SecurityFocus Microsoft Newsletter #208
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 09/29/04
- Previous message: James Riden: "Re: Items within XP SP2 and Win2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Sep 2004 08:14:29 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #208
----------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Online Theft
2. Detecting Worms and Abnormal Activities with NetFlow, Part 2
3. Defeating Honeypots : Network issues, Part 1
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows CE KDatastruct Information Disclosure Vuln...
2. ReMOSitory SQL Injection Vulnerability
3. Mambo Open Source Multiple Input Validation Vulnerabilities
4. Tutos Multiple Remote Input Validation Vulnerabilities
5. Impressions Games Lords of the Realm III Nickname Remote Den...
6. Symantec ON Command CCM Remote Database Default Password Vul...
7. EmuLive Server4 Authentication Bypass And Denial Of Service ...
8. LeadMind Pop Messenger Illegal Character Remote Denial Of Se...
9. YaBB 1 Gold Multiple Input Validation Vulnerabilities
10. Alt-N MDaemon IMAP/SMTP Server Multiple Remote Buffer Overfl...
11. Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
12. Macromedia JRun Multiple Remote Vulnerabilities
13. Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
III. MICROSOFT FOCUS LIST SUMMARY
1. Items within XP SP2 and Win2003 (Thread)
2. VBScript to audit shares and share permissions (Thread)
3. Serious Security Issue in Windows XP SP2's Firewall (Thread)
4. Are MS Powerpoint's vulnerable to this JPEG Vuln? (Thread)
5. Change password shortcut (Thread)
6. Fw: Serious Security Issue in Windows XP SP2's Firew... (Thread)
7. AW: Serious Security Issue in Windows XP SP2's Firew... (Thread)
8. Application sniffer-next step (Thread)
9. Hardening Desktop (Thread)
10. How to Enforce Complex Password Policy for Selected ... (Thread)
11. Restrict Anonymous (Thread)
12. Application sniffer (Thread)
13. Restrict Clinet IP address on Terminal Service (Thread)
14. SecurityFocus Microsoft Newsletter #207 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Firewall RuleMaker
2. CAT Cellular Authentication Token and eAuthentication Servic...
3. KeyCaptor Keylogger
4. SpyBuster
5. FreezeX
6. NeoExec for Active Directory
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. ATK Plugin Creator 1.0
2. PlugAPOP 1.00
3. TX 1.0
4. EPX Crypting Software 2.1
5. Hacme Bank 1.0
6. ID-Synch 3.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Online Theft
By Kelly Martin
Identity theft meets the global virus epidemic, enabling fraud that has
finally started to get people's attention.
http://www.securityfocus.com/columnists/268
2. Detecting Worms and Abnormal Activities with NetFlow, Part 2
By Yiming Gong
This paper discusses the use of NetFlow, a traffic profile monitoring
technology available on many routers, for use in the early detection of
worms, spammers, and other abnormal network activity in large enterprise
networks and service providers. Part 2 of 2.
http://www.securityfocus.com/infocus/1802
3. Defeating Honeypots : Network issues, Part 1
By Laurent Oudot and Thorsten Holz
The purpose of this paper is to explain how attackers behave when they
attempt to identify and defeat honeypots, and is useful for security
professionals to deploy honeypots in a more stealthy manner.
http://www.securityfocus.com/infocus/1803
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Windows CE KDatastruct Information Disclosure Vuln...
BugTraq ID: 11218
Remote: No
Date Published: Sep 18 2004
Relevant URL: http://www.securityfocus.com/bid/11218
Summary:
An information disclosure vulnerability is reported to affect the Windows CE kernel.
It is reported that the kernel memory structure KDataStruct is available to userland applications. This can be ultimately employed on any Windows CE system to gain addresses of the export sections of several kernel libraries.
This vulnerability is exploited by the virus WinCE.Duts.A (MCID 3238) in order to provide portability and reliability.
2. ReMOSitory SQL Injection Vulnerability
BugTraq ID: 11219
Remote: Yes
Date Published: Sep 18 2004
Relevant URL: http://www.securityfocus.com/bid/11219
Summary:
It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to properly validate user supplied URI input.
Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.
3. Mambo Open Source Multiple Input Validation Vulnerabilities
BugTraq ID: 11220
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11220
Summary:
Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer, to carry out cross-site scripting attacks, and to make SLQ injection attacks against the vulnerable application.
4. Tutos Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 11221
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11221
Summary:
Tutos is reported prone to multiple remote input validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and SQL injection attacks.
These issue reportedly affect Tutos 1.1.2004-04-14.
5. Impressions Games Lords of the Realm III Nickname Remote Den...
BugTraq ID: 11223
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11223
Summary:
A problem in the handling of nicknames is reported in the Lords of the Realm III server. Because of this, an attacker may be able to deny service to users of the game server.
The problem is in the handling of nicknames of excessive length.
It should be noted that this vulnerability only occurs when the server enters "lobby mode," which is a brief window of time before the initiation of a new game.
6. Symantec ON Command CCM Remote Database Default Password Vul...
BugTraq ID: 11225
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11225
Summary:
Reportedly Symantec ON Command CCM is affected by a remote default password vulnerability in the underlying database. This issue is due to a design error in the application that provides a number of default usernames and passwords, some of which cannot be changed.
An attacker may exploit these issues to gain full access to the underlying database. This will allow attackers to view plaintext user credentials as well as other sensitive data.
7. EmuLive Server4 Authentication Bypass And Denial Of Service ...
BugTraq ID: 11226
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11226
Summary:
Reportedly EmuLive Server4 is affected by an authentication bypass vulnerability and a denial of service vulnerability. These issues are due to an access validation issue and a failure to handle exceptional conditions.
An attacker may leverage the authentication bypass issue to gain unauthorized access to the administrator scripts of the affected application, facilitating manipulation of various server settings. The denial of service issue may be exploited to cause the affected computer to freeze, denying service to legitimate users.
8. LeadMind Pop Messenger Illegal Character Remote Denial Of Se...
BugTraq ID: 11230
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11230
Summary:
LeadMind Pop Messenger is reported prone to a remote denial of service vulnerability. The issue exists because the messenger application fails to gracefully handle certain characters that are received.
A remote attacker may exploit this vulnerability to crash the LeadMind Pop Messenger client. Additionally, it is reported that an attacker may broadcast a malicious message to all clients on the connected local network segment and deny service to all of the clients at once.
9. YaBB 1 Gold Multiple Input Validation Vulnerabilities
BugTraq ID: 11235
Remote: Yes
Date Published: Sep 22 2004
Relevant URL: http://www.securityfocus.com/bid/11235
Summary:
YaBB 1 Gold is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input.
An attacker may leverage a cross-site scripting issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the vulnerable site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
An attacker may exploit a HTTP response splitting issue to manipulate or misrepresent pages in the context of the vulnerable site, potentially facilitating phishing attacks.
10. Alt-N MDaemon IMAP/SMTP Server Multiple Remote Buffer Overfl...
BugTraq ID: 11238
Remote: Yes
Date Published: Sep 22 2004
Relevant URL: http://www.securityfocus.com/bid/11238
Summary:
Alt-N MDaemon is reportedly prone to multiple remote buffer overflow vulnerabilities. The vulnerabilities are likely due to a failure of the application to properly validate buffer sizes when processing command argument input.
By sending a large argument to certain SMTP commands or an IMAP command it is possible to cause this issue to present itself. Apparently, the application will not validate the size of the input before copying it into a finite buffer in process memory.
These issues can be leveraged to cause the affected process to crash, denying service to legitimate users. It is conjectured that these issues can also be leveraged to execute arbitrary code with the privileges of the user running the server on an affected computer.
11. Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
BugTraq ID: 11243
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11243
Summary:
It is reported that Subversions mod_authz_svn module is susceptible to an information disclosure vulnerability.
This vulnerability is presents itself when paths that are marked as unreadable are accessed by particular Subversion client commands. It is reportedly possible to disclose the existence of files that are inaccessible to users. Under certain circumstances it may also be possible to disclose commit log messages, or even the contents of files that are configured to be inaccessible to users.
This vulnerability is reported to exist in versions prior to 1.0.8 and 1.1.0-rc4.
12. Macromedia JRun Multiple Remote Vulnerabilities
BugTraq ID: 11245
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11245
Summary:
Multiple vulnerabilities have been reported in Macromedia JRun.
The first vulnerability is reported to exist in an insecure implementation of a session variable, 'JSESSIONID'. This vulnerability allows remote attackers to bypass authentication checks, and possibly allow them to gain administrative access to the web application.
The second issue is a source code disclosure vulnerability. This vulnerability allows attackers to retrieve the contents of potentially sensitive script files. This may aid them in further attacks.
The third issue is a buffer overflow vulnerability allowing remote attackers to reportedly crash affected servers.
Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.
13. Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
BugTraq ID: 11248
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11248
Summary:
Zinf is reported prone to a remote buffer overflow vulnerability when processing malformed playlist files. This issue exists due to insufficient boundary checks performed by the application and may allow an attacker to gain unauthorized access to a vulnerable computer.
Reportedly, this issue affects Zinf version 2.2.1 for Windows. Zinf version 2.2.5 for Linux is reportedly fixed, however, this is not confirmed at the moment.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Items within XP SP2 and Win2003 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376680
2. VBScript to audit shares and share permissions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376653
3. Serious Security Issue in Windows XP SP2's Firewall (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376510
4. Are MS Powerpoint's vulnerable to this JPEG Vuln? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376476
5. Change password shortcut (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376472
6. Fw: Serious Security Issue in Windows XP SP2's Firew... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376465
7. AW: Serious Security Issue in Windows XP SP2's Firew... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376386
8. Application sniffer-next step (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376364
9. Hardening Desktop (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376286
10. How to Enforce Complex Password Policy for Selected ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376209
11. Restrict Anonymous (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376181
12. Application sniffer (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376106
13. Restrict Clinet IP address on Terminal Service (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376085
14. SecurityFocus Microsoft Newsletter #207 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376011
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control software product for managers of Cisco PIX and Netscreen firewalls.
2. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
3. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
4. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
5. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
6. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. ATK Plugin Creator 1.0
By: Nico 'Triplex' Spicher
Relevant URL: http://www.computec.ch/projekte/atk/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
This freeware for Windows provides a small and handy interface to create and enhance ATK plugins. This first public release is fully compatible with ATK 2.x but can also be used with ATK 1.x (some new fields are not fully supported in the first releases).
2. PlugAPOP 1.00
By: waffle soft
Relevant URL: http://www.wafflesoft.com/PlugAPOP/manual_en.html
Platforms: Windows XP
Summary:
PlugAPOP is software to use APOP feature in Microsoft Outlook/Outlook Express which doesn't have APOP feature.
[Easy]
You can install and setup very easily. You can use APOP access immediately if you change the account name and server name field in your e-mail client. No special settings are needed in PlugAPOP.
[Tiny]
PlugAPOP doesn't waste a lot of CPU resource and memory, it doesn't effect to OS core and other application. PlugAPOP is implemented by using just SD
3. TX 1.0
By: Goldie Rejuven
Relevant URL: http://www.checksum.org/download/RX/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
The Smallest VC++ Coded Universal Windows Reverse Shell for all versions of Windows NT/2K/XP/2003 with any service pack. But not for Windows 98/ME. A Tini app that connects back to the specified IP to a fixedport and uses a fixed source port on the source machine to evade the firewalls.
Default port from which it connects :443
Default port to which it connects is :8080
More on the readme.txt
4. EPX Crypting Software 2.1
By: EdronSoft
Relevant URL: http://www.edronsoft.com/epx_pro.php
Platforms: Windows XP
Summary:
Protect your documents from others by encrypting them with DES and Triple DES strong algorithms. No need to remember passwords because you keep the key used for the decryption in a removable media device such as usb pen-drive (or floppy disk).
Wipe function to destroy data and full Drag'N Drop support.
5. Hacme Bank 1.0
By: Mark Curphey / Rudolph Araujo
Relevant URL: http://www.foundstone.com/s3i
Platforms: Windows XP
Summary:
A web application security training application
6. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris, SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost of user administration, helps new and reassigned users get to work more quickly, and ensures prompt and reliable access termination. This is accomplished through automatic propagation of changes to user profiles from systems of record to managed systems, with self service workflow for security change requests, through consolidated and delegated user administration, and with federation.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: James Riden: "Re: Items within XP SP2 and Win2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
