SecurityFocus Microsoft Newsletter #203
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 08/25/04
- Previous message: Pawel.Janowski_at_bremultibank.com.pl: "RE: COM+ with ASP web site on W2K3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Aug 2004 08:28:13 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #203
----------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Valuing Secure Access to Personal Information
2. Infected In Twenty Minutes
3. Using Libwhisker
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Spoofed Address Bar Vulnerabilit...
2. Adobe Acrobat/Acrobat Reader ActiveX Control URI Request Hea...
3. PScript PForum User Profile HTML Injection Vulnerability
4. Pedestal Software Integrity Protection Driver Local Denial O...
5. Merak Mail Server Webmail Multiple Vulnerabilities
6. Microsoft Internet Explorer Drag And Drop File Installation ...
7. Multiple Qt Image Handling Heap Overflow Vulnerabilities
8. Microsoft Internet Explorer MHTML Content-Location Cross Sec...
9. Microsoft NTP Time Synchronization Spoof Weakness
10. Working Resources BadBlue Webserver Denial Of Service Vulner...
11. British National Corpus SARA Remote Buffer Overflow Vulnerab...
12. Zone Labs ZoneAlarm/ZoneAlarm Pro Weak Default Permissions V...
13. Nihuo Web Log Analyzer HTML Injection Vulnerability
14. aGSM Half-Life Server Info Response Buffer Overflow Vulnerab...
III. MICROSOFT FOCUS LIST SUMMARY
1. COM+ with ASP web site on W2K3 (Thread)
2. MS binary integrity baseline (Thread)
3. Python Hash File Builder/Checker (Thread)
4. SecurityFocus Microsoft Newsletter #202 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Firewall RuleMaker
2. CAT Cellular Authentication Token and eAuthentication Servic...
3. KeyCaptor Keylogger
4. SpyBuster
5. FreezeX
6. NeoExec for Active Directory
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. K-MAC 1.0.0.4
2. Honeynet Security Console 1.1.1
3. IDS Policy Manager v1.4.1
4. cenfw 0.3b
5. zigstack 5
6. MonitorMagic - Server & Network Monitor 6.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Valuing Secure Access to Personal Information
By Ben Malisow
This article seeks to answer the question: is your personal data safe? Or
do you give it away during almost every transaction you make with
government or commercial entities?
http://www.securityfocus.com/infocus/1797
2. Infected In Twenty Minutes
By Scott Granneman
What normally happens within twenty minutes? That's how long your average
unprotected PC running Windows XP, fresh out of the box, will last once
it's connected to the Internet.
http://www.securityfocus.com/columnists/262
3. Using Libwhisker
By Neil Desai
This article discusses the use of Libwhisker, a PERL module which allows
for the creation of custom HTTP packets and can be used for penetration
testing various web applications.
http://www.securityfocus.com/infocus/1798
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Internet Explorer Spoofed Address Bar Vulnerabilit...
BugTraq ID: 10943
Remote: Yes
Date Published: Aug 16 2004
Relevant URL: http://www.securityfocus.com/bid/10943
Summary:
Microsoft Internet Explorer may allow a malicious Web page to spoof the address bar of the browser. This could be used to lure Web users into a false sense of trust since a malicious or spoofed site may pose as a site that is trusted by the user. This could facilitate phishing attacks.
It may also be possible to exploit this issue through HTML email.
2. Adobe Acrobat/Acrobat Reader ActiveX Control URI Request Hea...
BugTraq ID: 10947
Remote: Yes
Date Published: Aug 16 2004
Relevant URL: http://www.securityfocus.com/bid/10947
Summary:
Adobe Acrobat/Acrobat Reader ActiveX control (pdf.ocx) is reported prone to a heap-based buffer overrun vulnerability, the issue presents itself due to a lack of sufficient boundary checking performed on URI data of GET requests.
It is reported that Microsoft IIS and Netscape Enterprise servers employ NULL bytes as URI terminators and so these HTTP servers may be used to launch an attack.
When a malicious URI is followed, the URI is copied into heap-based memory of the affected software without sufficient boundary checks. This results in heap-based memory management chunks being trampled by attacker-supplied URI data.
Ultimately this vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of the user who is running the vulnerable software.
3. PScript PForum User Profile HTML Injection Vulnerability
BugTraq ID: 10954
Remote: Yes
Date Published: Aug 16 2004
Relevant URL: http://www.securityfocus.com/bid/10954
Summary:
PScript PForum is reported prone to a HTML injection vulnerability. The vulnerability presents itself due to a lack of sufficient sanitization performed on data submitted through input fields of the PForum user profile form.
This could be exploited to steal cookie-based authentication credentials. It is also possible to use this type of vulnerability as an attack vector to exploit latent browser security flaws.
4. Pedestal Software Integrity Protection Driver Local Denial O...
BugTraq ID: 10965
Remote: No
Date Published: Aug 17 2004
Relevant URL: http://www.securityfocus.com/bid/10965
Summary:
IPD is reported prone to a local denial of service vulnerability. IPD installs Kernel hooks to implement system access controls. It is reported that some of these hooks do not properly validate data that is passed as arguments to hooked functions. As a result, a local attacker may trigger a denial of service.
5. Merak Mail Server Webmail Multiple Vulnerabilities
BugTraq ID: 10966
Remote: Yes
Date Published: Aug 17 2004
Relevant URL: http://www.securityfocus.com/bid/10966
Summary:
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
These vulnerabilities are reported to exist in versions prior to 7.5.2.
6. Microsoft Internet Explorer Drag And Drop File Installation ...
BugTraq ID: 10973
Remote: Yes
Date Published: Aug 18 2004
Relevant URL: http://www.securityfocus.com/bid/10973
Summary:
Microsoft Internet Explorer is reported prone to a vulnerability that may allow unauthorized installation of malicious executables. It is reported that drag and drop along with browser style functionality may be employed by an attacker to install a file into the startup folder on a victim's computer with some degree of user interaction.
An attacker may exploit this vulnerability to influence a target victim into unknowingly installing software on a target system. Since the malicious executable is placed in the startup folder, it will run when the system is restarted.
7. Multiple Qt Image Handling Heap Overflow Vulnerabilities
BugTraq ID: 10977
Remote: Yes
Date Published: Aug 19 2004
Relevant URL: http://www.securityfocus.com/bid/10977
Summary:
Multiple heap overflows have been reported to exist in the Qt QImage library. These issues may be triggered when handling malformed images of various types, potentially causing a denial of service in applications that use the library to render images. Remote code execution is also possible.
8. Microsoft Internet Explorer MHTML Content-Location Cross Sec...
BugTraq ID: 10979
Remote: Yes
Date Published: Aug 19 2004
Relevant URL: http://www.securityfocus.com/bid/10979
Summary:
Microsoft Internet Explorer is reported prone to a cross security domain scripting vulnerability. The issue is reported to present itself when a malicious MHTML file is rendered.
A proof of concept for this issue employs Content-Location attributes in a MHTML file that are sufficient to trick Internet Explorer into executing script contained in the MHTML file in the intra-net security Zone.
This issue is reported to affect Microsoft Internet Explorer when it is installed on a computer that is running Microsoft Windows XP Service Pack 2.
This BID will be updated as further analysis of this vulnerability is completed.
9. Microsoft NTP Time Synchronization Spoof Weakness
BugTraq ID: 10980
Remote: Yes
Date Published: Aug 19 2004
Relevant URL: http://www.securityfocus.com/bid/10980
Summary:
It is reported that the NTP implementation in Microsoft operating systems is vulnerable to time spoofing attacks.
An attacker may be able to alter the time on the domain controller, causing the entire domain to synchronize with the attacker specified time in Windows 2000 operating systems. With Windows XP and 2003 operating systems, an attacker may be able to create very large differences between server and workstation times.
This weakness may allow an attacker to deny service to legitimate users, as correct time is required for many operations, including domain authentication, X.509 certificate expiration times. Other attacks may also be possible.
This weakness is reported to exist in all versions of Microsoft operating systems that include Active Directory support.
10. Working Resources BadBlue Webserver Denial Of Service Vulner...
BugTraq ID: 10983
Remote: Yes
Date Published: Aug 20 2004
Relevant URL: http://www.securityfocus.com/bid/10983
Summary:
Working Resources BadBlue Webserver is intended to share various resources and is developed for Microsoft Windows environments.
It is reported that BadBlue Webserver is susceptible to a denial of service vulnerability.
This vulnerability allows an attacker to deny service to legitimate users, by causing the web server to deny all incoming HTTP requests.
Version 2.5 of the BadBlue Webserver is reportedly affected by this vulnerability. Other versions may also be affected.
11. British National Corpus SARA Remote Buffer Overflow Vulnerab...
BugTraq ID: 10984
Remote: Yes
Date Published: Aug 20 2004
Relevant URL: http://www.securityfocus.com/bid/10984
Summary:
sarad is reported prone to a buffer overflow vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
A remote attacker can trigger the overflow condition by supplying a large string value to the application. Arbitrary code execution is possible in the context of the server.
In addition to this issue, it is reported that various other instances of potential buffer overflow and format string vulnerabilities exist throughout the application. These issues exist due to the use of strcpy() and sprintf functions. This BID will be updated upon further analysis.
12. Zone Labs ZoneAlarm/ZoneAlarm Pro Weak Default Permissions V...
BugTraq ID: 10987
Remote: No
Date Published: Aug 20 2004
Relevant URL: http://www.securityfocus.com/bid/10987
Summary:
It is reported that ZoneLabs ZoneAlarm/ZoneAlarm Pro is affected by a weak default permissions vulnerability. It is reported that the folder used to store log and configuration files by ZoneAlarm is installed with weak permissions.
An attacker with local interactive access to a system may delete log entries to hide potentially malicious activities; other attacks may also be possible.
13. Nihuo Web Log Analyzer HTML Injection Vulnerability
BugTraq ID: 10988
Remote: Yes
Date Published: Aug 20 2004
Relevant URL: http://www.securityfocus.com/bid/10988
Summary:
An HTML injection vulnerability is reported in Nihuo Web Log Analyzer. The problem occurs due to a lack of proper sanitization of user-supplied input data.
Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.
Version 1.6 was reported vulnerable to this issue. Other versions may also be affected.
14. aGSM Half-Life Server Info Response Buffer Overflow Vulnerab...
BugTraq ID: 10989
Remote: Yes
Date Published: Aug 20 2004
Relevant URL: http://www.securityfocus.com/bid/10989
Summary:
aGSM is reported prone to a remote buffer overflow vulnerability. The issue presents itself in the aGSM server information parsing routines for Half-Life game servers. Due to a lack of sufficient bounds checking performed on the hostname parameter in a server reply to an info request, a malicious server may execute arbitrary code on an affected client.
It should be noted that although aGSM version 2.35c is reported prone to this vulnerability, other versions might also be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. COM+ with ASP web site on W2K3 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/372779
2. MS binary integrity baseline (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/372594
3. Python Hash File Builder/Checker (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/372423
4. SecurityFocus Microsoft Newsletter #202 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/372252
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control software product for managers of Cisco PIX and Netscreen firewalls.
2. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
3. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
4. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
5. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
6. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. K-MAC 1.0.0.4
By: M. Neset KABAKLI
Relevant URL: http://www.neset.com
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
K-MAC is an ethernet MAC address changer for Windows. It's very useful for dealing with MAC filters and other MAC based controls.
2. Honeynet Security Console 1.1.1
By: Activeworx, Inc.
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows XP
Summary:
Honeynet Security Console is an analysis tool to view events on your personal honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. It also allows you to correlate events from each of these data types to have a full grasp of the attackers' actions.
3. IDS Policy Manager v1.4.1
By: ActiveWorx
Relevant URL: http://www.activeworx.com/idspm/
Platforms: Windows 2000, Windows XP
Summary:
IDS Policy Manager - is a powerful way to modify the snort configuration and rule files. Some key features are: Graphical interface for easily manageability of snort rule and configuration files - Merge new official snort rules into existing rule files - Merge Whitehat (arachNIDS) rules into existing rule files - Make quick changes to snort rules - Easy to manage multiple sensors with multiple policy files - Upload policy files via FTP or SCP - Full support for all Snort 1.8 Preprocessors - Full support for all Snort 1.8 output processors - Easy to learn more information about a signature from popular databases such as - - - CVE, BugTraq, Mcafee, arachNIDS and custom URL's - Add rules easily by line, multiple lines or make your own custom signatures
4. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database driven, windows interface to linux IPtables firewall rules.
5. zigstack 5
By: Alexander 'xaitax' Hagenah
Relevant URL: http://xaitax.de
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
hardening your tcp/ip stack (e.g. against dos-attacks) of windowsnt/2k/xp/2003-based workstations and servers.
new* incl. 7 new methods and remote-registry functions.
6. MonitorMagic - Server & Network Monitor 6.0
By: Tools4ever
Relevant URL: http://www.tools4ever.com/products/monitormagic/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
MonitorMagic is a proactive server and network monitoring and reporting tool for Windows 2003/XP/2000/NT servers, workstations and SNMP devices and supports agentless monitoring. MonitorMagic supports Windows and UNIX based resources such as memory, disk and CPU load and optionally records the values into a database to enable graphical trending and reporting. MonitorMagic ships with predefined policies for popular hardware and applications.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Pawel.Janowski_at_bremultibank.com.pl: "RE: COM+ with ASP web site on W2K3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
