SecurityFocus Microsoft Newsletter #131
From: Marc Fossi (mfossi@securityfocus.com)
Date: 03/31/03
- Previous message: Robert Schild: "Re: USB Tokens"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 31 Mar 2003 10:01:57 -0700 (MST) From: Marc Fossi <mfossi@securityfocus.com> To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #131
---------------------------------------
This Issue is Sponsored By: NetIQ
Need security policies? Don't start from scratch..."Information Security
Policies Made Easy" is the best security policy resource guide you can
buy with 1300+ ready-to-use security policies that can be quickly
customized for any company. Build best practice security policies in
half the time and expense. Also check out "Information Security Roles &
Responsibilities Made Easy. "
Download a free policy now at http://www.netiq.com/order/publications.asp
------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Virus Hoaxes and the Real Dangers They Pose
2. Too Cool For Secure Code
3. Uncle Roger's Folly
4. SecurityFocus DPP Program
II. MICROSOFT VULNERABILITY SUMMARY
1. Advanced Poll Remote Information Disclosure Vulnerability
2. PHPNuke News Module Article.PHP SQL Injection Vulnerability
3. PHPNuke News Module Index.PHP SQL Injection Vulnerability
4. PHP socket_recvfrom() Signed Integer Memory Corruption...
5. PHPNuke Viewpage.PHP File Disclosure Vulnerability
6. Joel Palmius Mod_Survey Data Injection Vulnerability
7. PHPNuke Forum Module Viewtopic.php SQL Injection Vulnerability
8. PHPNuke Forum Module Viewforum.PHP SQL Injection Vulnerability
9. ProtWare HTML Guardian Encryption Weakness
10. PHPNuke Banners.PHP Banner Manager Password Disclosure...
11. PHP socket_iovec_alloc() Integer Overflow Vulnerability
12. Symantec Enterprise Firewall HTTP Pattern Matching Evasion...
13. PHP socket_recv() Signed Integer Memory Corruption Vulnerability
14. PHP emalloc() Unspecified Integer Overflow Memory Corruption...
15. Microsoft ActiveSync Null Pointer Dereference DOS...
16. OSCommerce Error_Message Cross-Site Scripting Vulnerability
17. SafeBoot User Enumeration Weakness
18. OSCommerce Info_Message Cross-Site Scripting Vulnerability
19. OSCommerce Checkout_Payment.PHP Error Output Cross-Site...
20. OSCommerce Account_History_Info.PHP HTML code injection...
21. OSCommerce Checkout_Confirmation.PHP Comment HTML Injection...
22. Check Point VPN-1/Firewall-1 Remote Syslog Data Resource...
III. MICROSOFT FOCUS LIST SUMMARY
1. USB Tokens (Thread)
2. Expire accounts from Active Directory after a period of...
3. SMB Brute Force (Thread)
4. MS03-007 Round-up (Thread)
5. SecurityFocus Microsoft Newsletter #130 (Thread)
6. Article Announcement: Why the Dogs of Cyberwar Stay Leashed...
7. Anyone have hard evidence of problems with Windows Automatic...
8. Anyone have hard evidence of problems with WindowsAutomatic...
9. Anyone have hard evidence of problems with Windows Automatic...
10. Anyone have hard evidence of problems with Windows Automatic...
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Event Log Monitor
2. F-Secure Anti-Virus Total Suite
3. FAZAM 2000
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. FTimes v3.2.1
2. Glub Tech Secure FTP v2.0.3
3. VScan v1.0
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Virus Hoaxes and the Real Dangers They Pose
by Scott Granneman
Jerry Bryan immediately knew there was something wrong at his church. He
knew it the second he opened up the email from the pastor. As a highly
respected member of his church and a known technophile, Jerry was often
consulted by the pastor concerning technical matters. In this case,
however, the pastor was passing along a serious warning.
http://www.securityfocus.com/infocus/1678
2. Too Cool For Secure Code
By Jon Lasser
Until Unix and Linux programmers get over their macho love for low-level
programming languages, the security holes will continue to flow freely.
http://www.securityfocus.com/columnists/150
3. Uncle Roger's Folly
By George Smith
The Ganda virus shows why the Internet isn't the best source for reliable
war news, and malicious code isn't a good medium for anything.
http://www.securityfocus.com/columnists/151
4. SecurityFocus DPP Program
Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
II. BUGTRAQ SUMMARY
-------------------
1. Advanced Poll Remote Information Disclosure Vulnerability
BugTraq ID: 7171
Remote: Yes
Date Published: Mar 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7171
Summary:
Advanced Poll is a freely available, open source PHP script. It is
available for the UNIX, Linux, and Microsoft Operating Systems.
A problem with the program could reveal sensitive information.
It has been reported that an information disclosure vulnerability exists
in Advanced Poll. Because of this, a remote user to potentially access
privileged information that could lead to further attack against the host
and it's users.
The problem is in the default installation. By installing the program
according to specifications, it is possible for a remote user to traverse
the installation directory, and potentially gain access to sensitive
information about the Advanced Poll implementation.
2. PHPNuke News Module Article.PHP SQL Injection Vulnerability
BugTraq ID: 7172
Remote: Yes
Date Published: Mar 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7172
Summary:
PHPNuke is a freely available, open source content management system
written in PHP. It is available for Unix, Linux, and Microsoft Operating
Systems.
A problem with the software could allow a remote user to change user
credentials.
It has been reported that an input validation error exists in the
article.php file included with PHPNuke as part of the News module. Because
of this, an attacker could send a malicious string through PHPNuke that
would allow the attacker to manipulate the database, and gain unauthorized
access to user accounts.
This problem requires that the configuration variable magic_quotes_gpc be
turned off. Once this has been done, an attacker can inject limited SQL
statements into the database through the article.php file. Doing so
permits the attacker to submit information into the nuke_users table which
could be used to gain unauthorized access to the PHPNuke board.
An attacker could use this attack to modify a user's password or user
level.
3. PHPNuke News Module Index.PHP SQL Injection Vulnerability
BugTraq ID: 7173
Remote: Yes
Date Published: Mar 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7173
Summary:
PHPNuke is a freely available, open source content management system
written in PHP. It is available for Unix, Linux, and Microsoft Operating
Systems.
A problem with the software could allow a remote user to change article
information.
It has been reported that an input validation error exists in the
index.php file included with PHPNuke as part of the News module. Because
of this, an attacker could send a malicious string through PHPNuke that
would allow the attacker to manipulate the database and alter information
on articles posted on the site.
This problem requires that the configuration variable magic_quotes_gpc be
turned off, although it may also be present with limited impact when the
variable is turned on. Once this has been done, an attacker can inject
limited SQL statements into the database through the index.php file. Doing
so permits the attacker to submit information into the nuke_stories table,
which could be used to alter the title, intro, article, and author
information.
4. PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability
BugTraq ID: 7198
Remote: No
Date Published: Mar 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7198
Summary:
PHP is a freely available, open source web scripting language package. It
is available for Microsoft Windows, Linux, and Unix operating systems.
A vulnerability has been reported in PHP version 4.3.1 and earlier. The
problem occurs in the socket_recvfrom() and may allow an attacker to
corrupt memory.
The affected function fails to carry out sanity checks on values passed as
the 'len' argument. As a result, an attacker capable of passing a negative
integer as an argument, causing an integer used in a later calculation to
overflow.
If this integer overflows and is later used for memory allocation or data
writing, the procedure could occur at an unanticipated location. This
could be exploited to corrupt sensitive locations in process memory.
This may make it possible for an attacker to trigger a denial of service.
Although it has not been confirmed, it may also be possible to exploit
this issue to execute arbitrary code.
It should be noted that socket functionality is only included in PHP if
compiled with the "--enable-sockets" option.
5. PHPNuke Viewpage.PHP File Disclosure Vulnerability
BugTraq ID: 7191
Remote: Yes
Date Published: Mar 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7191
Summary:
PHPNuke is a freely available, open source content management system
written in PHP. It is available for Unix, Linux, and Microsoft Operating
Systems.
PHPNuke has been reported prone to a file disclosure vulnerability.
It has been reported that PHPNuke may disclose arbitrary web server
readable files if the requested file is supplied as the 'file' URI
parameter to the 'viewpage.php' script.
This may allow an attacker to obtain sensitive system information which
may aid in launching future attacks.
It should be noted that this issue reportedly affects PHPNuke version 6.5
when running a specific configuration, however other versions may also be
affected.
6. Joel Palmius Mod_Survey Data Injection Vulnerability
BugTraq ID: 7192
Remote: Yes
Date Published: Mar 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7192
Summary:
Mod_Survey is a mod_perl module for Apache which allows web users to
create online questionaires. It is maintained by Joel Palmius and will
run on Linux and Unix variants as well as Microsoft Windows.
Mod_Survey does not sufficiently sanitize data supplied via ENV tags.
ENV tags are a feature included with Mod_Survey to import values supplied
from environment variables into the data repository.
It has been reported by the vendor that this may allow for injection of
malicious data, including delimiter characters, into the data repository.
Exploitation may allow for manipulation of environment variables or the
possibility of executing database commands through injection of SQL
syntax. Other attacks may also be possible.
This is only an issue with surveys that use ENV tags. This issues occurs
with ENV tags which import data from environment variables that may be
potentially specified or influenced by a remote user (such as
'HTTP_USER_AGENT').
The consequences of exploitation could depend on the underlying database
implementation and configuration or other factors.
7. PHPNuke Forum Module Viewtopic.php SQL Injection Vulnerability
BugTraq ID: 7193
Remote: Yes
Date Published: Mar 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7193
Summary:
PHPNuke is a freely available, open source content management system
written in PHP. It is available for Unix, Linux, and Microsoft Operating
Systems.
A problem with PHPNuke could allow a remote user to change article
information.
It has been reported that an input validation error exists in the
'viewtopic.php' file included with PHPNuke as part of the Forum module.
Because of this, an attacker could send a malicious string through PHPNuke
that would allow the attacker to inject SQL commands and queries into the
SQL database used by PHPNuke.
Successful exploitation may allow for modification of the structure of SQL
queries, resulting in information disclosure, or database corruption. The
consequences depend on the nature of specific queries. This issue may
allow the attacker to exploit latent vulnerabilities in the underlying
database.
8. PHPNuke Forum Module Viewforum.PHP SQL Injection Vulnerability
BugTraq ID: 7194
Remote: Yes
Date Published: Mar 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7194
Summary:
PHPNuke is a freely available, open source content management system
written in PHP. It is available for Unix, Linux, and Microsoft Operating
Systems.
A problem with PHPNuke could allow a remote user to change article
information.
It has been reported that an input validation error exists in the
'viewforum.php' file included with PHPNuke as part of the Forum module.
Because of this, an attacker could send a malicious string through PHPNuke
that would allow the attacker to inject SQL commands and queries into the
SQL database used by PHPNuke.
Successful exploitation may allow for modification of the structure of SQL
queries, resulting in information disclosure, or database corruption. The
consequences depend on the nature of specific queries. This issue may
allow the attacker to exploit latent vulnerabilities in the underlying
database.
9. ProtWare HTML Guardian Encryption Weakness
BugTraq ID: 7169
Remote: Yes
Date Published: Mar 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7169
Summary:
ProtWare HTML Guardian is an application designed to encrypt sensitive
HTML and script code. It's functionality also includes image protection
and various other web based security procedures. It is available for the
Microsoft Windows operating system.
A weakness has been reported in the encryption scheme used by ProtWare
HTML Guardian.
Specifically, the encryption scheme merely obfuscates data using a simple
bit shifting technique. This may make it trivial for attackers to reverse
the protected data. As an example, supplying HTML Guardian with "abcdefgh"
will return "acegbdfh" as the encrypted text.
Administrators may be relying on a false sense of security by implementing
the protection supplied by HTML Guardian.
Although it has not been confirmed, it is possible that this issue affects
the latest release of HTML Guardian. Earlier versions may also be
affected.
10. PHPNuke Banners.PHP Banner Manager Password Disclosure Vulnerability
BugTraq ID: 7170
Remote: Yes
Date Published: Mar 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7170
Summary:
PHPNuke is a freely available, open source content management system
written in PHP. It is available for Unix, Linux, and Microsoft Operating
Systems.
A problem with the software could allow a remote user to gain access to
sensitive information.
It has been reported that an input validation error exists in the
banners.php file included with PHPNuke. Because of this, an attacker
could send a malicious string through PHPNuke that would allow the
attacker to manipulate the database, and potentially access sensitive
information, then download it via the web.
This problem requires that the configuration variable magic_quotes_gpc be
turned off. Once this has been done, an attacker can inject limited SQL
statements into the database through the banners.php file. Doing so
permits the attacker to gain access to credentials for the banner manager.
11. PHP socket_iovec_alloc() Integer Overflow Vulnerability
BugTraq ID: 7187
Remote: No
Date Published: Mar 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7187
Summary:
PHP is a freely available, open source web scripting language package. It
is available for Microsoft Windows, Linux, and Unix operating systems.
A vulnerability has been reported in PHP version 4.3.1 and earlier. The
problem occurs in the socket_iovec_alloc() and may allow an attacker to
corrupt memory.
The affected function fails to carry out sanity checks on values passed as
the 'sockets' argument. As a result, an attacker capable of passing a
large integer as an argument, causing an integer used in a later
calculation to overflow.
If this integer overflows and is later used for memory allocation or data
writing, the procedure could occur at an unanticipated location. This
could be exploited to corrupt sensitive locations in process memory.
This may make it possible for an attacker to trigger a denial of service.
Although it has not been confirmed, it may also be possible to exploit
this issue to execute arbitrary code.
It should be noted that socket functionality is only included in PHP if
compiled with the "--enable-sockets" option.
12. Symantec Enterprise Firewall HTTP Pattern Matching Evasion Weakness
BugTraq ID: 7196
Remote: Yes
Date Published: Mar 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7196
Summary:
Raptor Firewall is an enterprise level firewall originally developed by
Axent Technologies and is maintained and distributed by Symantec. Symantec
Enterprise Firewall is formerly known as Raptor firewall. It is available
for Microsoft Windows and Unix operating systems.
The Symantec Enterprise Firewall allows the blocking of HTTP requests with
URLs containing certain patterns. When a user inside the network
protected by the Enterprise Firewall makes an HTTP request containing a
pattern matching a 'urlpattern' rule, it will be blocked and the user will
receive a "403 Forbidden" error.
An internal user can bypass the URL pattern blocking by simply encoding
the blocked pattern using escaped characters, Unicode, or UTF-8 encoding.
Thus an HTTP request that normally would have been blocked by the
Enterprise Firewall's pattern blocking will pass through successfully.
13. PHP socket_recv() Signed Integer Memory Corruption Vulnerability
BugTraq ID: 7197
Remote: No
Date Published: Mar 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7197
Summary:
PHP is a freely available, open source web scripting language package. It
is available for Microsoft Windows, Linux, and Unix operating systems.
A vulnerability has been reported in PHP version 4.3.1 and earlier. The
problem occurs in the socket_recv() and may allow an attacker to corrupt
memory.
The affected function fails to carry out sanity checks on values passed as
the 'len' argument. As a result, an attacker capable of passing a negative
integer as an argument, causing an integer used in a later calculation to
overflow.
If this integer overflows and is later used for memory allocation or data
writing, the procedure could occur at an unanticipated location. This
could be exploited to corrupt sensitive locations in process memory.
This may make it possible for an attacker to trigger a denial of service.
Although it has not been confirmed, it may also be possible to exploit
this issue to execute arbitrary code.
It should be noted that socket functionality is only included in PHP if
compiled with the "--enable-sockets" option.
14. PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability
BugTraq ID: 7199
Remote: No
Date Published: Mar 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7199
Summary:
PHP is a freely available, open source web scripting language package. It
is available for Microsoft Windows, Linux, and Unix operating systems.
A vulnerability has been reported in PHP version 4.3.1 and earlier. The
problem occurs in the emalloc() function and may allow an attacker to
corrupt memory.
The affected function reportedly fails to ensure that proper boundary
checks are performed on values supplied by a malicious user. This may
result in an integer overflow when emalloc() attempts to allocate memory.
This may make it possible for an attacker to trigger a condition which
could cause the PHP interpreter to crash.
Further details of this vulnerability are currently unknown. This BID will
be updated as more information becomes available.
15. Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability
BugTraq ID: 7150
Remote: Yes
Date Published: Mar 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7150
Summary:
Microsoft ActiveSync is software designed to synchronize with various
mobile devices.
A problem with ActiveSync could make it possible for remote users to deny
service to the service.
It has been reported that under some circumstances, the ActiveSync
wcescomm service can be forced to crash. Due to improper handling of some
requests, the wcescomm process becomes unstable. This can result in the
process crashing, requiring a manual restart to resume service.
An attacker can exploit this vulnerability by connecting to a vulnerable
system on TCP port 5679 and sending a specially crafted 'sync' packet.
This will cause the ActiveSync process, wcescomm, to dereference a NULL
pointer and will result in the process crashing.
This vulnerability was reported for ActiveSync 3.5. It is not known
whether other versions are affected.
16. OSCommerce Error_Message Cross-Site Scripting Vulnerability
BugTraq ID: 7151
Remote: Yes
Date Published: Mar 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7151
Summary:
osCommerce is open-source e-commerce software written in PHP. osCommerce
will run on most Unix and Linux variants as well as Microsoft Windows
operating systems.
It has been reported that osCommerce does not sufficiently filter HTML
code from URI parameters supplied to multiple osCommerce scripts that
include 'header.php'.
As a result of this deficiency, it is possible for a remote attacker to
create a malicious link containing script code that will be executed in
the browser of a legitimate user. Specifically the attacker can pass
malicious HTML code as the 'error_message' URI parameter for multiple
osCommerce pages. All code will be executed within the context of the
website running osCommerce.
This may allow for theft of cookie-based authentication credentials and
other attacks.
This vulnerability was reported to affect osCommerce version 2.2ms1, prior
versions are reportedly affected.
17. SafeBoot User Enumeration Weakness
BugTraq ID: 7152
Remote: No
Date Published: Mar 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7152
Summary:
SafeBoot is a commercial security product that includes features to force
authentication prior to booting a system. It is produced by Control Break
International and available for various Microsoft Windows platforms.
SafeBoot can be configured to authenticate via username/password
credentials in lieu of authentication through hardware tokens. SafeMode
leaks sensitive information when password based authentication is used.
When an authentication attempt fails, SafeBoot will respond with
information as to whether it was the username or password that was
incorrect. This will enable an attacker to guess valid usernames, which
will aid in brute-force attacks in an attempt to compromise SafeBoot
accounts.
18. OSCommerce Info_Message Cross-Site Scripting Vulnerability
BugTraq ID: 7153
Remote: Yes
Date Published: Mar 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7153
Summary:
osCommerce is open-source e-commerce software written in PHP. osCommerce
will run on most Unix and Linux variants as well as Microsoft Windows
operating systems.
It has been reported that osCommerce does not sufficiently filter HTML
code from URI parameters supplied to multiple osCommerce scripts.
As a result of this deficiency, it is possible for a remote attacker to
create a malicious link containing script code that will be executed in
the browser of a legitimate user. Specifically the attacker can pass
malicious HTML code as the 'info_message' URI parameter for multiple
osCommerce pages. All code will be executed within the context of the
website running osCommerce.
This may allow for theft of cookie-based authentication credentials and
other attacks.
This vulnerability was reported to affect osCommerce version 2.2ms1, prior
versions are reportedly affected.
19. OSCommerce Checkout_Payment.PHP Error Output Cross-Site Scripting Vulnerability
BugTraq ID: 7155
Remote: Yes
Date Published: Mar 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7155
Summary:
osCommerce is open-source e-commerce software written in PHP. osCommerce
will run on most Unix and Linux variants as well as Microsoft Windows
operating systems.
Error output is not sufficiently sanitized of HTML and script code by
osCommerce. This issue is present in the 'checkout_payment.php' script.
This may allow for cross-site scripting attacks as remote users could
create a malicious link to a site hosting osCommerce which contains
hostile HTML and script code. When a such a link is visited,
attacker-supplied code could be interpreted in the web client of the user.
This will occur in the context of the site hosting the software.
To successfully exploit this issue, the attacker must include a valid
payment module in the malicious link. This information may be ascertained
through other means, such as submitting an order with a bad credit card
number.
Exploitation may allow theft of cookie-based authentications or other
attacks.
20. OSCommerce Account_History_Info.PHP HTML code injection Vulnerability
BugTraq ID: 7156
Remote: Yes
Date Published: Mar 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7156
Summary:
osCommerce is open-source e-commerce software written in PHP. osCommerce
will run on most Unix and Linux variants as well as Microsoft Windows
operating systems.
It has been reported that osCommerce is prone to HTML injection attacks.
This problem occurs due to osCommerce insufficiently sanitizing
user-supplied input.
Specifically, embedded HTML and script code is not filtered from the
'comment' field of the 'account_history_info.php' osCommerce script.
As a result, attackers may embed malicious script code or HTML into
orders. When another user views a malicious order, the attacker-supplied
code will be interpreted in their web browser in the security context of
the site hosting the software.
It may be possible to steal the unsuspecting user's cookie-based
authentication credentials, as well as other sensitive information. Other
attacks are also possible.
This vulnerability was reported to affect osCommerce version 2.2ms1, prior
versions are reportedly affected.
21. OSCommerce Checkout_Confirmation.PHP Comment HTML Injection Vulnerability
BugTraq ID: 7158
Remote: Yes
Date Published: Mar 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7158
Summary:
osCommerce is open-source e-commerce software written in PHP. osCommerce
will run on most Unix and Linux variants as well as Microsoft Windows
operating systems.
Comment data is not sufficiently sanitized of HTML and script code. The
issue occurs in the 'checkout_confirmation.php' script. This may allow
remote attackers to inject hostile HTML and script code into the
e-commerce system, which could potentially be rendered by other users of
the software. This would occur in the context of the site hosting the
vulnerable software.
Successful exploitation may allow for theft of cookie-based authentication
credentials or other attacks.
22. Check Point VPN-1/Firewall-1 Remote Syslog Data Resource Consumption Vulnerability
BugTraq ID: 7159
Remote: Yes
Date Published: Mar 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7159
Summary:
Firewall-1 and VPN-1 are network security software packages distributed by
Check Point Software Technologies. It is available for Unix, Linux, and
Microsoft Operating Systems.
A problem in the software may make it possible for a remote user to launch
a resource consumption attack.
It has been reported that some versions of Firewall-1 and VPN-1 may
experience performance problems when allowing remote syslog traffic. An
attacker could exploit this issue to deny service to legitimate users of
the network serviced by the software.
Firewall-1 and VPN-1 do not permit remote syslog traffic by default. The
software must be configured to allow a specific remote host to send syslog
traffic to the server. Once this has been done, the host may abuse this
access by sending excessive amounts of syslog data to the syslog host.
This is done to consume the CPU resources of the system hosting the
software, creating a resource exhaustion attack, and potential denial of
service.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. USB Tokens (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/316522
2. Expire accounts from Active Directory after a period of inactivity (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/316377
3. SMB Brute Force (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/316373
4. MS03-007 Round-up (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/316197
5. SecurityFocus Microsoft Newsletter #130 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/316129
6. Article Announcement: Why the Dogs of Cyberwar Stay Leashed (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/316126
7. Anyone have hard evidence of problems with Windows Automatic Upda tes? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/316025
8. Anyone have hard evidence of problems with WindowsAutomatic Upda tes? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/315933
9. Anyone have hard evidence of problems with Windows Automatic Upda tes? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/315917
10. Anyone have hard evidence of problems with Windows Automatic Updates? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/315916
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Event Log Monitor
by TNT Software
Platforms: Windows 2000, Windows NT
Relevant URL:
http://www.tntsoftware.com/products/emon22/Default.asp
Summary:
Event Log Monitor displays a consolidated view of all the NT event logs on
all the workstations and servers being monitored and provides you the
ability to create custom views of events grouped any way you like. Each
view is dynamically updated as new events occur in the network.
2. F-Secure Anti-Virus Total Suite
by F-Secure Corporation
Platforms: DOS, Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.f-secure.com/products/anti-virus/totalsuite/
Summary:
F-Secure Anti-Virus Total Suite includes all critical components for
corporate virus security. By using F-Secure's award winning workstation,
file server, email server and firewall anti-virus products, you are always
protected even against the latest threats. All F-Secure Anti-Virus Total
Suite products are centrally manageable with one easy to use management
solution, F-Secure Policy Manager.
3. FAZAM 2000
by Sunbelt Software
Platforms: Windows 2000, Windows XP
Relevant URL:
http://www.sunbeltsoftware.com/product.cfm?id=871
Summary:
FAZAM 2000 is The FullArmor Corporation?s Group Policy management solution
for Windows 2000 Active Directory environments. FAZAM 2000 builds on the
native Microsoft Windows 2000 infrastructure to provide customers with
greater manageability and control over Group Policy Objects (GPOs).
V. NEW TOOLS FOR MICROSOFT PLATFORMS
-------------------------------------
1. FTimes v3.2.1
by Klayton Monroe
Relevant URL:
http://ftimes.sourceforge.net/FTimes/
Platforms: AIX, FreeBSD, Linux, MacOS, POSIX, Solaris, SunOS, Windows
2000, Windows NT
Summary:
FTimes is a system baselining and evidence collection tool. Its primary
purpose is to gather and/or develop information about specified
directories and files in a manner conducive to intrusion analysis. It was
designed to support the following initiatives: content integrity
monitoring, incident response, intrusion analysis, and computer forensics.
2. Glub Tech Secure FTP v2.0.3
by glub
Relevant URL:
http://secureftp.glub.com
Platforms: MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows
XP
Summary:
Glub Tech Secure FTP is a command-line utility that allows FTP connections
to be made using SSL.
3. VScan v1.0
by viv3kr viv3kr@yahoo.com
Relevant URL:
http://www.vsniff.tk
Platforms: Windows 2000, Windows XP
Summary:
VScan is a port scanner with some advanced options. It can perform syn,
fin, xmas, null, ack and idle scanning. At this moment it is a console
application. Note that fin,xmas and null scans do not work against windows
boxes. Run the program without any parameters to see the syntax of
operation.
VI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: NetIQ
Need security policies? Don't start from scratch..."Information Security
Policies Made Easy" is the best security policy resource guide you can
buy with 1300+ ready-to-use security policies that can be quickly
customized for any company. Build best practice security policies in
half the time and expense. Also check out "Information Security Roles &
Responsibilities Made Easy. "
Download a free policy now at http://www.netiq.com/order/publications.asp
------------------------------------------------------------------------------
----------------------------------------------------------------------
Get serious about enterprise anti-spam management.
SurfControl E-mail Filter for SMTP & Exchange
leverages multiple layers of technology to defeat
spam with accuracy. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfmsl1
- Previous message: Robert Schild: "Re: USB Tokens"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
