SecurityFocus Microsoft Newsletter #180
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 03/16/04
- Previous message: Marc Fossi: "Article Announcement: Where to Turn?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Mar 2004 17:06:39 -0700 (MST) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #180
----------------------------------------
I. FRONT AND CENTER
1. Voice over IP Security
2. Anti-Spam Solutions and Security, Part 2
3. Where to Turn?
4. Googling Up Passwords
II. MICROSOFT VULNERABILITY SUMMARY
1. Seattle Lab Software SLWebMail Multiple Buffer Overflow Vuln...
2. Seattle Lab Software SLMail Pro Remote Buffer Overflow Vulne...
3. Invision Power Board Error Message Path Disclosure Vulnerabi...
4. Norton AntiVirus 2002 ASCII Control Character Denial Of Serv...
5. Invision Power Board Pop Parameter Cross-Site Scripting Vuln...
6. LionMax Software Chat Anywhere User IP Address Obfuscation V...
7. F-Secure SSH Server Password Authentication Policy Evasion V...
8. Microsoft Windows Media Services Remote Denial of Service Vu...
9. Microsoft Outlook Mailto Parameter Quoting Zone Bypass Vulne...
10. Microsoft MSN Messenger Information Disclosure Vulnerability
11. IBM WebSphere Unspecified Security Vulnerability
12. Invicta WMCam Server Remote Denial Of Service Vulnerability
13. Multiple Vendor Internet Browser Cookie Path Argument Restri...
III. MICROSOFT FOCUS LIST SUMMARY
1. Microsoft XP/SP2 security (Thread)
2. SecurityFocus Microsoft Newsletter #179 (Thread)
3. Article Announcement: IIS 6.0 Security (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Norton Internet Security 2004
2. East-Tec Eraser 2004
3. Steganos Security Suite 6
4. Airscanner Mobile AntiVirus Pro
5. Symantec?s Norton Internet Security 2004 Professional
6. secure2trust
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. CryptoHeaven v2.3.2
2. TrustSight Security Hardening Tool v 1.0 Beta
3. Big Sister v0.99b1
4. John the Ripper v1.6.37(dev)
5. GeneSyS v1.0
6. aNTG v2.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Voice over IP Security
By Matthew Tanase
This article discusses some of the advantages, disadvantages and security
concerns with Voice over IP telephony.
http://www.securityfocus.com/infocus/1767
2. Anti-Spam Solutions and Security, Part 2
By Dr. Neal Krawetz
The second and final part of this article series focuses on the various
types of challenge-based systems and cryptographic solutions that can be
used to combat spam and its related security issues.
http://www.securityfocus.com/infocus/1766
3. Where to Turn?
By Tim Mullen
When everyone in the security world has something to sell, it's harder
than ever to get straight answers about genuine threats.
http://www.securityfocus.com/columnists/225
4. Googling Up Passwords
By Scott Granneman
Google is in many ways the most useful tool available to the bad guys, and
the most dangerous Web site on the Internet for many, many thousands of
individuals and organizations.
http://www.securityfocus.com/columnists/224
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Seattle Lab Software SLWebMail Multiple Buffer Overflow Vuln...
BugTraq ID: 9808
Remote: Yes
Date Published: Mar 05 2004
Relevant URL: http://www.securityfocus.com/bid/9808
Summary:
It has been reported that SLWebMail is prone to multiple buffer overflow
vulnerabilities that may allow an attacker gain unauthorized access. The
vulnerabilities are reported to exist in user.dll, loadpageadmin.dll and
loadpageuser.dll.
SLWebMail shipped with SLMail Pro versions 2.0.9 and prior is reported to
be affected by these issues.
2. Seattle Lab Software SLMail Pro Remote Buffer Overflow Vulne...
BugTraq ID: 9809
Remote: Yes
Date Published: Mar 05 2004
Relevant URL: http://www.securityfocus.com/bid/9809
Summary:
A vulnerability has been discovered in the SLMail mail server that would
allow an attacker to overflow a stack based buffer with a malicious HTTP
request.
It may be possible for attackers to leverage this vulnerability to execute
instructions of their design. Any code executed would be in the security
context of the vulnerable mail server process.
3. Invision Power Board Error Message Path Disclosure Vulnerabi...
BugTraq ID: 9810
Remote: Yes
Date Published: Mar 05 2004
Relevant URL: http://www.securityfocus.com/bid/9810
Summary:
It has been reported that Invision Power Board may be prone to an
information disclosure vulnerability that may allow an attacker to
disclose the installation path. This issue can be exploited by issuing an
invalid request for uploading an image file. The path is reportedly
included in an error message displayed by the server.
Invision Board version 1.3 is reported to be vulnerable to this issue;
however, it is possible that other versions are affected as well.
4. Norton AntiVirus 2002 ASCII Control Character Denial Of Serv...
BugTraq ID: 9811
Remote: Yes
Date Published: Mar 05 2004
Relevant URL: http://www.securityfocus.com/bid/9811
Summary:
Norton AntiVirus 2002 has been reported to crash when performing manual
scans on files contained in certain folders. This is related to how the
software handles ASCII control characters (represented by decimal values
in the range of 1-31).
Although unconfirmed this issue may allow a malicious file to go
un-scanned, and so lead a user into a false sense of security.
It should be noted that the vulnerability that is described in this BID is
reported to affect manual scans only; it is not reported to affect the NAV
Auto-Protect Engine.
5. Invision Power Board Pop Parameter Cross-Site Scripting Vuln...
BugTraq ID: 9822
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9822
Summary:
It has been reported that Invision Power Board may be prone to a
cross-site scripting vulnerability. This may allow a remote attacker to
cause hostile HTML or script code to be rendered in a user's browser via a
malicious link to a vulnerable site.. The issue presents itself due to
insufficient sanitization of user-supplied data via the 'pop' URI
parameter, which will be included in dynamically generated web pages.
Invision Power Board 1.3 Final has been reported to be affected by this
issue, however, it is possible that other versions are vulnerable as well.
6. LionMax Software Chat Anywhere User IP Address Obfuscation V...
BugTraq ID: 9823
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9823
Summary:
It has been reported that Chat Anywhere may be prone to a user IP address
obfuscation vulnerability that may allow an attacker to hide their IP
address from the administrator. The issue presents itself if an attacker
uses '%00' characters at the beginning of their nickname. Due to this, it
may not be possible to ban or remove abusive users from a chat room.
Chat Anywhere 2.72 and prior are reported to be affected by this issue.
7. F-Secure SSH Server Password Authentication Policy Evasion V...
BugTraq ID: 9824
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9824
Summary:
The F-Secure SSH server is vulnerable to a password authentication policy
evasion vulnerability. This issue is due to a design error that
potentially allows a user to use password authentication when the SSH
server is configured to deny it.
This issue may give rise to weak password issues, as administrators that
believe that password authentication is disallowed may not be enforcing
strong password policies.
8. Microsoft Windows Media Services Remote Denial of Service Vu...
BugTraq ID: 9825
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9825
Summary:
It has been reported that Microsoft Windows Media Services is prone to a
remote denial of service vulnerability. This may allow an attacker to
cause the services to effectively deny access to legitimate users by
sending specially crafted TCP/IP packets on TCP ports 7007 and/or 7778.
Microsoft Windows Media Services 4.1 included with Microsoft Windows 2000
Server Service Pack 2, Service Pack 3, and Service Pack 4 is reported to
be vulnerable to this issue. Windows Media Services 4.1 for Windows NT
4.0 is not vulnerable.
9. Microsoft Outlook Mailto Parameter Quoting Zone Bypass Vulne...
BugTraq ID: 9827
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9827
Summary:
Microsoft Outlook is prone to a vulnerability that may permit execution of
arbitrary code on client systems. This issue is exposed through Outlook,
but will reportedly cause Internet Explorer to load malicious content in
the Local Zone.
This is related to how mailto URIs are handled by the software and may be
exploited from a malicious web page or through HTML e-mail. This issue
will permit a remote attacker to influence how Outlook invoked via mailto
URIs, allowing for execution of malicious scripting in the Local Zone
through an attacker-specified Outlook profile parameter.
** It was initially reported that exploitation of this issue will depend
on the Outlook Today page being the default folder homepage. Additional
details have been made available to indicate that in situations where this
is not the default page, it is possible to use two mailto URIs to exploit
the issue. The first URI would display the Outlook Today view and the
second would include an embedded JavaScript URI.
10. Microsoft MSN Messenger Information Disclosure Vulnerability
BugTraq ID: 9828
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9828
Summary:
Microsoft MSN Messenger is prone to an information disclosure
vulnerability. When a malformed file transfer request is initiated by a
remote user, they may be able to view the contents of files on the remote
system.
11. IBM WebSphere Unspecified Security Vulnerability
BugTraq ID: 9833
Remote: Unknown
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9833
Summary:
IBM WebSphere for z/OS platforms has been reported prone to an unspecified
security vulnerability. It has been conjectured that this issue may be
exploited to compromise an affected system to some degree, however there
are insufficient details to determine cause or consequences at this
present time.
This BID will be updated as further details regarding this vulnerability
are released.
12. Invicta WMCam Server Remote Denial Of Service Vulnerability
BugTraq ID: 9839
Remote: Yes
Date Published: Mar 10 2004
Relevant URL: http://www.securityfocus.com/bid/9839
Summary:
It has been reported that wMCam is prone to a remote denial of service
vulnerability. This issue is due to a failure of the application to
handle malformed requests.
Successful exploitation of this issue will cause a denial of service
condition in the affected software.
13. Multiple Vendor Internet Browser Cookie Path Argument Restri...
BugTraq ID: 9841
Remote: Yes
Date Published: Mar 10 2004
Relevant URL: http://www.securityfocus.com/bid/9841
Summary:
Multiple vendor Internet Browsers have been reported to be prone to a
cookie path argument restriction bypass vulnerability. The issue presents
itself due to a failure to properly sanitize encoded URI content, this may
make it possible for an attacker to craft a URI that will contain encoded
directory traversal sequences sufficient to provide access to a supposedly
path exclusive cookie from an alternate path.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Microsoft XP/SP2 security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/356883
2. SecurityFocus Microsoft Newsletter #179 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/356731
3. Article Announcement: IIS 6.0 Security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/356588
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Norton Internet Security 2004
By: Symantec
Platforms: Windows 95/98
Relevant URL: http://www.symantec.com/sabu/nis/nis_pe/
Summary:
Symantec's Norton Internet Security 2004 provides essential protection
from viruses, hackers, and privacy threats. Powerful yet easy to use, this
award-winning suite now includes advanced spam-fighting software to filter
unwanted mail out of your inbox. Protect yourself, your family, and your
PC online with Norton Internet Security 2004.
2. East-Tec Eraser 2004
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application
for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate
sensitive data from your computer and protect your computer and Internet
privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now
means wiping its contents beyond recovery, scrambling its name and dates
and finally removing it from disk. When you want to get rid of sensitive
files or folders beyond recovery, add them to the Eraser list of doomed
files and ask Eraser to do the job. Eraser offers tight integration with
the Windows shell, so you can drag files and folders from Explorer and
drop them in Eraser, or you can erase them directly from Explorer by
selecting Erase beyond recovery from the context menu.
3. Steganos Security Suite 6
By: Steganos
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.steganos.com/?product=SSS6&language=en
Summary:
With Steganos Data Safe, Internet Trace Destructor 6.5, Password Manager,
steganography function, E-Mail-Encryption, Deep Cleaning Shredder and much
more, The Steganos Security Suite has been one of the best-selling
encryption products for years and is used by 2 million people worldwide.
Only the most modern encryption algorithms, such as the Advanced
Encryption Standard (AES) are used. You can now save up to 128 GB* to its
four virtual drives in real time - enough space for your film archive,
large graphics files and other sensitive data.
4. Airscanner Mobile AntiVirus Pro
By: Airscanner Corp.
Platforms: Windows CE
Relevant URL: http://airscanner.com/downloads/av/av.html
Summary:
Airscanner Mobile AntiVirus Pro will quarantine or eradicate embedded
viruses and malware, has fast, optimized scanning speed based on patent
pending technology, has automatic, online updates of virus signatures and
scanning engine as well as support for PocketPC 2003/Windows Mobile 2003
and easy online updates.
In addition to an accurate virus scanner, Airscanner Mobile AntiVirus
includes these powerful tools for debugging Trojan horses:
- Intercept memory resident viruses with an advanced process discovery
tool.
- Debug Trojan hacks with an easy-to-use registry viewer.
- Uncover denial of service attacks with a rapid system analyzer.
- Enter your own custom virus signatures (for experts).
- Perform fast, recursive, and flexibly multithreaded filesystem
scanning.
5. Symantec?s Norton Internet Security 2004 Professional
By: Symantec
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.symantec.com/smallbiz/nis_pr/
Summary:
Symantec?s Norton Internet Security 2004 Professional protects you and
your business from online threats. It eliminates viruses automatically,
blocks hackers, safeguards your personal information, fights spam,
increases online productivity, recovers lost or damaged files, and
thoroughly deletes confidential data you no longer need. Available in 5
and 10-user Small Office Packs.
6. secure2trust
By: Avoco Secure
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
Summary:
secure2trust gives you the power to create documents that remain under
your corporate control throughout their entire existence. Even if you
allow another party to have a copy of your original document you can be
sure that the copy will always have your original controls as part of its
properties. The digital rights options which will control printing,
copying, viewing, etc give you persistent and secure digital asset
protection and intellectual property control. Digital rights mechanisms
are the only way to ensure document integrity in a persistent way for both
inter and intra company communications.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. CryptoHeaven v2.3.2
By: Marcin Kurzawa <marcin@cryptoheaven.com>
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
CryptoHeaven offers secure email and online file sharing/storage. Its main
features are secure and highly encrypted services such as group
collaboration, file sharing, email, online storage, and instant messaging.
It integrates multi-user based security into email, instant messaging, and
file storage and sharing in one unique package. It provides real time
communication for text and data transfers in a multi-user secure
environment. The security and usability of CryptoHeaven is well-balanced;
even the no-so-technically oriented computer users can enjoy this crypto
product with very high level of encryption.
2. TrustSight Security Hardening Tool v 1.0 Beta
By: Syhunt Inf. Ltd.
Relevant URL: http://www.syhunt.com/section.php?id=sec_hardening
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
TrustSight Security Hardening Tool parses the web server's configuration
files to detect security configuration errors. Examines the web server's
security configuration with close to 50 security checks. Supports Apache
and PHP configuration files. Produces simple, easy to read reports.
3. Big Sister v0.99b1
By: Thomas Aeby
Relevant URL: http://bigsister.sourceforge.net/
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
Big Sister is an SNMP-aware monitoring program consisting of a Web-based
server and a monitoring agent. It runs under various Unixes and Windows.
4. John the Ripper v1.6.37(dev)
By: Solar Designer
Relevant URL: http://www.openwall.com/john/
Platforms: BeOS, DOS, MacOS, Windows 2000, Windows 95/98, Windows NT
Summary:
John the Ripper is a fast password cracker, currently available for many
flavors of Unix (11 are officially supported, not counting different
architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to
detect weak Unix passwords. It supports several crypt(3) password hash
types which are most commonly found on various Unix flavors, as well as
Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types
are added with contributed patches.
5. GeneSyS v1.0
By: Balazs E. Pataki
Relevant URL: http://genesys.sztaki.hu
Platforms: UNIX, Windows 2000, Windows NT
Summary:
GeneSyS aims to define and implement a middleware architecture for generic
system monitoring and supervision. It is an Information Society Project
(IST-2001-34162) sponsored by the European Commission. It provides a
middleware- and agent-based approach for system monitoring and management.
It uses WebServices technology (SOAP) for communication between components
and XML-based descriptions of monitoring information.
6. aNTG v2.1
By: Lucas
Relevant URL: http://www.thebobo.com/antg.php
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
aNTG (another Network Traffic Grapher) is a PHP program that collects and
graphs network traffic statistics on a Linux machine.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
------------------------------------------------------------------------
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost
of ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
---------------------------------------------------------------------------
- Previous message: Marc Fossi: "Article Announcement: Where to Turn?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
