SecurityFocus Microsoft Newsletter #166
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 12/09/03
- Previous message: Eric Schultze: "ANNOUNCE: PatchManagement mailing list"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Dec 2003 06:52:34 -0700 (MST) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #166
----------------------------------------
This Issue Sponsored by: RSA Conference 2004
Network with over 10,000 of the brightest minds in information security at
the largest, most highly-anticipated industry event of the year. Don't
miss RSA Conference 2004! Choose from over 200 class sessions and see
demos from more than 250 industry vendors. If your job touches security,
you need to be here. Learn more or register at:
http://www.securityfocus.com/sponsor/RSA_ms-secnews_031117 and use
priority code SF4.
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Home User Security: Personal Firewalls
2. Debian's Response
3. Simulating and optimising worm propagation algorithms (PDF)
4. The Rise of the Spammers
II. MICROSOFT VULNERABILITY SUMMARY
1. IBM Directory Server Web Administration Interface Cross-Site...
2. Yahoo! Messenger YAuto.DLL Open Buffer Overflow Vulnerabilit...
3. Alan Ward A-Cart Register.ASP Script Injection Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. ANNOUNCE: PatchManagement mailing list (Thread)
2. Determining JetAdmin versions for vulnerability audi... (Thread)
3. Comments on 5 IE vulnerabilities (Thread)
4. FW: Comments on 5 IE vulnerabilities (Thread)
5. Hiding MS SQL databases in Enterprise Manager (Thread)
6. SecurityFocus Microsoft Newsletter #165 (Thread)
7. Article Announcement: The Wells Fargo Example (Thread)
8. local admin account password (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. AccessMaster
2. KeyGhost SX
3. SafeKit
4. SecurDataStor
5. Proactive Windows Security Explorer
6. Outpost Personal Firewall Pro 2.0
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. OpenSSL 0.9.7c
2. mrtg v2.10.7
3. Generic Security Service v0.0.7
4. Enigmail v0.82.3
5. Stealth HTTP Security Scanner v2.0b36
6. aNTG v2.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Home User Security: Personal Firewalls
By Sarah Granger
This article discusses personal firewall alternatives, including freeware
firewalls, firewalls included with current Microsoft and Apple OSes, and
various commercial offerings of interest to the home user.
http://www.securityfocus.com/infocus/1750
2. Debian's Response
By Scott Granneman
Debian's response to the recent compromise of four debian.org machines was
quick, open and honest, and they also engaged other Linux vendors.
Companies and organizations, as well as other OS vendors, should take
note.
http://www.securityfocus.com/columnists/202
3.Simulating and optimising worm propagation algorithms (PDF)
by Tom Vogt
This paper describes a series of simulations run to estimate various worm
growth patterns and their corresponding propagation algorithms. It also
tests and verifies the impact of various improvements, starting from a
trivial simulation of worm propagation and the underlying network
infrastructure to more re ned models, it attempts to determine the
theoretical maximum propagation speed of worms and how it can be achieved.
It also estimates the impact a malicious worm could have on the overall
infrastructure.
http://www.securityfocus.com/data/library/WormPropagation.pdf
4.The Rise of the Spammers
by David Barroso Berrueta
Spammers are becoming more intelligent and more difficult to detect, which
is a strange issue, just because in my opinion, an intelligent person is
smart enough for not bothering millions of people. So, why these people
keep on helping unethical companies and individuals that send out
unsolicited e-mails? The reason should be simple and common these days:
money.
http://www.securityfocus.com/guest/24043
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. IBM Directory Server Web Administration Interface Cross-Site...
BugTraq ID: 9140
Remote: Yes
Date Published: Dec 02 2003
Relevant URL: http://www.securityfocus.com/bid/9140
Summary:
IBM Directory Server is an LDAP server that is available for numerous
platforms including HP-UX, Microsoft Windows and Linux.
IBM Directory Server is prone to cross-site scripting attacks. It is
possible to embed hostile HTML and script code in a malicious link to the
server, which when followed will be rendered in the victim user's browser.
This vulnerability is known to exist in the web administrative interface
(ldacgi.exe), which does not sanitize HTML and script code that is
supplied via the 'Action' URI parameter. Exploitation would occur in the
context of the server.
This could permit for theft of administrative cookie-based authentication
credentials or other attacks. Exploitation could potentially compromise
the LDAP server.
This issue was reported in Directory Server 4.1. Other versions may also
be affected.
2. Yahoo! Messenger YAuto.DLL Open Buffer Overflow Vulnerabilit...
BugTraq ID: 9145
Remote: Yes
Date Published: Dec 03 2003
Relevant URL: http://www.securityfocus.com/bid/9145
Summary:
Yahoo! Messenger is a freely available chat client distributed and
maintained by Yahoo! It is available for the Microsoft Windows platform.
A problem has been identified in the handling of some types of requests by
ActiveX controls installed with Yahoo! Messenger. Because of this, it may
be possible for an attacker to execute arbitrary code on a vulnerable
host.
The problem is in the handling of strings by the Open() function. Open()
is implemented in YAUTO.DLL with insufficient bounds checking. By
supplying a string of arbitrary length to the function, it is possible to
force the overwriting of sensitive process memory with attacker-supplied
values.
A web page containing the CLSID of the vulnerable ActiveX control and an
exploitable string could potentially exploit this issue to execute code
with the privileges of the browser user.
3. Alan Ward A-Cart Register.ASP Script Injection Vulnerability
BugTraq ID: 9155
Remote: Yes
Date Published: Dec 04 2003
Relevant URL: http://www.securityfocus.com/bid/9155
Summary:
Alan Ward's A-Cart is a web based shopping cart application. It is
implemented in ASP, and designed for use with Microsoft Access under
Microsoft Windows based servers.
A problem has been identified in the handling of form input by Alan Ward's
A-Cart. Because of this, it may be possible to inject HTML and script
into a vulnerable site.
The problem is in the checking of input in form fields. When data is
entered into the fields of the register.asp script, the script does not
sufficiently validate input and sanitize potentially dangerous data. An
attacker could exploit this problem to insert code directly into the
database, allowing the attacker to render code in the browser of victims
in the security context of the A-Cart site.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. ANNOUNCE: PatchManagement mailing list (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/346592
2. Determining JetAdmin versions for vulnerability audi... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/346338
3. Comments on 5 IE vulnerabilities (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/346266
4. FW: Comments on 5 IE vulnerabilities (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/346223
5. Hiding MS SQL databases in Enterprise Manager (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/346196
6. SecurityFocus Microsoft Newsletter #165 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/346120
7. Article Announcement: The Wells Fargo Example (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/346107
8. local admin account password (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/346048
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. AccessMaster
By: Evidian Inc.
Platforms: IRIX, Solaris, Windows 2000, Windows 95/98, Windows NT
Relevant URL: http://www.evidian.com/accessmaster/about/index.htm
Summary:
Extending onto a networked world means embracing the unknown. Piracy,
vandalism, industrial espionage... - attacks on companies are doubling
each year. With uniquely integrated security software, AccessMaster
manages and safeguards access to your data, end-to-end, from portals to
legacy, and lets you enforce a single, unified security policy across the
enterprise and beyond.
AccessMaster ensures high security level by federating your existing
security solutions, while ensuring at the same time user's convenience
with Single Sign-On and security officer's ease of administration with
centralized, Ldap-compliant, user and PKI management. In this way,
AccessMaster reduces IT security cost of ownership, with rapid return on
investment.
AccessMaster is recognized by analysts as a leading security suite for
large enterprises today. It was awarded "best access control" software by
Secure Computing Magazine three years running, in 2000, 2001, and 2002.
2. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows
95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity
within an accounting or specialist system. It is completely undetectable
by software scanners and provides you with one of the most powerful
stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data
in it?s own internal memory (not on the hard drive), it is impossible for
a network intruder to gain access to any sensitive data stored within the
device.
3. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application
available 24 hours per day. With no extra hardware: just use your existing
servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do
is add more standard servers into the cluster. With the load balancing
features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to serve
your users.
4. SecurDataStor
By: encryptX Corporation
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.encryptx.com/products/securdatastor.asp
Summary:
The SecurDataStor product line is designed to provide a comprehensive
software security solution that manages and controls access to sensitive
information that you need to share internally and externally.
SecurDataStor is available in three versions: Basic, Premium, and
Platinum. Depending on the level of security that you need, you can choose
the SecurDataStor product that suits your needs.
With its end-to-end protection of sensitive business information,
SecurDataStor products protect sensitive information when used by the
originator, stored locally on a hard drive or file server, and when
shared. Users can safely share sensitive information across different
Microsoft Windows operating systems, over different network and firewall
technologies, and across different forms of removable media.
5. Proactive Windows Security Explorer
By: Elcomsoft Co. Ltd.
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.elcomsoft.com/pwsex.html#
Summary:
Proactive Windows Security Explorer (PWSEX) is a password security test
tool that's designed to allow Windows NT, Windows 2000, and Windows
XP-based systems administrators to identify and close security holes in
their networks. Proactive Windows Security Explorer helps secure networks
by executing an audit of account passwords, and exposing insecure account
passwords. If it is possible to recover the password within a reasonable
time, the password is considered insecure.
An administrator can also use it to recover any lost password and access a
user's Windows account. Proactive Windows Security Explorer works by
analyzing user password hashes and recovering plain-text passwords.
6. Outpost Personal Firewall Pro 2.0
By: Agnitum
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.outpost.uk.com
Summary:
New Outpost Personal Firewall Pro 2.0 outdistances the award-winning
Outpost Personal Firewall Pro 1.0 on multiple levels, from enhanced
privacy features to ease-of-use. As the foremost security application for
personal computers, Outpost Personal Firewall Pro 2.0 gives you the latest
in personal firewall technology, making version 2.0 the clear security
choice for your system.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. OpenSSL 0.9.7c
By: The OpenSSL Project Team <openssl@openssl.org>
Relevant URL: http://www.openssl.org/
Platforms: UNIX, Windows NT
Summary:
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as
well as a full-strength general-purpose cryptography library.
2. mrtg v2.10.7
By: Tobias Oetiker
Relevant URL: http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
Platforms: POSIX, Windows 2000, Windows NT
Summary:
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic
load on network-links. MRTG generates HTML pages containing GIF/PNG images
which provide a live visual representation of this traffic.
3. Generic Security Service v0.0.7
By: Simon Josefsson
Relevant URL: http://www.gnu.org/software/gss/
Platforms: UNIX, Windows 2000, Windows NT, Windows XP
Summary:
A bug that prevented 3DES gss_wrap from working in the Kerberos 5
mechanism was fixed. The library headers file now works even when the
Kerberos 5 mechanism is disabled. The package has been tested on more
platforms.
4. Enigmail v0.82.3
By: Patrick
Relevant URL: http://enigmail.mozdev.org/thunderbird.html
Platforms: Linux, MacOS, POSIX, UNIX, Windows 2000, Windows 3.x, Windows
95/98, Windows CE, Windows NT, Windows XP
Summary:
Enigmail is a "plugin" for the mail client of Mozilla and Netscape 7.x
which allows users to access the authentication and encryption features
provided by the popular GnuPG software. Enigmail can encrypt/sign mail
when sending, and can decrypt/authenticate received mail. It can also
import/export public keys. Enigmail supports both the inline PGP format
and the PGP/MIME format, which can be used to encrypt attachments.
Enigmail is cross-platform, although binaries are supplied only for a
limited number of platforms. Enigmail uses inter-process communication to
execute GPG to carry out encryption/authentication.
5. Stealth HTTP Security Scanner v2.0b36
By: Felipe Moniz, Security Specialist
Relevant URL: http://www.hideaway.net/stealth
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Stealth 1.0 scans for 2883 HTTP vulnerabilities. This tool is designed
especially for the system administrators, security consultants and IT
professionals to check the possible security holes and to confirm any
present security vulnerabilities that hackers can exploit. Totally free
for commercial and non-commercial use.
6. aNTG v2.0
By: Lucas
Relevant URL: http://www.thebobo.com/antg.php
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
aNTG (another Network Traffic Grapher) is a PHP program that collects and
graphs network traffic statistics on a Linux machine.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue Sponsored by: RSA Conference 2004
Network with over 10,000 of the brightest minds in information security at
the largest, most highly-anticipated industry event of the year. Don't
miss RSA Conference 2004! Choose from over 200 class sessions and see
demos from more than 250 industry vendors. If your job touches security,
you need to be here. Learn more or register at:
http://www.securityfocus.com/sponsor/RSA_ms-secnews_031117 and use
priority code SF4.
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Eric Schultze: "ANNOUNCE: PatchManagement mailing list"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
