SecurityFocus Microsoft Newsletter #155
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 09/22/03
- Previous message: Miroslaw Slawek Chorazy: "Re: Disabling Internet Explorer "Save my password" checkbox for httpauthentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Sep 2003 12:59:07 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #155
----------------------------------------
This Issue Sponsored by: Captus Networks
Are you Prepared for the next Sobig and Blaster Worms?
Integrated Intrusion Prevention and Traffic Shaping to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Ensure Reliable Performance of Mission Critical Applications
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_ms-secnews_030922
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Wireless Policy Development (Part One)
2. Dynamic Honeypots
3. Does Microsoft Give a Damn?
4. SPECIAL ANNOUNCEMENT
II. MICROSOFT VULNERABILITY SUMMARY
1. myServer cgi-lib.dll Remote Buffer Overflow Vulnerability
2. WideChapter HTTP Request Buffer Overflow Vulnerability
3. MiniHTTPServer WebForums/File-Sharing for NET Servers Direct...
4. MiniHTTPServer WebForums Server Default Password Vulnerabili...
5. EFS Software Easy File Sharing Web Server Directory Traversa...
6. MiniHTTPServer WebForum Server Unauthorized Administrative A...
7. NetWin DBabble Cross-Site Scripting Vulnerability
8. Plug and Play Web Server Directory Traversal Vulnerability
9. Sendmail Ruleset Parsing Buffer Overflow Vulnerability
10. Mondosoft MondoSearch Unspecified Access Validation Error
III. MICROSOFT FOCUS LIST SUMMARY
1. Vulnerability scanner for SQL injection, HTML injec... (Thread)
2. Disabling Internet Explorer "Save my password" check... (Thread)
3. Disabling sharing and group policies (Thread)
4. Blank passwords, TsInternetUser added to Administrat... (Thread)
5. Why Programs get written to need admin priveleges. (Thread)
6. SecurityFocus Announcement: New Mailing Lists (Thread)
7. SecurityFocus Microsoft Newsletter #154 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Sophos Anti-Virus
2. East-Tec Eraser 2003 v4.0
3. McAfee ePolicy Orchestrator
4. Enterprise Manager
5. ZoneAlarm Pro 4.0
6. ActiveScout Enterprise
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Glub Tech Secure FTP v2.0.9.2
2. Bugs Dynamic Cryptography v4.1.1
3. East-Tec Eraser v4.0
4. John the Ripper v1.6.35(dev)
5. mrtg-ping-probe v2.2.0
6. The OpenAntivirus Project: Summary Various
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Wireless Policy Development (Part One)
By Jamil Farschi
This is the first of a two-part series that will help create a framework
for the most important aspect of any wireless security strategy -- policy
development.
http://www.securityfocus.com/infocus/1732
2. Dynamic Honeypots
By Lance Spitzner
The search for the dream honeypot: dynamic honeypots, an appliance-like
plug-and-play solution.
http://www.securityfocus.com/infocus/1731
3. Does Microsoft Give a Damn?
By George Smith
The software-maker's dismal security record seems to have left it immune
to criticism and shame.
http://www.securityfocus.com/columnists/185
4. SPECIAL ANNOUNCEMENT
We are pleased to announce that The Basics infocus area has been renamed
to Foundations, in order to accommodate a wider range of security-related
articles that are not necessarily basic, but do not fit into one of the
seven other infocus areas either.
http://www.securityfocus.com/basics
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. myServer cgi-lib.dll Remote Buffer Overflow Vulnerability
BugTraq ID: 8612
Remote: Yes
Date Published: Sep 12 2003
Relevant URL: http://www.securityfocus.com/bid/8612
Summary:
myServer is an application and web server for Microsoft Windows and Linux
operating systems.
myServer has been reported prone to a remote buffer overflow
vulnerability. This issue is reported to exist in the cgi-lib.dll file.
The issue presents itself when the software attempts to process string
values of excessive length for URI variables. This will cause adjacent
regions of memory to be corrupted with data contained in the malicious
string. This will likely result in a crash due to the server attempting
to dereference an invalid memory address. However, it is possible that
this vulnerability may also allow the execution of arbitrary instructions
since the attacker may be able to leverage memory corruption to control
execution flow of the server process. Any instructions carried out
through this vulnerability would be with the privileges of the web server
process. However, the possibility of code execution has not been
confirmed.
This vulnerability was reported for myServer version 0.4.3 and earlier.
2. WideChapter HTTP Request Buffer Overflow Vulnerability
BugTraq ID: 8617
Remote: Yes
Date Published: Sep 15 2003
Relevant URL: http://www.securityfocus.com/bid/8617
Summary:
WideChapter is a multi Chapter multi tab web browser, available for
Microsoft Windows platforms.
WideChapter has been reported prone to a buffer overflow vulnerability
when handling HTTP requests of excessive length.
It has been reported that the condition may be triggered remotely when a
malicious website is rendered in the affected browser. An HTTP request of
>= 517 bytes, invoked by a window.open() script function, will overrun the
bounds of a reserved stack based buffer in WideChapter and corrupt
adjacent memory. Because memory adjacent to this buffer has been reported
to contain a saved instruction pointer, it is likely that a remote
attacker may influence execution flow, and although unconfirmed may likely
execute arbitrary instructions in the context of the user who is running
the affected browser.
This vulnerability has been reported to affect WideChapter version 3, and
prior versions.
3. MiniHTTPServer WebForums/File-Sharing for NET Servers Direct...
BugTraq ID: 8619
Remote: Yes
Date Published: Sep 15 2003
Relevant URL: http://www.securityfocus.com/bid/8619
Summary:
WebForums Server is a commercially-available HTTP server. It is available
for the Microsoft Windows platform. File-Sharing for NET is a
commercially-available web server mainly designed for file sharing.
A vulnerability is reported to exist in the software allowing a remote
attacker to access information outside the server root directory. The
problem occurs due to insufficient sanitization of user-supplied input.
This vulnerability may allow remote attackers to traverse outside the
server root directory by using '/../' character sequences.
This issue may allow an attacker to retrieve arbitrary server-readable
files. Successful exploitation of this issue may allow an attacker to gain
access to sensitive information, which may be used to launch further
attacks against a vulnerable system.
MiniHTTPServer WebForums Server 1.5 and prior and File-Sharing for NET 1.5
and prior have been reported to be prone to this issue.
4. MiniHTTPServer WebForums Server Default Password Vulnerabili...
BugTraq ID: 8620
Remote: Yes
Date Published: Sep 15 2003
Relevant URL: http://www.securityfocus.com/bid/8620
Summary:
WebForums Server is a commercially available HTTP server. It is available
for the Microsoft Windows platform.
A vulnerability has been reported for WebForums server. Reportedly, the
database's administrative user, the 'admin' account, is created by default
during installation and is assigned a '"' password.
A remote attacker can exploit this vulnerability by connecting to a
vulnerable system's as an administrative user, and supplying a '"'
character as a password. The attacker may gain administrative access on a
default installation. It has been reported that attributes for this
account include the ability to access the local 'C:\' drive.
This vulnerability has been reported to exist in WebForums Server 1.5 and
prior.
5. EFS Software Easy File Sharing Web Server Directory Traversa...
BugTraq ID: 8632
Remote: Yes
Date Published: Sep 16 2003
Relevant URL: http://www.securityfocus.com/bid/8632
Summary:
Easy File Sharing Web Server is a commercially-available web server
software package distributed by EFS Software. It is available for the
Microsoft Windows platform.
A problem has been reported in the handling of specific types of requests
in EFS Software Easy File Sharing Web Server. Because of this, an
attacker may be able to gain unauthorized access to system resources.
The problem is in the handling of directory traversal requests. Upon
placing a request to the server with dot-dot-slash notation, it is
possible to escape the web root directory and gain access to files on the
local system. Access to files is limited to those readable by the web
server process user. This may be SYSTEM level in some configurations.
6. MiniHTTPServer WebForum Server Unauthorized Administrative A...
BugTraq ID: 8633
Remote: Yes
Date Published: Sep 16 2003
Relevant URL: http://www.securityfocus.com/bid/8633
Summary:
MiniHTTPServer WebForum Server is a web-based bulletin board system
available for the Microsoft Windows operating system.
A vulnerability has been reported for MiniHTTPServer WebForum Server that
may allow an attacker to log in as an administrator. The problem occurs
due to the software failing to sufficiently validate administrative
credentials. Specifically, if a quote character (") is supplied as the
administrator password, the user may be incorrectly authenticated.
This could ultimately allow for an unauthorized to carry out attacks
against the WebForum Server with administrator privileges, potentially
accessing sensitive information or destroying data. Other attacks would
also be possible.
7. NetWin DBabble Cross-Site Scripting Vulnerability
BugTraq ID: 8637
Remote: Yes
Date Published: Sep 16 2003
Relevant URL: http://www.securityfocus.com/bid/8637
Summary:
DBabble is a chat server implementation maintained and distributed by
NetWin. It is available for the Microsoft Windows platform.
A cross-site scripting problem has been reported in NetWin DBabble. This
could make it possible for an attacker to potentially execute HTML and
script code in the security context of a site using the vulnerable
software.
The problem is in the handling of input passed to the cmd URI parameter.
Input passed through this parameter is not properly sanitized, making it
possible to include HTML through this parameter via a malicious link. An
attacker could use this to render arbitrary HTML in the browser of a
victim, stealing cookie authentication credentials or performing other
nefarious acts.
8. Plug and Play Web Server Directory Traversal Vulnerability
BugTraq ID: 8645
Remote: Yes
Date Published: Sep 18 2003
Relevant URL: http://www.securityfocus.com/bid/8645
Summary:
Plug and Play Web Server is a Microsoft Windows based application package
that provides users with the ability to create and maintain dynamic
websites. The software also supports SSL.
A vulnerability has been reported in the software that may allow a remote
attacker to access information outside the server root directory. The
problem exists due to insufficient sanitization of user-supplied data.
The issue may allow a remote attacker to traverse outside the server root
directory by using '../' or '..\' character sequences.
Successful exploitation of this vulnerability may allow a remote attacker
to gain access to sensitive information that may be used to launch further
attacks against a vulnerable system.
Plug and Play Web Server version 1.0002c has been reported to be prone to
this issue, however other versions may be affected as well.
9. Sendmail Ruleset Parsing Buffer Overflow Vulnerability
BugTraq ID: 8649
Remote: Unknown
Date Published: Sep 17 2003
Relevant URL: http://www.securityfocus.com/bid/8649
Summary:
Sendmail is a widely used MTA for Unix and Microsoft Windows systems.
Sendmail has been reported prone to a buffer overflow condition when
parsing non-standard rulesets.
It has been reported that an attacker may trigger a buffer overflow
condition in Sendmail, when Sendmail parses specific rulesets.
Non-standard rulesets recipient(2), final(4) and mailer-specific envelope
recipient may be used as an attack vector to trigger this vulnerability.
It should be noted that Sendmail under a default configuration is not
vulnerable to this condition. It is not currently known, if this
vulnerability may potentially be exploited to execute arbitrary code.
However due to the nature of the condition, although unconfirmed, it has
been conjectured that ultimately an attacker may exploit this condition to
execute arbitrary code in the context of the affected Sendmail server.
It is not currently known if this vulnerability is restricted to local
exploitation or if the issue may also be exploited remotely.
Explicit technical details regarding this vulnerability are not currently
available; this BID will be updated as further details are disclosed.
10. Mondosoft MondoSearch Unspecified Access Validation Error
BugTraq ID: 8650
Remote: Yes
Date Published: Sep 18 2003
Relevant URL: http://www.securityfocus.com/bid/8650
Summary:
Mondosoft provides search, analytical, and optimization tools for various
Windows-based content-management systems. MondoSearch is a Microsoft .NET
based search engine utility that allows users to integrate search features
into their websites.
The vendor has reported an unspecified vulnerability in the MondoSearch
software system that may allow remote attackers to gain unauthorized
access to a server running the vulnerable versions of MondoSearch. The
vulnerability is considered critical, however, additional details have not
been specified. The vendor has requested users to download a patch that
addresses this issue from the vendor website.
This BID will be updated as more information about this issue becomes
available.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Vulnerability scanner for SQL injection, HTML injec... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/338477
2. Disabling Internet Explorer "Save my password" check... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/338453
3. Disabling sharing and group policies (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/338452
4. Blank passwords, TsInternetUser added to Administrat... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/338451
5. Why Programs get written to need admin priveleges. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/338109
6. SecurityFocus Announcement: New Mailing Lists (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/337612
7. SecurityFocus Microsoft Newsletter #154 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/337610
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Sophos Anti-Virus
By: Sophos
Platforms: AIX, DOS, FreeBSD, HP-UX, Linux, MacOS, Netware, OS/2, Solaris,
UNIX, VMS, Windows 3.x, Windows 95/98, Windows NT
Relevant URL: http://www.sophos.com/products/sav/
Summary:
Sophos Anti-Virus is a unique solution to the virus problem, providing
true cross-platform protection in a single, fully integrated product. The
network-centric design provides a host of benefits for the protection of
servers, workstations and portables. Sophos's ground-breaking architecture
maximises protection, while minimising performance and administrative
overheads.
2. East-Tec Eraser 2003 v4.0
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application
for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate
sensitive data from your computer and protect your computer and Internet
privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now
means wiping its contents beyond recovery, scrambling its name and dates
and finally removing it from disk. When you want to get rid of sensitive
files or folders beyond recovery, add them to the Eraser list of doomed
files and ask Eraser to do the job. Eraser offers tight integration with
the Windows shell, so you can drag files and folders from Explorer and
drop them in Eraser, or you can erase them directly from Explorer by
selecting Erase beyond recovery from the context menu.
3. McAfee ePolicy Orchestrator
By: Network Associates
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.nai.com/us/products/mcafee/antivirus/fileserver/epo.htm
Summary:
McAfee Security ePolicy Orchestrator (ePO) is the market-leading tool for
centralized policy management of malicious threat protection. ePO allows
you to maintain up-to-date protection, configure and enforce policies, and
generate detailed graphical reports on McAfee Security and third party
products, including Symantec and Dr Ahn anti-virus products.
4. Enterprise Manager
By: Sophos
Platforms: Windows 2000, Windows NT
Relevant URL: http://www.sophos.com/products/em/
Summary:
The Enterprise Manager suite is a powerful set of tools allowing fully
automated web-based installation and updating of Sophos software across a
network and even to remote users.
Network administrators are put in full control and can monitor their
network at all times. Unprotected computers or those running an
out-of-date version of Sophos Anti-Virus can be immediately and
automatically updated. In practice, a network of 1000 or more clients can
be updated from a single, central Windows machine within five minutes.
5. ZoneAlarm Pro 4.0
By: Zone Labs
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.zonelabs.com
Summary:
Hackers lurk everywhere on the Internet, waiting for an "in" into your
personal and financial information. Even legitimate Web sites have
sophisticated methods of snooping, such as cookies that track your
identity and browsing habits. You need nothing less than the industry's
best protection?ZoneAlarm Pro. It offers you the award-winning firewall
that Zone Labs is famous for. Plus, it stops annoying and potentially
malicious cookies and pop-ups from invading your system.
6. ActiveScout Enterprise
By: ForeScout Technologies
Platforms: Linux, Solaris, Windows 2000, Windows 95/98, Windows NT
Relevant URL: http://www.forescout.com/enterprise.html
Summary:
ActiveScout Enterprises actively protects a network with multiple access
points. In addition to the identification of attackers and automatic
action to stop them, this solution offers full management capabilities,
from configuration and reporting, to the sharing of threat information
between multiple deployed scouts.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Glub Tech Secure FTP v2.0.9.2
By: glub
Relevant URL: http://secureftp.glub.com
Platforms: MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows
XP
Summary:
Glub Tech Secure FTP is a command-line utility that allows FTP connections
to be made using SSL.
2. Bugs Dynamic Cryptography v4.1.1
By: Sylvain Martinez <bugs_contact@encryptsolutions.com>
Relevant URL: http://www.encryptsolutions.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Bugs Dynamic Cryptography is a private key cryptography algorithm. The
package includes a C Library and many sample applications, including ones
for file encryption, secure chatting, and login applications. The
algorithm handles stream and block encryption, unlimited Keylength, and a
strong key generator. Documentation and a developer HOWTO are included.
3. East-Tec Eraser v4.0
By: EAST Technologies, eraser@east-tec.com
Relevant URL: http://www.east-tec.com
Platforms: Windows 95/98, Windows NT
Summary:
East-Tec Eraser ("Eraser" in short) is a security application for Windows
95/98/Me/NT/2000/XP designed to help you completely eliminate sensitive
data from your computer and protect your computer and Internet privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now
means wiping its contents beyond recovery, scrambling its name and dates
and finally removing it from disk. When you want to get rid of sensitive
files or folders beyond recovery, add them to the Eraser list of doomed
files and ask Eraser to do the job. Eraser offers tight integration with
the Windows shell, so you can drag files and folders from Explorer and
drop them in Eraser, or you can erase them directly from Explorer by
selecting Erase beyond recovery from the context menu.
4. John the Ripper v1.6.35(dev)
By: Solar Designer
Relevant URL: http://www.openwall.com/john/
Platforms: BeOS, DOS, MacOS, Windows 2000, Windows 95/98, Windows NT
Summary:
John the Ripper is a fast password cracker, currently available for many
flavors of Unix (11 are officially supported, not counting different
architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to
detect weak Unix passwords. It supports several crypt(3) password hash
types which are most commonly found on various Unix flavors, as well as
Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types
are added with contributed patches.
5. mrtg-ping-probe v2.2.0
By: Peter W. Osel
Relevant URL: http://pwo.de/projects/mrtg/
Platforms: POSIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
mrtg-ping-probe is a ping probe for MRTG. It is used to monitor the round
trip time and packet loss to networked devices. MRTG uses its output to
generate graphs visualizing minimum and maximum round trip times or packet
loss.
6. The OpenAntivirus Project: Summary Various
By: cbricart, fz-net, hfuhs, kurti and reniar
Relevant URL: http://www.openantivirus.org/
Platforms: Os Independent, POSIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Summary:
Developing Open Source AntiVirus Solutions
VI. SPONSOR INFORMATION
-----------------------
This Issue Sponsored by: Captus Networks
Are you Prepared for the next Sobig and Blaster Worms?
Integrated Intrusion Prevention and Traffic Shaping to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Ensure Reliable Performance of Mission Critical Applications
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_ms-secnews_030922
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Miroslaw Slawek Chorazy: "Re: Disabling Internet Explorer "Save my password" checkbox for httpauthentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
