SecurityFocus Microsoft Newsletter #155

From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 09/22/03

  • Next message: Tumarinson, Max: "RE: Disabling Internet Explorer "Save my password" checkbox for http authentication"
    Date: Mon, 22 Sep 2003 12:59:07 -0600 (MDT)
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #155
    ----------------------------------------

    This Issue Sponsored by: Captus Networks

    Are you Prepared for the next Sobig and Blaster Worms?

    Integrated Intrusion Prevention and Traffic Shaping to:
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Ensure Reliable Performance of Mission Critical Applications

    **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo

    http://www.securityfocus.com/sponsor/CaptusNetworks_ms-secnews_030922
    ------------------------------------------------------------------------

    I. FRONT AND CENTER
         1. Wireless Policy Development (Part One)
         2. Dynamic Honeypots
         3. Does Microsoft Give a Damn?
         4. SPECIAL ANNOUNCEMENT
    II. MICROSOFT VULNERABILITY SUMMARY
         1. myServer cgi-lib.dll Remote Buffer Overflow Vulnerability
         2. WideChapter HTTP Request Buffer Overflow Vulnerability
         3. MiniHTTPServer WebForums/File-Sharing for NET Servers Direct...
         4. MiniHTTPServer WebForums Server Default Password Vulnerabili...
         5. EFS Software Easy File Sharing Web Server Directory Traversa...
         6. MiniHTTPServer WebForum Server Unauthorized Administrative A...
         7. NetWin DBabble Cross-Site Scripting Vulnerability
         8. Plug and Play Web Server Directory Traversal Vulnerability
         9. Sendmail Ruleset Parsing Buffer Overflow Vulnerability
         10. Mondosoft MondoSearch Unspecified Access Validation Error
    III. MICROSOFT FOCUS LIST SUMMARY
         1. Vulnerability scanner for SQL injection, HTML injec... (Thread)
         2. Disabling Internet Explorer "Save my password" check... (Thread)
         3. Disabling sharing and group policies (Thread)
         4. Blank passwords, TsInternetUser added to Administrat... (Thread)
         5. Why Programs get written to need admin priveleges. (Thread)
         6. SecurityFocus Announcement: New Mailing Lists (Thread)
         7. SecurityFocus Microsoft Newsletter #154 (Thread)
    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
         1. Sophos Anti-Virus
         2. East-Tec Eraser 2003 v4.0
         3. McAfee ePolicy Orchestrator
         4. Enterprise Manager
         5. ZoneAlarm Pro 4.0
         6. ActiveScout Enterprise
    V. NEW TOOLS FOR MICROSOFT PLATFORMS
         1. Glub Tech Secure FTP v2.0.9.2
         2. Bugs Dynamic Cryptography v4.1.1
         3. East-Tec Eraser v4.0
         4. John the Ripper v1.6.35(dev)
         5. mrtg-ping-probe v2.2.0
         6. The OpenAntivirus Project: Summary Various
    VI. SPONSOR INFORMATION

    I. FRONT AND CENTER
    -------------------
    1. Wireless Policy Development (Part One)
    By Jamil Farschi

    This is the first of a two-part series that will help create a framework
    for the most important aspect of any wireless security strategy -- policy
    development.

    http://www.securityfocus.com/infocus/1732

    2. Dynamic Honeypots
    By Lance Spitzner

    The search for the dream honeypot: dynamic honeypots, an appliance-like
    plug-and-play solution.

    http://www.securityfocus.com/infocus/1731

    3. Does Microsoft Give a Damn?
    By George Smith

    The software-maker's dismal security record seems to have left it immune
    to criticism and shame.

    http://www.securityfocus.com/columnists/185

    4. SPECIAL ANNOUNCEMENT

    We are pleased to announce that The Basics infocus area has been renamed
    to Foundations, in order to accommodate a wider range of security-related
    articles that are not necessarily basic, but do not fit into one of the
    seven other infocus areas either.

    http://www.securityfocus.com/basics

    II. MICROSOFT VULNERABILITY SUMMARY
    -----------------------------------
    1. myServer cgi-lib.dll Remote Buffer Overflow Vulnerability
    BugTraq ID: 8612
    Remote: Yes
    Date Published: Sep 12 2003
    Relevant URL: http://www.securityfocus.com/bid/8612
    Summary:
    myServer is an application and web server for Microsoft Windows and Linux
    operating systems.

    myServer has been reported prone to a remote buffer overflow
    vulnerability. This issue is reported to exist in the cgi-lib.dll file.

    The issue presents itself when the software attempts to process string
    values of excessive length for URI variables. This will cause adjacent
    regions of memory to be corrupted with data contained in the malicious
    string. This will likely result in a crash due to the server attempting
    to dereference an invalid memory address. However, it is possible that
    this vulnerability may also allow the execution of arbitrary instructions
    since the attacker may be able to leverage memory corruption to control
    execution flow of the server process. Any instructions carried out
    through this vulnerability would be with the privileges of the web server
    process. However, the possibility of code execution has not been
    confirmed.

    This vulnerability was reported for myServer version 0.4.3 and earlier.

    2. WideChapter HTTP Request Buffer Overflow Vulnerability
    BugTraq ID: 8617
    Remote: Yes
    Date Published: Sep 15 2003
    Relevant URL: http://www.securityfocus.com/bid/8617
    Summary:
    WideChapter is a multi Chapter multi tab web browser, available for
    Microsoft Windows platforms.

    WideChapter has been reported prone to a buffer overflow vulnerability
    when handling HTTP requests of excessive length.

    It has been reported that the condition may be triggered remotely when a
    malicious website is rendered in the affected browser. An HTTP request of
    >= 517 bytes, invoked by a window.open() script function, will overrun the
    bounds of a reserved stack based buffer in WideChapter and corrupt
    adjacent memory. Because memory adjacent to this buffer has been reported
    to contain a saved instruction pointer, it is likely that a remote
    attacker may influence execution flow, and although unconfirmed may likely
    execute arbitrary instructions in the context of the user who is running
    the affected browser.

    This vulnerability has been reported to affect WideChapter version 3, and
    prior versions.

    3. MiniHTTPServer WebForums/File-Sharing for NET Servers Direct...
    BugTraq ID: 8619
    Remote: Yes
    Date Published: Sep 15 2003
    Relevant URL: http://www.securityfocus.com/bid/8619
    Summary:
    WebForums Server is a commercially-available HTTP server. It is available
    for the Microsoft Windows platform. File-Sharing for NET is a
    commercially-available web server mainly designed for file sharing.

    A vulnerability is reported to exist in the software allowing a remote
    attacker to access information outside the server root directory. The
    problem occurs due to insufficient sanitization of user-supplied input.
    This vulnerability may allow remote attackers to traverse outside the
    server root directory by using '/../' character sequences.

    This issue may allow an attacker to retrieve arbitrary server-readable
    files. Successful exploitation of this issue may allow an attacker to gain
    access to sensitive information, which may be used to launch further
    attacks against a vulnerable system.

    MiniHTTPServer WebForums Server 1.5 and prior and File-Sharing for NET 1.5
    and prior have been reported to be prone to this issue.

    4. MiniHTTPServer WebForums Server Default Password Vulnerabili...
    BugTraq ID: 8620
    Remote: Yes
    Date Published: Sep 15 2003
    Relevant URL: http://www.securityfocus.com/bid/8620
    Summary:
    WebForums Server is a commercially available HTTP server. It is available
    for the Microsoft Windows platform.

    A vulnerability has been reported for WebForums server. Reportedly, the
    database's administrative user, the 'admin' account, is created by default
    during installation and is assigned a '"' password.

    A remote attacker can exploit this vulnerability by connecting to a
    vulnerable system's as an administrative user, and supplying a '"'
    character as a password. The attacker may gain administrative access on a
    default installation. It has been reported that attributes for this
    account include the ability to access the local 'C:\' drive.

    This vulnerability has been reported to exist in WebForums Server 1.5 and
    prior.

    5. EFS Software Easy File Sharing Web Server Directory Traversa...
    BugTraq ID: 8632
    Remote: Yes
    Date Published: Sep 16 2003
    Relevant URL: http://www.securityfocus.com/bid/8632
    Summary:
    Easy File Sharing Web Server is a commercially-available web server
    software package distributed by EFS Software. It is available for the
    Microsoft Windows platform.

    A problem has been reported in the handling of specific types of requests
    in EFS Software Easy File Sharing Web Server. Because of this, an
    attacker may be able to gain unauthorized access to system resources.

    The problem is in the handling of directory traversal requests. Upon
    placing a request to the server with dot-dot-slash notation, it is
    possible to escape the web root directory and gain access to files on the
    local system. Access to files is limited to those readable by the web
    server process user. This may be SYSTEM level in some configurations.

    6. MiniHTTPServer WebForum Server Unauthorized Administrative A...
    BugTraq ID: 8633
    Remote: Yes
    Date Published: Sep 16 2003
    Relevant URL: http://www.securityfocus.com/bid/8633
    Summary:
    MiniHTTPServer WebForum Server is a web-based bulletin board system
    available for the Microsoft Windows operating system.

    A vulnerability has been reported for MiniHTTPServer WebForum Server that
    may allow an attacker to log in as an administrator. The problem occurs
    due to the software failing to sufficiently validate administrative
    credentials. Specifically, if a quote character (") is supplied as the
    administrator password, the user may be incorrectly authenticated.

    This could ultimately allow for an unauthorized to carry out attacks
    against the WebForum Server with administrator privileges, potentially
    accessing sensitive information or destroying data. Other attacks would
    also be possible.

    7. NetWin DBabble Cross-Site Scripting Vulnerability
    BugTraq ID: 8637
    Remote: Yes
    Date Published: Sep 16 2003
    Relevant URL: http://www.securityfocus.com/bid/8637
    Summary:
    DBabble is a chat server implementation maintained and distributed by
    NetWin. It is available for the Microsoft Windows platform.

    A cross-site scripting problem has been reported in NetWin DBabble. This
    could make it possible for an attacker to potentially execute HTML and
    script code in the security context of a site using the vulnerable
    software.

    The problem is in the handling of input passed to the cmd URI parameter.
    Input passed through this parameter is not properly sanitized, making it
    possible to include HTML through this parameter via a malicious link. An
    attacker could use this to render arbitrary HTML in the browser of a
    victim, stealing cookie authentication credentials or performing other
    nefarious acts.

    8. Plug and Play Web Server Directory Traversal Vulnerability
    BugTraq ID: 8645
    Remote: Yes
    Date Published: Sep 18 2003
    Relevant URL: http://www.securityfocus.com/bid/8645
    Summary:
    Plug and Play Web Server is a Microsoft Windows based application package
    that provides users with the ability to create and maintain dynamic
    websites. The software also supports SSL.

    A vulnerability has been reported in the software that may allow a remote
    attacker to access information outside the server root directory. The
    problem exists due to insufficient sanitization of user-supplied data.
    The issue may allow a remote attacker to traverse outside the server root
    directory by using '../' or '..\' character sequences.

    Successful exploitation of this vulnerability may allow a remote attacker
    to gain access to sensitive information that may be used to launch further
    attacks against a vulnerable system.

    Plug and Play Web Server version 1.0002c has been reported to be prone to
    this issue, however other versions may be affected as well.

    9. Sendmail Ruleset Parsing Buffer Overflow Vulnerability
    BugTraq ID: 8649
    Remote: Unknown
    Date Published: Sep 17 2003
    Relevant URL: http://www.securityfocus.com/bid/8649
    Summary:
    Sendmail is a widely used MTA for Unix and Microsoft Windows systems.

    Sendmail has been reported prone to a buffer overflow condition when
    parsing non-standard rulesets.

    It has been reported that an attacker may trigger a buffer overflow
    condition in Sendmail, when Sendmail parses specific rulesets.
    Non-standard rulesets recipient(2), final(4) and mailer-specific envelope
    recipient may be used as an attack vector to trigger this vulnerability.
    It should be noted that Sendmail under a default configuration is not
    vulnerable to this condition. It is not currently known, if this
    vulnerability may potentially be exploited to execute arbitrary code.
    However due to the nature of the condition, although unconfirmed, it has
    been conjectured that ultimately an attacker may exploit this condition to
    execute arbitrary code in the context of the affected Sendmail server.

    It is not currently known if this vulnerability is restricted to local
    exploitation or if the issue may also be exploited remotely.

    Explicit technical details regarding this vulnerability are not currently
    available; this BID will be updated as further details are disclosed.

    10. Mondosoft MondoSearch Unspecified Access Validation Error
    BugTraq ID: 8650
    Remote: Yes
    Date Published: Sep 18 2003
    Relevant URL: http://www.securityfocus.com/bid/8650
    Summary:
    Mondosoft provides search, analytical, and optimization tools for various
    Windows-based content-management systems. MondoSearch is a Microsoft .NET
    based search engine utility that allows users to integrate search features
    into their websites.

    The vendor has reported an unspecified vulnerability in the MondoSearch
    software system that may allow remote attackers to gain unauthorized
    access to a server running the vulnerable versions of MondoSearch. The
    vulnerability is considered critical, however, additional details have not
    been specified. The vendor has requested users to download a patch that
    addresses this issue from the vendor website.

    This BID will be updated as more information about this issue becomes
    available.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. Vulnerability scanner for SQL injection, HTML injec... (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/338477

    2. Disabling Internet Explorer "Save my password" check... (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/338453

    3. Disabling sharing and group policies (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/338452

    4. Blank passwords, TsInternetUser added to Administrat... (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/338451

    5. Why Programs get written to need admin priveleges. (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/338109

    6. SecurityFocus Announcement: New Mailing Lists (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/337612

    7. SecurityFocus Microsoft Newsletter #154 (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/337610

    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
    ----------------------------------------
    1. Sophos Anti-Virus
    By: Sophos
    Platforms: AIX, DOS, FreeBSD, HP-UX, Linux, MacOS, Netware, OS/2, Solaris,
    UNIX, VMS, Windows 3.x, Windows 95/98, Windows NT
    Relevant URL: http://www.sophos.com/products/sav/
    Summary:

    Sophos Anti-Virus is a unique solution to the virus problem, providing
    true cross-platform protection in a single, fully integrated product. The
    network-centric design provides a host of benefits for the protection of
    servers, workstations and portables. Sophos's ground-breaking architecture
    maximises protection, while minimising performance and administrative
    overheads.

    2. East-Tec Eraser 2003 v4.0
    By: EAST Technologies
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL: http://www.east-tec.com/eraser/index.htm
    Summary:

    East-Tec Eraser ("Eraser" in short) is an advanced security application
    for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate
    sensitive data from your computer and protect your computer and Internet
    privacy.

    Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now
    means wiping its contents beyond recovery, scrambling its name and dates
    and finally removing it from disk. When you want to get rid of sensitive
    files or folders beyond recovery, add them to the Eraser list of doomed
    files and ask Eraser to do the job. Eraser offers tight integration with
    the Windows shell, so you can drag files and folders from Explorer and
    drop them in Eraser, or you can erase them directly from Explorer by
    selecting Erase beyond recovery from the context menu.

    3. McAfee ePolicy Orchestrator
    By: Network Associates
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL:
    http://www.nai.com/us/products/mcafee/antivirus/fileserver/epo.htm
    Summary:

    McAfee Security ePolicy Orchestrator (ePO) is the market-leading tool for
    centralized policy management of malicious threat protection. ePO allows
    you to maintain up-to-date protection, configure and enforce policies, and
    generate detailed graphical reports on McAfee Security and third party
    products, including Symantec and Dr Ahn anti-virus products.

    4. Enterprise Manager
    By: Sophos
    Platforms: Windows 2000, Windows NT
    Relevant URL: http://www.sophos.com/products/em/
    Summary:

    The Enterprise Manager suite is a powerful set of tools allowing fully
    automated web-based installation and updating of Sophos software across a
    network and even to remote users.

    Network administrators are put in full control and can monitor their
    network at all times. Unprotected computers or those running an
    out-of-date version of Sophos Anti-Virus can be immediately and
    automatically updated. In practice, a network of 1000 or more clients can
    be updated from a single, central Windows machine within five minutes.

    5. ZoneAlarm Pro 4.0
    By: Zone Labs
    Platforms: Windows 2000, Windows 95/98, Windows XP
    Relevant URL: http://www.zonelabs.com
    Summary:

    Hackers lurk everywhere on the Internet, waiting for an "in" into your
    personal and financial information. Even legitimate Web sites have
    sophisticated methods of snooping, such as cookies that track your
    identity and browsing habits. You need nothing less than the industry's
    best protection?ZoneAlarm Pro. It offers you the award-winning firewall
    that Zone Labs is famous for. Plus, it stops annoying and potentially
    malicious cookies and pop-ups from invading your system.

    6. ActiveScout Enterprise
    By: ForeScout Technologies
    Platforms: Linux, Solaris, Windows 2000, Windows 95/98, Windows NT
    Relevant URL: http://www.forescout.com/enterprise.html
    Summary:

    ActiveScout Enterprises actively protects a network with multiple access
    points. In addition to the identification of attackers and automatic
    action to stop them, this solution offers full management capabilities,
    from configuration and reporting, to the sharing of threat information
    between multiple deployed scouts.

    V. NEW TOOLS FOR MICROSOFT PLATFORMS
    ------------------------------------
    1. Glub Tech Secure FTP v2.0.9.2
    By: glub
    Relevant URL: http://secureftp.glub.com
    Platforms: MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows
    XP
    Summary:

    Glub Tech Secure FTP is a command-line utility that allows FTP connections
    to be made using SSL.

    2. Bugs Dynamic Cryptography v4.1.1
    By: Sylvain Martinez <bugs_contact@encryptsolutions.com>
    Relevant URL: http://www.encryptsolutions.com/
    Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
    Summary:

    Bugs Dynamic Cryptography is a private key cryptography algorithm. The
    package includes a C Library and many sample applications, including ones
    for file encryption, secure chatting, and login applications. The
    algorithm handles stream and block encryption, unlimited Keylength, and a
    strong key generator. Documentation and a developer HOWTO are included.

    3. East-Tec Eraser v4.0
    By: EAST Technologies, eraser@east-tec.com
    Relevant URL: http://www.east-tec.com
    Platforms: Windows 95/98, Windows NT
    Summary:

    East-Tec Eraser ("Eraser" in short) is a security application for Windows
    95/98/Me/NT/2000/XP designed to help you completely eliminate sensitive
    data from your computer and protect your computer and Internet privacy.

    Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now
    means wiping its contents beyond recovery, scrambling its name and dates
    and finally removing it from disk. When you want to get rid of sensitive
    files or folders beyond recovery, add them to the Eraser list of doomed
    files and ask Eraser to do the job. Eraser offers tight integration with
    the Windows shell, so you can drag files and folders from Explorer and
    drop them in Eraser, or you can erase them directly from Explorer by
    selecting Erase beyond recovery from the context menu.

    4. John the Ripper v1.6.35(dev)
    By: Solar Designer
    Relevant URL: http://www.openwall.com/john/
    Platforms: BeOS, DOS, MacOS, Windows 2000, Windows 95/98, Windows NT
    Summary:

    John the Ripper is a fast password cracker, currently available for many
    flavors of Unix (11 are officially supported, not counting different
    architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to
    detect weak Unix passwords. It supports several crypt(3) password hash
    types which are most commonly found on various Unix flavors, as well as
    Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types
    are added with contributed patches.

    5. mrtg-ping-probe v2.2.0
    By: Peter W. Osel
    Relevant URL: http://pwo.de/projects/mrtg/
    Platforms: POSIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
    Summary:

    mrtg-ping-probe is a ping probe for MRTG. It is used to monitor the round
    trip time and packet loss to networked devices. MRTG uses its output to
    generate graphs visualizing minimum and maximum round trip times or packet
    loss.

    6. The OpenAntivirus Project: Summary Various
    By: cbricart, fz-net, hfuhs, kurti and reniar
    Relevant URL: http://www.openantivirus.org/
    Platforms: Os Independent, POSIX, Windows 2000, Windows 95/98, Windows NT,
    Windows XP
    Summary:

    Developing Open Source AntiVirus Solutions

    VI. SPONSOR INFORMATION
    -----------------------
    This Issue Sponsored by: Captus Networks

    Are you Prepared for the next Sobig and Blaster Worms?

    Integrated Intrusion Prevention and Traffic Shaping to:
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Automatically Control P2P, IM and Spam Traffic
     - Ensure Reliable Performance of Mission Critical Applications

    **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo

    http://www.securityfocus.com/sponsor/CaptusNetworks_ms-secnews_030922
    ------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Tumarinson, Max: "RE: Disabling Internet Explorer "Save my password" checkbox for http authentication"