SecurityFocus Microsoft Newsletter #179
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 03/09/04
- Previous message: Marc Fossi: "Article Announcement: IIS 6.0 Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Mar 2004 07:16:37 -0700 (MST) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #179
----------------------------------------
This issue is sponsored by: Reasoning Inc.
Enter to win a free application-level software security inspection -- a
$20,000 value!
Reasoning will inspect up to 100,000 lines of your toughest C/C++ code,
pinpointing the exact location of security vulnerabilities that are the
leading target of hackers. Experience the power that application scanning
and dynamic testing tools can't match.
Enter to win a free software security inspection now:
http://sic-em.steelbrick.com/REA2302/securityfocus-microsoft.jsp
------------------------------------------------------------------------
I. FRONT AND CENTER
1. IIS 6.0 Security
2. HIPAA Security Rule
3. Is password-lending a cybercrime?
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Cross-Domain Event Leakage Vulne...
2. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
3. ArGoSoft FTP Server Multiple Vulnerabilities
4. YABB SE Multiple Input Validation Vulnerabilities
5. Software602 602Pro LAN Suite Web Mail Cross-Site Scripting V...
6. Software602 602Pro LAN Suite Web Mail Directory Listing Disc...
7. Software602 602Pro LAN Suite Web Mail Installation Path Disc...
8. Magic Winmail Server LDapLib.PHP Remote Installation Path Di...
9. SpiderSales Shopping Cart Multiple Vulnerabilities
10. BolinTech Dream FTP Server FTP Command Format String Vulnera...
11. Multiple Vendor HTTP Response Splitting Vulnerability
12. SmarterTools SmarterMail Multiple Vulnerabilities
13. DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthori...
III. MICROSOFT FOCUS LIST SUMMARY
1. Windows file move restriction (Thread)
2. DHCP through RAS (Thread)
3. Article Announcements (Thread)
4. SecurityFocus Microsoft Newsletter #178 (Thread)
5. Administrivia: Mass-mailing worms (Thread)
6. FPSE Admin Listner on IIS 6.0 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Norton Internet Security 2004
2. East-Tec Eraser 2004
3. Steganos Security Suite 6
4. Airscanner Mobile AntiVirus Pro
5. Symantec?s Norton Internet Security 2004 Professional
6. secure2trust
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. TrustSight Security Hardening Tool v 1.0 Beta
2. Big Sister v0.99b1
3. John the Ripper v1.6.37(dev)
4. GeneSyS v1.0
5. aNTG v2.1
6. Stunnel v4.05
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. IIS 6.0 Security
By Rohyt Belani and Michael Muckin
This article discusses the major default configuration and design changes
incorporated in IIS 6.0 to make it a more secure platform for hosting
critical web applications.
http://www.securityfocus.com/infocus/1765
2. HIPAA Security Rule
By Steven Weil
This article presents a detailed overview of the American HIPAA (Health
Insurance Portability and Accountability Act) Security Rule and key
factors you should consider when preparing to comply with the rule.
http://www.securityfocus.com/infocus/1764
3. Is password-lending a cybercrime?
By Mark Rasch
A judge's wrongheaded interpretation of the federal Computer Fraud and
Abuse Act illustrates the problems of allowing civil enforcement of a
criminal law.
http://www.securityfocus.com/columnists/222
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Internet Explorer Cross-Domain Event Leakage Vulne...
BugTraq ID: 9761
Remote: Yes
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9761
Summary:
Microsoft Internet Explorer is reported to be prone to an issue that may
leak sensitive information across foreign domains.
This issue could permit framesets in different domains to leak various
events, including keyboard events. This could effectively permit a
hostile web page to capture keystrokes from a foreign domain.
2. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
BugTraq ID: 9765
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9765
Summary:
It has been reported that one of the scripts included with phpBB is prone
to a cross-site scripting vulnerability. According to the author of the
report, the script "viewtopic.php" returns the value of the HTML variable
"postorder" to the client as its output without encoding it or otherwise
removing potentially hostile content. This can be exploited by
constructing malicious links with the malicious "postorder" variable value
embedded as a GET request style HTML variable. If the target user visits
such a link, the malicious, externally created content supplied in the
link will be rendered (or executed, in the case of script code) as part of
the viewtopic.php document and within the context of the vulnerable
website (including the phpBB forum).
3. ArGoSoft FTP Server Multiple Vulnerabilities
BugTraq ID: 9770
Remote: Yes
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9770
Summary:
ArGoSoft has released version 1.4.1.6 of their FTP Server to address
multiple unspecified security vulnerabilities. These issues include three
buffer overruns when handling overly long FTP SITE ZIP and SITE COPY
commands, a file enumeration issue involving the SITE UNZIP command and
user database corruption denial of service attacks via the SITE PASS
command.
4. YABB SE Multiple Input Validation Vulnerabilities
BugTraq ID: 9774
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9774
Summary:
It has been reported that YaBB SE may be prone to multiple vulnerabilities
due to improper input validation. The issues may allow an attacker to
carry out SQL injection and directory traversal attacks. Successful
exploitation of these issues may allow an attacker to gain access to
sensitive information that may be used to mount further attacks against a
vulnerable system. The SQL injection vulnerabilities can be exploited to
gain access to user authentication credentials and corrupt user
information in the underlying database.
YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected by
these issues, however it is possible that other versions are vulnerable as
well.
5. Software602 602Pro LAN Suite Web Mail Cross-Site Scripting V...
BugTraq ID: 9777
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9777
Summary:
It has been reported that 602Pro LAN Suite Web Mail is prone to a
cross-site scripting vulnerability. This issue is due to a failure of the
application to properly sanitize user input supplied via the URI.
Attackers may exploit this vulnerability to steal authentication
credentials. Other attacks may also be possible.
6. Software602 602Pro LAN Suite Web Mail Directory Listing Disc...
BugTraq ID: 9780
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9780
Summary:
It has been reported that 602Pro LAN SUITE is prone to a remote directory
listing vulnerability. This issue is due to a design error that causes
the application to fail to properly verify user requests.
This issue will allow an attacker to gain access to sensitive information
by disclosing directory listings that could lead to further attacks
against the target system.
7. Software602 602Pro LAN Suite Web Mail Installation Path Disc...
BugTraq ID: 9781
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9781
Summary:
It has been reported that 602Pro LAN SUITE is prone to a remote
installation path disclosure vulnerability. This issue is due to the
existence of a hidden parameter embedded within the 'login' form that
specifies the installation path.
Successful exploitation of this issue may allow an attacker to gain
sensitive information about the file system that may aid in launching more
direct attacks against the system.
8. Magic Winmail Server LDapLib.PHP Remote Installation Path Di...
BugTraq ID: 9786
Remote: Yes
Date Published: Mar 02 2004
Relevant URL: http://www.securityfocus.com/bid/9786
Summary:
It has been reported that Magic Winmail Server is prone to a remote
installation path disclosure vulnerability. This issue is due to a
failure of the application to properly filter user input.
Successful exploitation of this issue may allow an attacker to gain
sensitive information about the file system that may aid in launching more
direct attacks against the system.
9. SpiderSales Shopping Cart Multiple Vulnerabilities
BugTraq ID: 9799
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9799
Summary:
Multiple vulnerabilities have been identified in the application that may
allow an attacker to obtain the private cryptographic key and gain access
to sensitive information. The application is also reported prone to an
SQL injection vulnerability that may allow an attacker to gain
administrative level access to the underlying database.
The issues exist due to improper implementation of the RSA cryptosystem by
SpiderSales and failure to sanitize user-supplied input via the 'userId'
URI parameter employed by various scripts.
SpiderSales version 2.0 is assumed to be vulnerable to these issues,
however, other versions could be affected as well.
10. BolinTech Dream FTP Server FTP Command Format String Vulnera...
BugTraq ID: 9800
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9800
Summary:
Dream FTP Server has been reported to be prone to a remote format string
vulnerability when processing a malicious request from a client.
Although it has been demonstrated that this could crash the server, the
vulnerability could also theoretically allow for execution of arbitrary
code on the system hosting the server. This would occur in the security
context of the server process.
11. Multiple Vendor HTTP Response Splitting Vulnerability
BugTraq ID: 9804
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9804
Summary:
A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning
Attacks, and Related Topics) was released to describe various attacks that
target web users through web application, browser, web/application server
and proxy implementations. These attacks are described under the general
category of HTTP Response Splitting and involve abusing various input
validation flaws in these implementations to split HTTP responses into
multiple parts in such a way that response data may be misrepresented to
client users.
Exploitation would occur by injecting variations of CR/LF sequences into
parts of HTTP response headers that the attacker may control or influence.
The general consequences of exploitation are that an attacker may
misrepresent web content to the client, potentially enticing the user to
trust the content and take actions based on this false trust.
While the various implementations listed in the paper contribute to these
attacks, this issue will most likely be exposed through web applications
that do not properly account for CR/LF sequences when accepting
user-supplied input that may be returned in server responses.
This vulnerability could also aid in exploitation of cross-site scripting
vulnerabilities.
12. SmarterTools SmarterMail Multiple Vulnerabilities
BugTraq ID: 9805
Remote: Yes
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9805
Summary:
Multiple vulnerabilities have been identified in the software that may
allow an attacker to carry out directory traversal, cross-site scripting,
and denial of service attacks.
SmarterMail version 3.1 has been reported to be prone to these issues,
however, it is possible that other versions are affected as well.
13. DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthori...
BugTraq ID: 9807
Remote: No
Date Published: Mar 04 2004
Relevant URL: http://www.securityfocus.com/bid/9807
Summary:
It has been reported that DAWKCo POP3 Server Hosting Version with WebMAIL
Extension does not properly handle timed out sessions. Because of this, it
may be possible for a user regain access to a previous session.
This could potentially expose sessions, especially in situations where
other vulnerabilities facilitate session hijacking.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Windows file move restriction (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/356181
2. DHCP through RAS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/356089
3. Article Announcements (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/355974
4. SecurityFocus Microsoft Newsletter #178 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/355926
5. Administrivia: Mass-mailing worms (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/355818
6. FPSE Admin Listner on IIS 6.0 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/355789
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Norton Internet Security 2004
By: Symantec
Platforms: Windows 95/98
Relevant URL: http://www.symantec.com/sabu/nis/nis_pe/
Summary:
Symantec's Norton Internet Security 2004 provides essential protection
from viruses, hackers, and privacy threats. Powerful yet easy to use, this
award-winning suite now includes advanced spam-fighting software to filter
unwanted mail out of your inbox. Protect yourself, your family, and your
PC online with Norton Internet Security 2004.
2. East-Tec Eraser 2004
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application
for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate
sensitive data from your computer and protect your computer and Internet
privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now
means wiping its contents beyond recovery, scrambling its name and dates
and finally removing it from disk. When you want to get rid of sensitive
files or folders beyond recovery, add them to the Eraser list of doomed
files and ask Eraser to do the job. Eraser offers tight integration with
the Windows shell, so you can drag files and folders from Explorer and
drop them in Eraser, or you can erase them directly from Explorer by
selecting Erase beyond recovery from the context menu.
3. Steganos Security Suite 6
By: Steganos
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.steganos.com/?product=SSS6&language=en
Summary:
With Steganos Data Safe, Internet Trace Destructor 6.5, Password Manager,
steganography function, E-Mail-Encryption, Deep Cleaning Shredder and much
more, The Steganos Security Suite has been one of the best-selling
encryption products for years and is used by 2 million people worldwide.
Only the most modern encryption algorithms, such as the Advanced
Encryption Standard (AES) are used. You can now save up to 128 GB* to its
four virtual drives in real time - enough space for your film archive,
large graphics files and other sensitive data.
4. Airscanner Mobile AntiVirus Pro
By: Airscanner Corp.
Platforms: Windows CE
Relevant URL: http://airscanner.com/downloads/av/av.html
Summary:
Airscanner Mobile AntiVirus Pro will quarantine or eradicate embedded
viruses and malware, has fast, optimized scanning speed based on patent
pending technology, has automatic, online updates of virus signatures and
scanning engine as well as support for PocketPC 2003/Windows Mobile 2003
and easy online updates.
In addition to an accurate virus scanner, Airscanner Mobile AntiVirus
includes these powerful tools for debugging Trojan horses:
- Intercept memory resident viruses with an advanced process discovery
tool.
- Debug Trojan hacks with an easy-to-use registry viewer.
- Uncover denial of service attacks with a rapid system analyzer.
- Enter your own custom virus signatures (for experts).
- Perform fast, recursive, and flexibly multithreaded filesystem
scanning.
5. Symantec?s Norton Internet Security 2004 Professional
By: Symantec
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.symantec.com/smallbiz/nis_pr/
Summary:
Symantec?s Norton Internet Security 2004 Professional protects you and
your business from online threats. It eliminates viruses automatically,
blocks hackers, safeguards your personal information, fights spam,
increases online productivity, recovers lost or damaged files, and
thoroughly deletes confidential data you no longer need. Available in 5
and 10-user Small Office Packs.
6. secure2trust
By: Avoco Secure
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
Summary:
secure2trust gives you the power to create documents that remain under
your corporate control throughout their entire existence. Even if you
allow another party to have a copy of your original document you can be
sure that the copy will always have your original controls as part of its
properties. The digital rights options which will control printing,
copying, viewing, etc give you persistent and secure digital asset
protection and intellectual property control. Digital rights mechanisms
are the only way to ensure document integrity in a persistent way for both
inter and intra company communications.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. TrustSight Security Hardening Tool v 1.0 Beta
By: Syhunt Inf. Ltd.
Relevant URL: http://www.syhunt.com/section.php?id=sec_hardening
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
TrustSight Security Hardening Tool parses the web server's configuration
files to detect security configuration errors. Examines the web server's
security configuration with close to 50 security checks. Supports Apache
and PHP configuration files. Produces simple, easy to read reports.
2. Big Sister v0.99b1
By: Thomas Aeby
Relevant URL: http://bigsister.sourceforge.net/
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
Big Sister is an SNMP-aware monitoring program consisting of a Web-based
server and a monitoring agent. It runs under various Unixes and Windows.
3. John the Ripper v1.6.37(dev)
By: Solar Designer
Relevant URL: http://www.openwall.com/john/
Platforms: BeOS, DOS, MacOS, Windows 2000, Windows 95/98, Windows NT
Summary:
John the Ripper is a fast password cracker, currently available for many
flavors of Unix (11 are officially supported, not counting different
architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to
detect weak Unix passwords. It supports several crypt(3) password hash
types which are most commonly found on various Unix flavors, as well as
Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types
are added with contributed patches.
4. GeneSyS v1.0
By: Balazs E. Pataki
Relevant URL: http://genesys.sztaki.hu
Platforms: UNIX, Windows 2000, Windows NT
Summary:
GeneSyS aims to define and implement a middleware architecture for generic
system monitoring and supervision. It is an Information Society Project
(IST-2001-34162) sponsored by the European Commission. It provides a
middleware- and agent-based approach for system monitoring and management.
It uses WebServices technology (SOAP) for communication between components
and XML-based descriptions of monitoring information.
5. aNTG v2.1
By: Lucas
Relevant URL: http://www.thebobo.com/antg.php
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
aNTG (another Network Traffic Grapher) is a PHP program that collects and
graphs network traffic statistics on a Linux machine.
6. Stunnel v4.05
By: Michal Trojnara, <Michal.Trojnara@mirt.net>
Relevant URL: http://stunnel.mirt.net/
Platforms: FreeBSD, Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
The stunnel program is designed to work as an SSL encryption wrapper
between remote client and local (inetd-startable) or remote server. It can
be used to add SSL functionality to commonly used inetd daemons like POP2,
POP3, and IMAP servers without any changes in the programs' code. It will
negotiate an SSL connection using the OpenSSL or SSLeay libraries. It
calls the underlying crypto libraries, so stunnel supports whatever
cryptographic algorithms you compiled into your crypto package.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue is sponsored by: Reasoning Inc.
Enter to win a free application-level software security inspection. A
$20,000 value!
Reasoning will inspect up to 100,000 lines of your toughest C/C++ code.
Pinpointing the exact location of security vulnerabilities that are the
leading target of hackers. Experience the power application scanning and
dynamic testing tools can't match.
Enter to win a free software security inspection now:
http://sic-em.steelbrick.com/REA2302/securityfocus-microsoft.jsp
------------------------------------------------------------------------
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost
of ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
---------------------------------------------------------------------------
- Previous message: Marc Fossi: "Article Announcement: IIS 6.0 Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
