SecurityFocus Microsoft Newsletter # 149
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 08/11/03
- Previous message: Marc Fossi: "Administrivia: Spam threads"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Aug 2003 13:00:09 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter # 149
----------------------------------------
------------------------------------------------------------------------
I. FRONT AND CENTER
1. The Lingering Ghost of Slammer
2. Blogs: Another Tool in the Security Pro's Toolkit (Part Two)
3. Demonstrating ROI for Penetration Testing (Part Two)
II. MICROSOFT VULNERABILITY SUMMARY
1. Counterpane Password Safe Clipboard Data Recovery Vulnerabil...
2. Invision Board Overlapping IBF Formatting Tag HTML Injection...
3. ZoneAlarm Local Device Driver IO Control Code Execution Vuln...
4. EveryBuddy Long Message Denial Of Service Vulnerability
5. TightVNC Win32 Server QueryAllowNoPass Access Control Bypass...
6. JSCI SSO URI Pattern Matching Access Validation Vulnerabilit...
7. 121 Software 121 WAM! FTP Server Directory Traversal Vulnera...
8. Lotus Sametime Multiple Encryption Implementation Flaw Vulne...
9. MiniHTTPServer WebForums Server Null Default Password Vulner...
III. MICROSOFT FOCUS LIST SUMMARY
1. Administrivia: Spam threads (Thread)
2. MS broadening its efforts to warn customers (Thread)
3. Exchange 2000 out of office (Thread)
4. TSGrinder 2.03 Released (Thread)
5. HTASploit (Thread)
6. How to silently deploy DirectX9b? (Thread)
7. SecurityFocus Microsoft Newsletter #148 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Intellitactics Network Security Manager
2. Netsecure Log
3. F-Secure Internet Security 2003
4. Primedius Personal Firewall/Anti-Spy ware
5. AES PRO
6. Aluria's Spyware Eliminator
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. ngrep v1.41
2. Securepoint Firewall and VPN Server v3.1.3 P3
3. libdvdcss v1.2.8
4. Enigmail v0.81.0
5. aNTG v1.0
6. LibTomMath v0.23
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. The Lingering Ghost of Slammer
By Tim Mullen
The last big Windows worm showed that network security can literally be a
matter of life and death.
http://www.securityfocus.com/columnists/178
2. Blogs: Another Tool in the Security Pro's Toolkit (Part Two)
By Scott Granneman
Part Two on blogs covers RSS feeds that are highly relevant to the security
community.
http://www.securityfocus.com/columnists/177
3. Demonstrating ROI for Penetration Testing (Part Two)
By Marcia Wilson
The second article in this series will introduce Risk Management concepts
as they relate to Information Asset valuation.
http://www.securityfocus.com/infocus/1718
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Counterpane Password Safe Clipboard Data Recovery Vulnerabil...
BugTraq ID: 8334
Remote: No
Date Published: Aug 04 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8334
Summary:
Counterpane Password Safe is a password storage application for Microsoft
Windows operating systems.
Password Safe has security options that clear data from the clipboard and
lock the password database when the Password Safe window is minimized by
the user.
It has been reported the Password Safe will not clear passwords or other
sensitive information from the clipboard when the program is minimized,
even in circumstances where it is configured to do so. This could create a
false sense of security as the user expects that credentials have been
cleared from the clipboard when the program window is minimized. This
could also permit password credentials to be retrieved by malicious users
under some circumstances.
It should be noted that a user must first copy a password or other
sensitive information to the clipboard for this issue to be exploited.
2. Invision Board Overlapping IBF Formatting Tag HTML Injection...
BugTraq ID: 8335
Remote: Yes
Date Published: Aug 04 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8335
Summary:
Invision Board is web forum software. It is implemented in PHP and is
available for Unix and Linux variants and Microsoft Windows operating systems.
Invision Board supports the use of formatting tags that allow users to
insert images and links into content as well as control certain aspects of
how content is rendered. These tags are referred to as IBF codes.
It may be possible to inject hostile HTML into Invision Board by using
overlapping IBF tags. This could cause the hostile code to be interpreted
in the context of the site hosting the software. Any input fields which
support inclusion of IBF code may be prone to this issue.
It should be noted that it may not be possible to inject arbitrary HTML
into Invision Board but it is more likely that this could be exploited to
spoof or manipulate links or include other abusive content.
3. ZoneAlarm Local Device Driver IO Control Code Execution Vuln...
BugTraq ID: 8342
Remote: No
Date Published: Aug 05 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8342
Summary:
ZoneAlarm is a firewall software package available for the Microsoft
Windows operating system. It is distributed and maintained by Zone Labs.
A problem in the handling of input may, under some circumstances, allow an
attacker to cause the execution of code at arbitrary locations of memory
through the ZoneAlarm application. This may lead to unauthorized access to
system resources.
The problem is in the handling of input by the ZoneAlarm Device Driver
"VSDATANT". It is possible to overwrite specific locations in memory by
supplying a signal and location to which the data will be written. By
using a dwIoControl code, it is possible to cause the ZoneAlarm application
to jump to this location of memory and execute the code contained at the
address. The code executed by ZoneAlarm would be with the privileges of ring0.
This vulnerability was reported to affect ZoneAlarm 3.1, however, other
versions may also be affected.
4. EveryBuddy Long Message Denial Of Service Vulnerability
BugTraq ID: 8343
Remote: Yes
Date Published: Aug 05 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8343
Summary:
EveryBuddy is an instant messaging client that supports numerous instant
messaging services, including AIM, ICQ and MSN. It is available for
Microsoft Windows operating systems.
EveryBuddy is prone to a denial of service vulnerability when handling
instant messages of excessive length. The condition is reportedly
reproducible by sending 55 lines with 27 characters per line in an instant
message to a user of a vulnerable client. Most legitimate clients will
limit the length of outgoing instant messages, however this could be
exploited with a malicious instant messaging client designed to send
messages of excessive length.
This condition may be due to a buffer overflow, though this has not been
confirmed.
5. TightVNC Win32 Server QueryAllowNoPass Access Control Bypass...
BugTraq ID: 8347
Remote: Yes
Date Published: Aug 05 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8347
Summary:
TightVNC is a VNC implementation that is freely available for a number of
platforms including Linux variants and Microsoft Windows operating systems.
TightVNC for Win32 platforms is reported to be prone to an unspecified
vulnerability that could permit access controls to be bypassed. This issue
is reportedly due to a failure of the software while acting on the
QueryAllowNoPass configuration directive. This issue is known to affect
the TightVNC server.
It has been reported that this issue exists in versions prior to 1.2.9.
Precise technical details are not available at this time. This BID will be
updated when further details become available.
6. JSCI SSO URI Pattern Matching Access Validation Vulnerabilit...
BugTraq ID: 8353
Remote: Yes
Date Published: Aug 06 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8353
Summary:
JCSI is a suite of Java components that offer solutions for data security
requirements. JCSI SSO (Single Sign-On) suite provides for authorization
and access control for Java applications using Microsoft Active Directory.
JSCI SSO has been reported prone to an access validation vulnerability
under certain circumstances.
The issue presents itself in pattern-matching tags contained in JSCI SSO
XML configuration files; these tags are used when controlling access to
Java applications. It has been reported that these pattern-matching tags
match an entire URI rather than the relative path to the secured Java
application. This may mean that if the protected Java application is moved
and has a different context root, JSCI SSO will no longer be protecting it.
This may lead a system administrator into a false sense of security and may
allow remote attackers to access restricted Java applications that were
presumed secured.
7. 121 Software 121 WAM! FTP Server Directory Traversal Vulnera...
BugTraq ID: 8356
Remote: Yes
Date Published: Aug 06 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8356
Summary:
121 WAM! Server is a FTP Server for Microsoft Windows Platform allowing
users to manage online databases including Microsoft Access, SQL Server and
MySQL.
A vulnerability has been reported in 121 WAM! Server that may allow remote
users to access restricted data from the server and other user accounts
outside the user root directory. The vulnerability is due to an access
validation error that allows clients to traverse outside of the root FTP
directory using '/../' character sequences.
This may allow the attacker to access system resources on the server.
Information that could be useful in further attacks could be disclosed to
an attacker through successful exploitation of this issue.
8. Lotus Sametime Multiple Encryption Implementation Flaw Vulne...
BugTraq ID: 8359
Remote: Yes
Date Published: Aug 07 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8359
Summary:
Sametime is the Instant Message client distributed and maintained by Lotus.
It is available for the Microsoft Windows operating system.
Several problems have been identified in Lotus Sametime that may make
information encrypted through Sametime more prone to retrieval by a
malicious party. This may result in an adversary gaining access to
sensitive information.
One issue is the RC2/40 key being sent in the login message. Upon
intercepting the login message, an adversary has a significantly greater
chance of decrypting the user's password.
Next, the key is also transmitted with Instant Messages. This may also
increase the liklihood of decrypting sensitive information.
Also, Encrypted Instant Messages contain six bytes of known characters at
the beginning of each IM. It is theorized that by gathering Instant
Messages over a period of time and cracking the six bytes of known text, it
may be possible to reveal the encryption key used. This has not been
confirmed.
Finally, the implementation of RC2/40 in Sametime uses a limited range of
characters when generating encryption keys that significantly weakens
generated keys. The implementation uses only ASCII representations of
decimal numbers that weaken keyspace from 256^10 possibilities to 10^10
possibilities.
9. MiniHTTPServer WebForums Server Null Default Password Vulner...
BugTraq ID: 8363
Remote: Yes
Date Published: Aug 07 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8363
Summary:
WebForums Server is a commercially available HTTP server. It is available
for the Microsoft Windows platform.
A vulnerability has been reported for WebForums server. Reportedly, the
database's administrative user, the 'admin' account, is created by default
during installation and is assigned a blank password.
A remote attacker can exploit this vulnerability by connecting to a
vulnerable system's as an administrative user, and supplying a null
password. The attacker may gain administrative access on a default
installation. It has been reported that attributes for this account include
the ability to access the local 'C:\' drive.
Although this vulnerability has been reported to affect MiniHTTPServer
WebForums Server version 1.5, other versions might also be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Administrivia: Spam threads (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/332111
2. MS broadening its efforts to warn customers (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/332110
3. Exchange 2000 out of office (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/332109
4. TSGrinder 2.03 Released (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/331998
5. HTASploit (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/331996
6. How to silently deploy DirectX9b? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/331906
7. SecurityFocus Microsoft Newsletter #148 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/331762
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Intellitactics Network Security Manager
By: Intellitactics
Platforms: Solaris, Windows NT
Relevant URL: http://www.intellitactics.com/products/nsm_overview.html
Summary:
Intellitactics Network Security Manager is the holistic, integrated threat
management
platform that gives you a virtual window into your enterprise security
environment.
NSM lets you police, prioritize and prevail across the full range of
today's security threats.
You get a clear picture of your security situation in real time--and over
time--so you can
deliver the most effective information security possible.
With NSM, you leverage the infrastructure you've already built. NSM
correlates massive amounts of data for you--gathered from your full range
of security devices and other information sources throughout the enterprise.
Then, on a single pane of glass, NSM provides a graphical visualization of
threats, anomalies and trends. Your Security Operations Center can now
respond more effectively to real security threats than with any other
security product--in moments instead of days, with fewer resources.
2. Netsecure Log
By: CalyxNetSecure
Platforms: Solaris, Windows 2000, Windows NT
Relevant URL:
http://www.calyxnetsecure.com/produit.asp?nom_produit=NetsecureLog
Summary:
Netsecure Log is a security administration solution. It makes the
administrator's job easier by centralizing security events in a database
and then to analyze them with a powerful requesting tool.
3. F-Secure Internet Security 2003
By: F-Secure Corporation
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.f-secure.com/estore/fsis2003.shtml
Summary:
F-Secure Internet Security 2003 includes an award winning antivirus
software, as well as an easy-to-use personal firewall product that protects
your system against break-in attempts when you are connected to the Internet.
4. Primedius Personal Firewall/Anti-Spy ware
By: Primedius
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.primedius.com/PersonalFirewall.htm
Summary:
Primedius Personal Firewall/Anti-Spy ware Prevents intrusions, stops
unwanted entries to and communications from your computer. Other features are:
- Detects, reviews and screens any entry through Winsock layer.
5. AES PRO
By: Workable Resources
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.aes.safeworld.info/pro.htm
Summary:
AES Pro is the utility program that creates active public keys. Active key
is an executable program that contains a public key and the software
necessary to encrypt messages and decrypt the answer-back messages. Users
can create active public keys that anyone can use to encrypt messages. No
other software is required. These active public keys are ideal to create
communication with the users who do not have the PGP or CHAOS Public Key
programs installed.
6. Aluria's Spyware Eliminator
By: Aluria Software
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.aluriasoftware.com/spywareeliminator/index.html
Summary:
Aluria's Spyware Eliminator protects you from the Spyware epidemic. While
anti-virus software guards you from viruses, it does not prevent Spyware
from attacking your computer. Aluria's Spyware Eliminator not only detects
and removes Spyware, Adware and Keyloggers from your computer, but now
actively blocks Spyware and Adware when your computer is under assault.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. ngrep v1.41
By: Jordan Ritter <jpr5@darkridge.com>
Relevant URL: http://ngrep.sourceforge.net/
Platforms: AIX, Digital UNIX/Alpha, FreeBSD, IRIX, Linux, OpenBSD, Solaris,
Windows 2000, Windows 95/98, Windows NT
Summary:
ngrep strives to provide most of GNU grep's common features, applying them
to the network layer. ngrep a pcap-aware tool that will allow you to
specify extended regular expressions to match against data payloads of
packets. It currently recognizes TCP and UDP across ethernet, ppp and slip
interfaces, and understands bpf filter logic in the same fashion as more
common packet sniffing tools like tcpdump and snoop.
2. Securepoint Firewall and VPN Server v3.1.3 P3
By: Lutz Hausmann
Relevant URL: http://www.securepoint.cc/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Securepoint Firewall and VPN Server is a high-performance application
designed to offer full protection for network assets. The Security Manager
offers a graphical user interface with many features, different
configurations, and advanced reporting functions. The Securepoint server is
a complete firewall and VPN software system with an operating system based
on a secure Linux. VPN operation supports PPTP and IPSec (X.509
certificates, preshared, RSA signature). You can use the firewall on a
standard PC with 2 to 16 network cards (including Ethernet, ADSL, ISDN). It
is very easy to install and administer. The Securepoint Security Manager is
available in English, German, and Spanish, and works in online and offline
mode.
3. libdvdcss v1.2.8
By: Samuel Hocevar <sam@zoy.org>
Relevant URL: http://www.videolan.org/libdvdcss/
Platforms: BeOS, FreeBSD, Linux, OpenBSD, Windows 2000, Windows 95/98,
Windows NT
Summary:
libdvdcss is a cross-platform library for transparent DVD device access
with on the fly CSS decryption. It currently runs under Linux, FreeBSD,
NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win98, Win2k and MacOS X. It is
used for the vlc DVD player because of its portability and because, unlike
similar libraries, it does not require your DVD drive to be region-locked.
4. Enigmail v0.81.0
By: Patrick
Relevant URL: http://enigmail.mozdev.org/thunderbird.html
Platforms: Linux, MacOS, POSIX, UNIX, Windows 2000, Windows 3.x, Windows
95/98, Windows CE, Windows NT, Windows XP
Summary:
Enigmail is a "plugin" for the mail client of Mozilla and Netscape 7.x
which allows users to access the authentication and encryption features
provided by the popular GnuPG software. Enigmail can encrypt/sign mail when
sending, and can decrypt/authenticate received mail. It can also
import/export public keys. Enigmail supports both the inline PGP format and
the PGP/MIME format, which can be used to encrypt attachments. Enigmail is
cross-platform, although binaries are supplied only for a limited number of
platforms. Enigmail uses inter-process communication to execute GPG to
carry out encryption/authentication.
5. aNTG v1.0
By: Lucas
Relevant URL: http://www.thebobo.com/antg.php
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
aNTG (another Network Traffic Grapher) is a PHP program that collects and
graphs network traffic statistics on a Linux machine.
6. LibTomMath v0.23
By: Tom St Denis <tomstdenis@iahu.ca>
Relevant URL: http://math.libtomcrypt.org/
Platforms: Linux, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
LibTomMath provides highly optimized and portable routines for a vast
majority of integer-based number theoretic applications (including public
key cryptography).
VI. SPONSOR INFORMATION
-----------------------
------------------------------------------------------------------------
---------------------------------------------------------------------------
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
---------------------------------------------------------------------------
- Previous message: Marc Fossi: "Administrivia: Spam threads"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
