Forensics - A Case Study: Part...
         3. Logging mechanism in IIS (was RE: code red---- on system that...
         4. Logging mechanism in IIS (was code red---- on system that is...
         5. code red---- on system that is already (and has been) patched...
         6. experiment supports concept of using host header names as...
         7. 5 security questions (Thread)
         8. SecurityFocus Microsoft Newsletter #127 (Thread)
         9. host header names as security devices (Thread)
         10. One Time Passwords (Thread)
    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
         1. Steganos Security Suite 4
         2. SSH Secure Shell for Windows Servers
         3. N2H2 Sentian
    V. NEW TOOLS FOR MICROSOFT PLATFORMS
         1. DiskZapper v1.0
         2. pkeytool v1.0.0
         3. NodeBrain v0.5.0

    I. FRONT AND CENTER
    -------------------
    1. Cryptographic Filesystems: Design and Implementation
    By Ido Dubrawsky

    Cryptographic filesystems have recently come to the forefront of security.
    This article will discuss some of the background and technology of
    cryptographic filesystems and will then cover some example implementations
    of these filesystems including Microsoft's Encrypting File System for
    Windows 2000, the Linux CryptoAPI, and the Secure File System.

    http://www.securityfocus.com/infocus/1673

    2. Windows Forensics - A Case Study: Part Two
    By Stephen Barish

    This article is the second in a two-part series that will offer a case
    study of forensics in a Windows environment. This article deals with
    determining the scope of the compromise, and understanding what the
    attacker is trying to accomplish at the network level. Along the way,
    we'll be discussing some tools and techniques that are useful in this type
    of detective work.

    http://www.securityfocus.com/infocus/1672

    3. An Analysis of Simile
    by Adrian Marinescu

    Virus writers have always tried to develop new methods to make malware
    detection more difficult. For instance, encryption was a natural step in
    virus evolution when scanners started to use databases with scan strings
    for detection. When scanners started to handle encryption patterns
    generically, first oligomorphism (a limited form of polymorphism - the
    polymorphic decryptor can have a strictly limited, relatively small number
    of shapes) and then polymorphism were introduced.

    http://www.securityfocus.com/infocus/1671

    4. Spam Wars Make Strange Bedfellows
    By Jon Lasser

    The open-source community is closer than ever to curing the spam problem,
    but they'll have to hold their noses and help out Windows users to get
    there.

    http://www.securityfocus.com/columnists/146

    5. SecurityFocus DPP Program

    Attention Universities!! Sign-up now for preferred pricing on the only
    global early-warning system for cyber attacks - SecurityFocus DeepSight
    Threat Management System.

    Click here for more information:
    http://www.securityfocus.com/corporate/products/dpsection.shtml

    6. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

    Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

    Solutions to todays security concerns; hands-on experts; blockbuster
    vendor expo; the CISO Executive Summit; invaluable networking
    opportunities. InfoSec World has it all!

    Go to: http://www.misti.com/10/os03nl37inf.html

    II. BUGTRAQ SUMMARY
    -------------------
    1. CoffeeCup Software Password Wizard Remote Password Retrieval Vulnerability
    BugTraq ID: 6995
    Remote: Yes
    Date Published: Mar 01 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6995
    Summary:

    Password Wizard is a software package designed to offer password
    protection to web sites. It is available for the Microsoft Windows
    operating system.

    A problem with the software may make it possible for remote users to gain
    unauthorized access to restricted resources.

    It has been reported that Password Wizard does not sufficiently protect
    usernames and passwords. In a default configuration, an attacker may be
    able to gain access to this information, and thus access to restricted
    resources.

    The problem is in the permissions of the file the credentials are stored
    in, in addition to the ability of an attacker to access this file
    remotely. An attacker could ascertain the name of the credentials file by
    viewing the HTML source of the login page, and download the file.

    The credentials file is typically the same name as the shockwave flash
    login page, with the extension of .apw vice .swf.

    2. GTCatalog Remote File Include Vulnerability
    BugTraq ID: 6998
    Remote: Yes
    Date Published: Mar 03 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6998
    Summary:

    GTCatalog is software designed to maintain a catalog of products. It is
    implemented in PHP and is available for a variety of platforms including
    Microsoft Windows and Linux variant operating systems.

    GTCatalog is prone to an issue that may allow remote attackers to include
    files located on attacker-controlled servers.

    This vulnerability is as a result of insufficient sanitization performed
    on remote user supplied data. Specifically the PHP script file 'index.php'
    is vulnerable to this issue.

    Under some circumstances, it is possible for remote attackers to influence
    the include path for files ending with '.custom.inc' to point to an
    external file on a remote server by manipulating the '$function' and
    '$custom' URI parameters.

    If the remote file is a malicious file, this may be exploited to execute
    arbitrary system commands in the context of the web server.

    This vulnerability was reported for GTCatalog 0.9.1 and earlier.

    3. PY-Livredor index.php HTML Injection Vulnerability
    BugTraq ID: 6997
    Remote: Yes
    Date Published: Mar 03 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6997
    Summary:

    PY-Livredor is freely available guestbook software. It will run on most
    Unix and Linux variants, as well as Microsoft Windows operating systems.

    PY-Livredor does not adequately filter HTML tags from various fields on
    the 'index.php' page. Specifically, an attacker may be able to insert
    malicious HTML code into the "titre", "Votre pseudo", "Votre e-mail",
    "Votre message" fields.

    The attacker's code may be executed in the web client of users who view
    the pages generated by the guestbook, in the security context of the
    website hosting the software.

    Attackers may potentially exploit this issue to hijack web content or to
    steal cookie-based authentication credentials.

    This vulnerability has been reported for PY-Livredor version 1.0.

    4. Pastel Accounting ACCUSER.DAT Obfuscation Weakness
    BugTraq ID: 7003
    Remote: No
    Date Published: Mar 03 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/7003
    Summary:

    Pastel Accounting is financial software for Microsoft Windows operating
    systems.

    Pastel Accounting is reported to store sensitive user and security
    information on the local system using a trivially reversible obfuscation
    method. This information is stored in the 'ACCUSER.DAT' file in each
    particular client folder. 'ACCUSER.DAT' stores username/password
    information for individual client accounts.

    The information in this file is obfuscated by rotating the characters in
    the original string. For example, the string "ABCDEFGH" will be stored as
    "stuvwxyz" in 'ACCUSER.DAT'.

    Malicious users with read access to this file may easily gain access to
    sensitive information. This will also permit malicious users with write
    access to the file to modify data, since the software does not verify the
    contents of this file any further.

    This issue was reported in Pastel Account version 6.0-6.12. Other
    versions may also be affected.

    5. TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability
    BugTraq ID: 6974
    Remote: Yes
    Date Published: Feb 27 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6974
    Summary:

    tcpdump is a freely available, open source network monitoring tool. It is
    available for the Unix, Linux, and Microsoft Windows operating systems.

    A vulnerability in the processing of some packet types may result in an
    inability to further use the tcpdump application.

    It has been reported that tcpdump is vulnerable to a denial of service
    when some packet types are received. By sending a maliciously formatted
    packet to a system using a vulnerable version of tcpdump, it is possible
    for a remote user to cause tcpdump to ignore network traffic from the time
    the packet is received until the application is terminated and restarted.

    The problem is in the handling of ISAKMP packets. When tcpdump receives a
    maliciously crafted ISAKMP packet, the application enters an infinite loop
    and ceases to further monitor network traffic. This could allow the
    passing of undetected network traffic that would typically be seen by
    tcpdump.

    6. Logan Pro HTTP Header Code Injection Vulnerability
    BugTraq ID: 7010
    Remote: Yes
    Date Published: Mar 04 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/7010
    Summary:

    Logan Pro is a Web Log Analysis Tool for Microsoft Windows platforms that
    reads the log file created by a web server and generates a comprehensive
    report.

    A vulnerability has been discovered in Logan Pro. Under certain
    circumstances an attacker may embed HTML code into the HTTP header section
    of a web log entry. Due to insufficient sanitization of HTTP header
    information, Logan Pro reports that are derived from malicious web logs
    may incorporate the arbitrary attacker supplied HTML code.

    Specifically, embedding HTML code into a HTTP header, such as 'UserAgent',
    may result in attacker-supplied code being executed in Logan Pro log
    reports.

    Successful exploitation of this issue would result in the execution of
    HTML commands when viewing reports generated by Logan Pro. All commands
    executed in this manner would be run within context of the browser used to
    view the report.

    This vulnerability was reported for Logan Pro version 1.2 previous
    versions may also be affected.

    7. iPlanet 6.0 Log Viewing Utility Concealed Log Entry Vulnerability
    BugTraq ID: 7012
    Remote: Yes
    Date Published: Mar 04 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/7012
    Summary:

    iPlanet is an HTTP server product. It is available for a number of
    platforms, including Unix and Linux variants and Microsoft Windows
    operating systems.

    A vulnerability has been reported for iPlanet that may conceal malicious
    log entries from the 'View Access Log' and 'View Error Log' utilities. The
    problem occurs due to the utilities' parsing of the 'Format=' string,
    which is typically used to specify log entry formatting.

    An attacker can exploit this vulnerability by generating a log entry using
    a hostname which is prepended with the 'Format=' string. Because the data
    supplied as the 'Format' will not be recognized by the said utilities, the
    log entry will be not be shown.

    It should be noted that viewing the log data with other utilities, such as
    a text-based editor, will disclose the malicious entries.

    8. SurfStats Log Analyzer Logfile HTML Injection Vulnerability
    BugTraq ID: 7014
    Remote: Yes
    Date Published: Mar 04 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/7014
    Summary:

    SurfStats Log Analyzer is software for viewing webserver logs. It is
    available for Microsoft Windows operating systems.

    SurfStats Log Analyzer does not sufficiently sanitize HTML when logging
    requests. If malicious data containing HTML and script code is logged and
    then viewed using the software, exploitation will occur. Through
    exploitation of this issue, it will be possible to falsify log information
    and execute arbitrary script code in the web client of the user viewing
    the logs.

    This issue has been demonstrated when the log analysis software renders a
    malicious hostname which contains hostile HTML or script code, which was
    logged when the server did an inverse lookup of hostname data. This is
    only one possible scenario, and it is likely that data other than the
    hostname is not sufficiently filtered.

    9. WebLog Expert Logfile HTML Injection Vulnerability
    BugTraq ID: 7016
    Remote: Yes
    Date Published: Mar 04 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/7016
    Summary:

    WebLog Expert is software for viewing webserver logs. It is available for
    Microsoft Windows operating systems.

    WebLog Expert does not sufficiently sanitize HTML when logging requests.
    If malicious data containing HTML and script code is logged and then
    viewed using the software, exploitation will occur. Through exploitation
    of this issue, it will be possible to falsify log information and execute
    arbitrary script code in the web client of the user viewing the logs.

    This issue has been demonstrated when the log analysis software renders a
    malicious hostname which contains hostile HTML or script code, which was
    logged when the server did an inverse lookup of hostname data. This is
    only one possible scenario, and it is likely that data other than the
    hostname is not sufficiently filtered.

    10. InstantServer ISMail Remote User Fields Buffer Overflow Vulnerability
    BugTraq ID: 6972
    Remote: Yes
    Date Published: Feb 27 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6972
    Summary:

    ISMail is a commercially available mail server implementation by
    InstantServers. It is available for the Microsoft Windows operating
    system.

    A problem with ISMail could make it possible for a remote attacker to
    execute arbitrary code on systems using vulnerable software.

    It has been reported that ISMail does not properly handle long strings
    under some circumstances. When an email containing specifically crafted
    strings in various fields of the email header is passed through the
    server, a buffer overflow occurs. This could be exploited to execute code
    on vulnerable server.

    The problem is in the RCPT TO and FROM fields. When domain names of
    excessive length are supplied in these fields, a stack overflow occurs.
    This problem could be exploited to execute code with the privileges of the
    ISMail process, which is typically run as SYSTEM.

    11. Typo3 Showpic.PHP File Enumeration Vulnerability
    BugTraq ID: 6982
    Remote: Yes
    Date Published: Feb 28 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6982
    Summary:

    TYPO3 is a web-based content management system. It is available for
    Microsoft Windows operating systems and Unix and Linux variants.

    TYPO3 is prone to a vulnerability that will allow remote attackers to
    enumerate whether or not files exist on the system hosting the software.
    This issue exists in the 'showpic.php' and 'thumbs.php' scripts and may be
    exploited by submitting a malicious request for a file (including the
    relative path). These scripts will return information about whether or
    not a file exists.

    This type of information may be useful in mounting further attacks against
    the host system, since the scripts will reveal information about the
    layout of the host's filesystem.

    12. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File Disclosure Vulnerability
    BugTraq ID: 6990
    Remote: Yes
    Date Published: Feb 28 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6990
    Summary:

    QuickTime/Darwin Streaming Administration Server is server technology
    which allows you to send streaming QuickTime data to clients across the
    Internet.

    A file retrieval vulnerability has been reported for QuickTime/Darwin
    Streaming Server (SS). The vulnerability exists due to insufficient
    sanitization of some parameters given to the parse_xml.cgi script.
    Specifically, directory traversal sequences are not sanitized from the
    value supplied to the 'filename' URI parameter. Information obtained in
    this manner may be used by an attacker to launch more organinzed attacks
    against a vulnerable system.

    An attacker may exploit this vulnerability by making a request to the
    parse_xml.cgi script containing dot-dot-slash ('../') sequences followed
    by a filename. When the malicious request is processed, the Streaming
    Server will disclose the contents of the file to an attacker.

    This vulnerability was tested on SS for Microsoft Windows systems. Linux
    versions of Darwin SS are reportedly not vulnerable to this issue.

    13. Sendmail Header Processing Buffer Overflow Vulnerability
    BugTraq ID: 6991
    Remote: Yes
    Date Published: Mar 02 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6991
    Summary:

    Sendmail is a widely used MTA for Unix and Microsoft Windows systems.

    A remotely exploitable vulnerability has been discovered in Sendmail.
    The vulnerability is due to a buffer overflow condition in the SMTP header
    parsing component. Remote attackers may exploit this vulnerability by
    connecting to target SMTP servers and transmitting to them malformed SMTP
    data.

    The overflow condition occurs when Sendmail processes addresses or lists
    of addresses in fields such as "From:" or "CC:". One of the checks to
    ensure that the addresses are valid is flawed, resulting in a buffer
    overflow condition. Successful attackers may exploit this vulnerability
    to gain root privileges on affected servers remotely.

    It has been reported that this vulnerability may possibly be locally
    exploitable if the sendmail binary is setuid/setgid.

    Versions 5.2 to 8.12.7 are affected. Administrators are advised to
    upgrade to 8.12.8 or apply available patches to prior versions of the 8.x
    tree.

    14. WebLog Expert HTTP Header Code Injection Vulnerability
    BugTraq ID: 7015
    Remote: Yes
    Date Published: Mar 04 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/7015
    Summary:

    WebLog Expert is a Web Log Analysis Tool for Microsoft Windows platforms
    that reads the log file created by a web server and generates a
    comprehensive report.

    A vulnerability has been discovered in WebLog Expert. Under certain
    circumstances an attacker may embed HTML code into the HTTP header section
    of a web log entry. Due to insufficient sanitization of HTTP header
    information, WebLog Expert reports that are derived from malicious web
    logs may incorporate the arbitrary attacker supplied HTML code.

    Specifically, embedding HTML code into a HTTP header, such as 'UserAgent',
    may result in attacker-supplied code being executed in WebLog Expert log
    reports.

    Successful exploitation of this issue would result in the execution of
    HTML commands when viewing reports generated by WebLog Expert. All
    commands executed in this manner would be run within context of the
    browser used to view the report.

    This vulnerability was reported for WebLog Expert version 1.6.1 other
    versions may also be affected.

    15. iPlanet Log Analyzer Logfile HTML Injection Vulnerability
    BugTraq ID: 7017
    Remote: Yes
    Date Published: Mar 04 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/7017
    Summary:

    iPlanet is an enterprise web server software package with a built-in tool
    for viewing webserver logs. It is available for Microsoft Windows, Unix,
    and Linux operating systems.

    iPlanet does not sufficiently sanitize HTML when logging requests. If
    malicious data containing HTML and script code is logged and then viewed
    using the log viewing software, exploitation will occur. Through
    exploitation of this issue, it will be possible to falsify log information
    and execute arbitrary script code in the web client of the user viewing
    the logs.

    This issue has been demonstrated when the log analysis software renders a
    malicious hostname which contains hostile HTML or script code, which was
    logged when the server did an inverse lookup of hostname data. This is
    only one possible scenario, and it is likely that data other than the
    hostname is not sufficiently filtered.

    This issue occurs when viewing logs in both HTML and text mode.

    16. Typo3 Log HTML Injection Vulnerability
    BugTraq ID: 6983
    Remote: Yes
    Date Published: Feb 28 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6983
    Summary:

    TYPO3 is a web-based content management system. It is available for
    Microsoft Windows operating systems and Unix and Linux variants.

    TYP03 logs all system and access related errors in the TYPO3 database and
    provides a facility for administrators to view this information from the
    web. However, data is not sanitized of HTML before being logged. As a
    result, remote attackers may inject malicious HTML and script code into
    log files. When these logs are viewed, the hostile code will be
    interpreted in the web client of the user viewing the logs.

    This may allow for theft of administrative cookie-based authentication
    credentials and other attacks.

    17. Typo3 Translations.PHP Remote File Include Vulnerability
    BugTraq ID: 6984
    Remote: Yes
    Date Published: Feb 28 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6984
    Summary:

    TYPO3 is a web-based content management system. It is available for
    Microsoft Windows operating systems and Unix and Linux variants.

    TYPO3 is prone to an issue that may allow remote attackers to include
    files located on attacker-controlled servers.

    This vulnerability is as a result of insufficient sanitization performed
    on remote user supplied data used by a URI parameter of the
    'translations.php' PHP page.

    Under some circumstances, it is possible for remote attackers to influence
    the path for an include file to point to an external file by manipulating
    the '$ONLY' URI parameter.

    If the remote file is a malicious file, this may be exploited to execute
    arbitrary system commands in the context of the web server.

    18. Typo3 Translations.PHP File Disclosure Vulnerability
    BugTraq ID: 6985
    Remote: Yes
    Date Published: Feb 28 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6985
    Summary:

    TYPO3 is a web-based content management system. It is available for
    Microsoft Windows operating systems and Unix and Linux variants.

    TYPO3 does not sufficiently sanitize input submitted via URI parameters of
    potentially malicious data. This issue exists in the 'translations.php'
    script. Specifically, variations of directory traversal sequences and
    null characters (%00) may be specified as a value for the 'ONLY' URI
    parameter. By submitting a malicious web request to this script that
    contains a relative path to a resource and a null character (%00), it is
    possible to retrieve arbitrary files that are readable by the web server
    process.

    Successful exploitation will permit the attacker to gain access to
    sensitive information that may aid in mounting further attacks against the
    system hosting the software.

    19. Typo3 Webroot Folders Information Disclosure Weakness
    BugTraq ID: 6988
    Remote: Yes
    Date Published: Feb 28 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6988
    Summary:

    TYPO3 is a web-based content management system. It is available for
    Microsoft Windows operating systems and Unix and Linux variants.

    It has been reported that TYPO3 installs, by default, several directories
    into the TYPO3 webroot. These directories are reportedly readable or
    lacking sufficient authentication mechanisms and contain log,
    configuration and script files. This weakness may result in the disclosure
    of sensitive system based information to malicious web users.

    The following directories and files have been reported to be prone to this
    issue: /install /fileadmin/ /typo3conf/

    The information gathered as a result of this weakness may be used in
    further attacks against the system.

    20. Typo3 HTML Hidden Form Field Information Disclosure Weakness
    BugTraq ID: 6993
    Remote: Yes
    Date Published: Feb 28 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6993
    Summary:

    TYPO3 is a web-based content management system. It is available for
    Microsoft Windows operating systems and Unix and Linux variants.

    Clients of TYPO3 systems may access potentially sensitive data that have
    been obfuscated through hidden form fields. Such fields may contain
    potentially sensitive information which may provide determined attackers
    with valuable information which may be useful in exploiting other known
    issues in the software.

    This vulnerability was reported for TYPO3 3.5b5.

    21. Netscape Communicator Password Disclosure Weakness
    BugTraq ID: 6981
    Remote: No
    Date Published: Feb 28 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6981
    Summary:

    Netscape Communicator is a combined web browser and e-Mail Client
    developed for a variety of platforms including Microsoft Windows, Linux
    and Unix variant operating environments.

    It has been reported that the Netscape Communicator roaming profile
    function may store sensitive user credentials in the 'prefs.js'
    configuration file using plaintext or easily disclosed format.

    This weakness may result in an attacker accessing sensitive user
    credentials that may be used in further attacks launched against the
    system.

    Conflicting details have been reported suggesting that perhaps this issue
    may be due to a user initiated configuration change and that password data
    may be encrypted using a trivial XOR based encryption algorithm by
    default.

    This report is closely related to the issue described in BID 6215.

    22. Typo3 Runtime Error Page Information Disclosure Vulnerability
    BugTraq ID: 6986
    Remote: Yes
    Date Published: Feb 28 2003 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6986
    Summary:

    TYPO3 is a web-based content management system. It is available for
    Microsoft Windows operating systems and Unix and Linux variants.

    An information disclosure vulnerability has been reported for TYPO3. The
    vulnerability exists in several 'test', 'class' and 'library' scripts that
    are included with TYPO3.

    These scripts may be forced to execute and generate runtime errors. When
    these errors occur, the scripts will output path information.

    Information obtained in this manner may be used by an attacker to launch
    further attacks against a vulnerable system.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. User rights on Terminal Services (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/314283

    2. Article Announcement: Windows Forensics - A Case Study: Part Two (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/314229

    3. Logging mechanism in IIS (was RE: code red---- on system that is already (and has been) patched) (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/314217

    4. Logging mechanism in IIS (was code red---- on system that is already (and has been) patched) (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/314106

    5. code red---- on system that is already (and has been) patched (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/313851

    6. experiment supports concept of using host header names as security layer (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/313859

    7. 5 security questions (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/313780

    8. SecurityFocus Microsoft Newsletter #127 (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/313685

    9. host header names as security devices (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/313617

    10. One Time Passwords (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/313616

    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
    ----------------------------------------
    1. Steganos Security Suite 4
    by Steganos
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL:
    http://www.steganos.com/en/sss/index.htm
    Summary:

    A complete, easy-to-use security package that encrypts and conceals your
    data. The Steganos Safe is a secure hard drive, which disappears at the
    click of a button. Thanks to on-the-fly-encryption, 1 GB of data can be
    encrypted in less than a second. Create encrypted e-mail attachments.
    Includes Internet Trace Destructor, file shredder, e-mail encryption,
    password manager and computer locking.

    2. SSH Secure Shell for Windows Servers
    by SSH Communications Security
    Platforms: N/A
    Relevant URL:
    http://www.ssh.com/products/security/secureshellwinserver/
    Summary:

    SSH Secure Shell for Windows Servers is an award-winning SSH server
    implementation for servers running a Microsoft Windows operating systems.
    The Microsoft Windows NT, 2000 and XP operating systems are increasingly
    being used as server platforms in organizations around the world, and SSH
    Secure Shell for Windows Servers solves the problem of providing secure
    management access to the business-critical services on these servers.

    3. N2H2 Sentian
    by N2H2
    Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL:
    http://www.n2h2.com/products/sentian_home.php
    Summary:

    Sentian filtering software works with a wide variety of implementations to
    meet the needs of organizations both large and small. Whichever device you
    prefer, every Sentian product uses the categorized filtering database
    recognized as the most effective available.

    V. NEW TOOLS FOR MICROSOFT PLATFORMS
    -------------------------------------
    1. DiskZapper v1.0
    by Phil Howard
    Relevant URL:
    http://diskzapper.com/
    Platforms: N/A
    Summary:

    DiskZapper is a Linux-based bootable (floppy or CD-ROM) tool intended to
    wipe all hard drives on the machine it runs on to binary zero. This is
    intended for uses such as making sure old computers or hard drives being
    sold or trashed are clear of any confidential data, and to be sure certain
    computers are clear of any unlicensed software in the event the software
    piracy police visit. It comes in the form of a floppy image (ready to dd
    or rawrite) or a CD ISO image (ready to burn to CDR). No other software or
    OS required. This is a dangerous tool. Please store out of reach of
    children.

    2. pkeytool v1.0.0
    by David Green
    Relevant URL:
    http://pkeytool.couchpotato.net
    Platforms: Os Independent
    Summary:

    pkeytool takes over where the JDK's keytool leaves off by allowing users
    to work with private keys.

    3. NodeBrain v0.5.0
    by Ed Trettevik
    Relevant URL:
    http://www.nodebrain.org
    Platforms: Os Independent
    Summary:

    NodeBrain is a rule-based state and event monitoring agent. It is an
    interpreter of the NodeBrain command language that includes commands for
    rule definition, state assertion and event alerting. It can be used for
    system health monitoring or other applications requiring automated
    response to state changes and patterns of events from application logs and
    other sources. It supports a peer-to-peer application protocol called NBP
    to enable event streams between agents within a network. Peers are
    authenticated and communication is encrypted. Store-and-forward queues are
    used to tolerate network, system, and peer outages. Integration with other
    applications is accomplished through a command line interface (CLI). This
    tool is intended for developers, as construction of a monitoring
    application using NodeBrain is a programming activity. A programmer must
    develop NodeBrain event correlation rules, input commands for state and
    event collection, and output commands for responses as required by a
    specific application.


  • Next message: Campbell, Ian C: "RE: Exchange/MAPI/RPC"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #131
      ... MICROSOFT VULNERABILITY SUMMARY ... Advanced Poll Remote Information Disclosure Vulnerability ... PHPNuke News Module Article.PHP SQL Injection Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #229
      ... Windows NTFS Alternate Data Streams ... MICROSOFT VULNERABILITY SUMMARY ... VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab... ... AWStats Debug Remote Information Disclosure Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #237
      ... MICROSOFT VULNERABILITY SUMMARY ... JPortal Banner.PHP SQL Injection Vulnerability ... Microsoft Windows Kernel Object Management Denial Of Service... ... Microsoft Windows Message Queuing Remote Buffer Overflow Vul... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #211
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Kernel Local Denial of Service Vulnerabili... ... OCPortal Content Management System Remote File Include Vulne... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #260
      ... MICROSOFT VULNERABILITY SUMMARY ... Remote: Yes ... attacker to execute arbitrary code on a vulnerable computer with SYSTEM ...
      (Focus-Microsoft)