SecurityFocus Microsoft Newsletter #186

From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 04/27/04

  • Next message: Marc Fossi: "Article Announcement: Common Security Vulnerabilities in e-commerce systems"
    Date: Tue, 27 Apr 2004 07:12:00 -0600 (MDT)
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #186
    ----------------------------------------

    This Issue is Sponsored By: SecurityFocus

    Want to keep up on the latest security vulnerabilities? Don't have time to
    visit a myriad of mailing lists and websites to read the news? Just add
    the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
    the latest posts for Bugtraq and the SF Vulnernability database in one
    convenient place. Or, pull in the latest news, columnists and feature
    articles in the SecurityFocus aggregated news feed, and stay on top of
    what's happening in the community!

    http://www.securityfocus.com/rss/index.shtml

    ------------------------------------------------------------------------
    I. FRONT AND CENTER
         1. Common Security Vulnerabilities in e-commerce systems
         2. Protecting Road Warriors: Managing Security for Mobile Users (Part One)
    II. MICROSOFT VULNERABILITY SUMMARY
         1. WinSCP Long URI Handling Memory Corruption Vulnerability
         2. Microsoft Visual Studio .NET Debugger Privilege Enforcement ...
         3. Microsoft Internet Explorer Object Element Data Denial Of Se...
         4. Fastream NetFile FTP/Web Server Denial Of Service Vulnerabil...
         5. PHPBB Common.php IP Address Spoofing Vulnerability
         6. Phorum Phorum_URIAuth SQL Injection Vulnerability
         7. Softwin BitDefender AvxScanOnlineCtrl COM Object Remote File...
         8. Softwin BitDefender AvxScanOnlineCtrl COM Object Information...
         9. Avaya Visual Vectors Server Default World Writable Script Vu...
         10. PHPBB album_portal.php Remote File Include Vulnerability
         11. RhinoSoft Serv-U FTP Server LIST Parameter Buffer Overflow V...
         12. PostNuke Pheonix Multiple Cross-Site Scripting And Path Disc...
         13. Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabili...
         14. NewsTraXor Remote Database Disclosure Vulnerability
    III. MICROSOFT FOCUS LIST SUMMARY
         1. IPSec 'window size' (Thread)
         2. EventID 256 (Thread)
         3. IPSec rules (Thread)
         4. SecurityFocus Microsoft Newsletter #185 (Thread)
    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
         1. Norton Internet Security 2004
         2. East-Tec Eraser 2004
         3. Steganos Security Suite 6
         4. Symantec?s Norton Internet Security 2004 Professional
         5. secure2trust
         6. N-Stealth Security Scanner
    V. NEW TOOLS FOR MICROSOFT PLATFORMS
         1. Chwinpw v1.0
         2. N-Stealth HTTP Security Scanner v5.2
         3. CryptoHeaven v2.3.3
         4. Telconi Terminal for Cisco IOS v0.6a
         5. UnlimitedFTP.Secure v2.8.1
         6. PGP Java API v2.0
    VI. UNSUBSCRIBE INSTRUCTIONS
    VII. SPONSOR INFORMATION

    I. FRONT AND CENTER
    -------------------
    1. Common Security Vulnerabilities in e-commerce systems
    By K. K. Mookhey

    This article discusses common attacks and vulnerabilities in e-commerce
    shopping cart systems, with reference to SecurityFocus vulnerability
    reports where relevant.

    http://www.securityfocus.com/infocus/1775

    2. Protecting Road Warriors: Managing Security for Mobile Users (Part One)
    By Bob Rudis

    This is the first of a two-part series that focuses on the centralized
    management of security for mobile users. Part one introduces vendor-
    neutral questions you should consider about firewalls and anti-virus
    software for your mobile users.

    http://www.securityfocus.com/infocus/1777

    II. MICROSOFT VULNERABILITY SUMMARY
    -----------------------------------
    1. WinSCP Long URI Handling Memory Corruption Vulnerability
    BugTraq ID: 10160
    Remote: Yes
    Date Published: Apr 16 2004
    Relevant URL: http://www.securityfocus.com/bid/10160
    Summary:
    It has been reported that WinSCP may be prone to a denial of service condition resulting from memory corruption. This issue occurs when the application attempts to handle excessively long 'sftp:' or 'scp' addresses.

    WinSCP 3.5.6 is reported to be vulnerable to this issue, however, it is possible that other versions are affected as well.

    2. Microsoft Visual Studio .NET Debugger Privilege Enforcement ...
    BugTraq ID: 10161
    Remote: No
    Date Published: Apr 16 2004
    Relevant URL: http://www.securityfocus.com/bid/10161
    Summary:
    Reportedly the Microsoft Visual Studio .NET Debugger, included with Microsoft Office XP, is affected by an unspecified weakness. This issue is due to a configuration error that allows users outside of the Administrator and Debbugger groups to debug JavaScripts.

    This could potentially allow an attacker to gain access to a script that is currently being debugged with the affected server. It may also allow an attacker to inject arbitrary script code into a script that is currently being debugged, which would execute with the privileges of the user debugging the target script.

    3. Microsoft Internet Explorer Object Element Data Denial Of Se...
    BugTraq ID: 10167
    Remote: Yes
    Date Published: Apr 17 2004
    Relevant URL: http://www.securityfocus.com/bid/10167
    Summary:
    A denial of service vulnerability has been reported in Microsoft Internet Explorer. This condition may occur when a malicious web page specifies an Object element with a data property that has a value of "?" or "#" in addition to specifying a type property that refers to an image type. The vulnerability will reportedly cause the browser to crash.

    4. Fastream NetFile FTP/Web Server Denial Of Service Vulnerabil...
    BugTraq ID: 10169
    Remote: Yes
    Date Published: Apr 19 2004
    Relevant URL: http://www.securityfocus.com/bid/10169
    Summary:
    A vulnerability has been reported in Fastream NetFILE FTP/Web Server that may permit remote attackers to cause a denial of service. This issue occurs when a remote user attempts to login as a non-existent user.

    5. PHPBB Common.php IP Address Spoofing Vulnerability
    BugTraq ID: 10170
    Remote: Yes
    Date Published: Apr 19 2004
    Relevant URL: http://www.securityfocus.com/bid/10170
    Summary:
    It has been reported that phpBB may be prone to a vulnerability that may allow a remote attacker to spoof their IP address. As a result, an attacker would hide their identity and bypass IP restrictions enabled by an administrator.

    phpBB versions 2.0.8a and prior are reported to be affected by this issue.

    6. Phorum Phorum_URIAuth SQL Injection Vulnerability
    BugTraq ID: 10173
    Remote: Yes
    Date Published: Apr 19 2004
    Relevant URL: http://www.securityfocus.com/bid/10173
    Summary:
    Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input.

    This issue may allow a remote attacker to manipulate query logic, leading to unauthorized access to sensitive information such as the user password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

    7. Softwin BitDefender AvxScanOnlineCtrl COM Object Remote File...
    BugTraq ID: 10174
    Remote: Yes
    Date Published: Apr 19 2004
    Relevant URL: http://www.securityfocus.com/bid/10174
    Summary:
    Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. This issue is due to a design error that allows a remote user to specify a file to be uploaded and executed on a system running the affected software.

    This issue may be leveraged by a remote attacker to upload and execute arbitrary files on an affected system; most likely resulting in unauthorized access. Other attackers are also possible.

    8. Softwin BitDefender AvxScanOnlineCtrl COM Object Information...
    BugTraq ID: 10175
    Remote: Yes
    Date Published: Apr 19 2004
    Relevant URL: http://www.securityfocus.com/bid/10175
    Summary:
    Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by an information disclosure vulnerability. This issue is due to a design error that allows a remote user to execute a method in the offending object that provides access to unauthorized information.

    This issue would allow an attacker to gain access system information that may be used to aid in further attacks.

    9. Avaya Visual Vectors Server Default World Writable Script Vu...
    BugTraq ID: 10176
    Remote: No
    Date Published: Apr 19 2004
    Relevant URL: http://www.securityfocus.com/bid/10176
    Summary:
    Visual Vectors is reportedly affected by a local default world writable script vulnerability. This issue is due to a configuration error implemented by default on installation.

    A local attacker may leverage this issue by updating the affected script to contain malicious script code, which will be executed by the root user when the script is activated.

    10. PHPBB album_portal.php Remote File Include Vulnerability
    BugTraq ID: 10177
    Remote: Yes
    Date Published: Apr 19 2004
    Relevant URL: http://www.securityfocus.com/bid/10177
    Summary:
    It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system.

    11. RhinoSoft Serv-U FTP Server LIST Parameter Buffer Overflow V...
    BugTraq ID: 10181
    Remote: Yes
    Date Published: Apr 20 2004
    Relevant URL: http://www.securityfocus.com/bid/10181
    Summary:
    Reportedly Serv-U is affected by a remote buffer overflow vulnerability in the list parameter. This issue is due to a failure of the application to properly validate buffer boundaries during processing of user input.

    Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application, although this has not been confirmed.

    12. PostNuke Pheonix Multiple Cross-Site Scripting And Path Disc...
    BugTraq ID: 10191
    Remote: Yes
    Date Published: Apr 21 2004
    Relevant URL: http://www.securityfocus.com/bid/10191
    Summary:
    Multiple vulnerabilities were reported to exist in PostNuke Pheonix. The following specific vulnerabilities were reported:

    - Multiple path disclosure vulnerabilities that occur when a user directly requests scripts in the "/includes/blocks/" and "pnadodb" directories. This issue also affects scripts that are associated in multiple modules.

    - Multiple cross-site scripting vulnerabilities were reported in the Downloads and Web_Links modules as well as the openwindow.php script. These issues may permit remote attackers to cause hostile HTML and script code to be interpreted by a victim user's browser.

    13. Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabili...
    BugTraq ID: 10193
    Remote: Yes
    Date Published: Apr 22 2004
    Relevant URL: http://www.securityfocus.com/bid/10193
    Summary:
    It has been reported that the xine media player and the xine media library are affected by multiple remote file overwrite vulnerabilities. This is due to a design error that allows various media resource file configurations to write to arbitrary files.

    It is possible to set these configuration parameters to write to arbitrary files on the affected system. It should be noted that this issue, as it is currently known, only affects Sun based systems as well as those using the DXR3 or Hollywood+ MPEG decoder audio card. It has been conjectured however that similar configuration parameters exists that affect other systems.

    14. NewsTraXor Remote Database Disclosure Vulnerability
    BugTraq ID: 10194
    Remote: Yes
    Date Published: Apr 22 2004
    Relevant URL: http://www.securityfocus.com/bid/10194
    Summary:
    Reportedly NewsTraXor is affected by a remote database disclosure vulnerability. This issue is due to a design error that allows the database file to be globally readable.

    This issue may allow a remote attacker to gain unauthorized administrative access to the affected web application.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. IPSec 'window size' (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/361396

    2. EventID 256 (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/361394

    3. IPSec rules (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/361024

    4. SecurityFocus Microsoft Newsletter #185 (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/360747

    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
    ----------------------------------------
    1. Norton Internet Security 2004
    By: Symantec
    Platforms: Windows 95/98
    Relevant URL: http://www.symantec.com/sabu/nis/nis_pe/
    Summary:

    Symantec's Norton Internet Security 2004 provides essential protection from viruses, hackers, and privacy threats. Powerful yet easy to use, this award-winning suite now includes advanced spam-fighting software to filter unwanted mail out of your inbox. Protect yourself, your family, and your PC online with Norton Internet Security 2004.

    2. East-Tec Eraser 2004
    By: EAST Technologies
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL: http://www.east-tec.com/eraser/index.htm
    Summary:

    East-Tec Eraser ("Eraser" in short) is an advanced security application for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate sensitive data from your computer and protect your computer and Internet privacy.

    Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now means wiping its contents beyond recovery, scrambling its name and dates and finally removing it from disk. When you want to get rid of sensitive files or folders beyond recovery, add them to the Eraser list of doomed files and ask Eraser to do the job. Eraser offers tight integration with the Windows shell, so you can drag files and folders from Explorer and drop them in Eraser, or you can erase them directly from Explorer by selecting Erase beyond recovery from the context menu.

    3. Steganos Security Suite 6
    By: Steganos
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL: http://www.steganos.com/?product=SSS6&language=en
    Summary:

    With Steganos Data Safe, Internet Trace Destructor 6.5, Password Manager, steganography function, E-Mail-Encryption, Deep Cleaning Shredder and much more, The Steganos Security Suite has been one of the best-selling encryption products for years and is used by 2 million people worldwide. Only the most modern encryption algorithms, such as the Advanced Encryption Standard (AES) are used. You can now save up to 128 GB* to its four virtual drives in real time - enough space for your film archive, large graphics files and other sensitive data.

    4. Symantec?s Norton Internet Security 2004 Professional
    By: Symantec
    Platforms: Windows 2000, Windows 95/98, Windows XP
    Relevant URL: http://www.symantec.com/smallbiz/nis_pr/
    Summary:

    Symantec?s Norton Internet Security 2004 Professional protects you and your business from online threats. It eliminates viruses automatically, blocks hackers, safeguards your personal information, fights spam, increases online productivity, recovers lost or damaged files, and thoroughly deletes confidential data you no longer need. Available in 5 and 10-user Small Office Packs.

    5. secure2trust
    By: Avoco Secure
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
    Summary:

    secure2trust gives you the power to create documents that remain under your corporate control throughout their entire existence. Even if you allow another party to have a copy of your original document you can be sure that the copy will always have your original controls as part of its properties. The digital rights options which will control printing, copying, viewing, etc give you persistent and secure digital asset protection and intellectual property control. Digital rights mechanisms are the only way to ensure document integrity in a persistent way for both inter and intra company communications.

    6. N-Stealth Security Scanner
    By: N-Stalker
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL: http://www.nstalker.com/products/nstealth/
    Summary:

    N-Stealth is a vulnerability-assessment product that scans web servers to identify security problems and weaknesses that might allow an attacker to gain privileged access. The software comes with an extensive database of over 30,000 vulnerabilities and exploits. N-Stealth® is more actively maintained than the network security scanners and consequently has a larger database of vulnerabilities.

    V. NEW TOOLS FOR MICROSOFT PLATFORMS
    ------------------------------------
    1. Chwinpw v1.0
    By: <tevfik@itefix.no>
    Relevant URL: http://www.itefix.no/chwinpw/
    Platforms: Windows 2000, Windows NT, Windows XP
    Summary:

    Chwinpw is a small command line utility that can securely change passwords on remote windows machines. It can help to enforce a higher degree of security, by periodic password maintenance of vital accounts. Chwinpw can be run from a logon script or from a central location. It is also possible to instruct chwinpw to make bulk changes.

    2. N-Stealth HTTP Security Scanner v5.2
    By: qw erty <qw@erty.net >
    Relevant URL: http://www.nstalker.com/products/nstealth/download.php
    Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
    Summary:

    N-Stealth is a comprehensive web server security-auditing tool that scans for over 30,000 vulnerabilities. It is ideal for system administrators, security consultant and IT professionals.

    3. CryptoHeaven v2.3.3
    By: Marcin Kurzawa <marcin@cryptoheaven.com>
    Relevant URL: http://www.cryptoheaven.com/
    Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
    Summary:

    CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.

    4. Telconi Terminal for Cisco IOS v0.6a
    By: Stywiz
    Relevant URL: http://www.telconi.com/
    Platforms: Linux, MacOS, UNIX, Windows 2000, Windows NT, Windows XP
    Summary:

    Telconi Terminal is an unique network management application with interactive full-screen configuration editing, browsing, help facility support, debugging, and more. It focuses on common Cisco IOS functionality present with any hardware or software configuration, and complements the command line interface with a rich set of features. It is intended for users with knowledge of Cisco IOS, and is designed to work with any IOS-based device, such as routers and switches.

    5. UnlimitedFTP.Secure v2.8.1
    By: Unlimi-Tech Software Inc.
    Relevant URL: http://www.unlimitedftp.ca/uftps/webdemo/index.jsp
    Platforms: Windows 2000, Windows NT, Windows XP
    Summary:

    UnlimitedFTP.Secure is a secure FTP applet that runs in a Web browser. It provides the ability to connect securely to any server that supports the SFTP or FTPS protocols.

    6. PGP Java API v2.0
    By: CrypTom
    Relevant URL: http://www.cryptography.ch/projects/pgpjava
    Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
    Summary:

    The PGP Java API provides access to a PGP implementation which is based on PGP 2.3a. The PGP implementation will be compiled as a shared object, which will be accessible to Java via the Java Native Interface (JNI). The PGPi class provides the methods you can use to interact with PGP. All the encrypted / signed files you generate with this API are compatible with PGP 2.6.3i and vice versa. You can use the same keyrings, too.

    VI. UNSUBSCRIBE INSTRUCTIONS
    ----------------------------
    To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

    If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

    VII. SPONSOR INFORMATION
    -----------------------

    This Issue is Sponsored By: SecurityFocus

    Want to keep up on the latest security vulnerabilities? Don't have time to
    visit a myriad of mailing lists and websites to read the news? Just add
    the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
    the latest posts for Bugtraq and the SF Vulnernability database in one
    convenient place. Or, pull in the latest news, columnists and feature
    articles in the SecurityFocus aggregated news feed, and stay on top of
    what's happening in the community!

    http://www.securityfocus.com/rss/index.shtml

    ------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Marc Fossi: "Article Announcement: Common Security Vulnerabilities in e-commerce systems"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #187
      ... Want to keep up on the latest security vulnerabilities? ... OpenBB Private Message Disclosure Vulnerability ... Relevant URL: http://www.securityfocus.com/bid/10199 ... Immediate consequences of exploit attempts may result in the web browser instance, and all windows spawned from it, crashing when the malicious site is viewed. ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #61
      ... Cisco 12000 Series Internet Router Denial Of Service Vulnerability ... Microsoft Windows 2000 RunAs Service Named Pipe Hijacking... ... Reach the LARGEST audience of security professionals with SecurityFocus ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #176
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #242
      ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
      (Focus-Microsoft)
    • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
      ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
      (Securiteam)