SecurityFocus Microsoft Newsletter #211
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 10/20/04
- Previous message: Laura Robinson: "Re: RE: Remote connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Oct 2004 14:30:12 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #211
----------------------------------------
This issue sponsored by: SPI Dynamics
ALERT: "How Hackers Launch Blind SQL Injection Attacks- New White Paper
The newest web app vulnerability? Blind SQL Injection!
Even if your web application does not return error messages, it may still
be open to a Blind SQL Injection Attack. Blind SQL Injection can deliver
total control of your server to a hacker giving them the ability to read,
write and manipulate all data stored in your backend systems! Download this
*FREE* white paper from SPI Dynamics for a complete guide to protection!
http://www.securityfocus.com/sponsor/SPIDynamics_ms-secnews_041020
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Securing Exchange With ISA Server 2004
II. MICROSOFT VULNERABILITY SUMMARY
1. MySQL Multiple Local Vulnerabilities
2. Macromedia ColdFusion MX CreateObject And CFOBJECT Java Exte...
3. Microsoft Windows Kernel Local Denial of Service Vulnerabili...
4. Microsoft Internet Explorer Install Engine ActiveX Control B...
5. Microsoft Internet Explorer Heartbeat ActiveX Control Unspec...
6. OCPortal Content Management System Remote File Include Vulne...
7. Microsoft Windows Kernel Virtual DOS Machine Privilege Escal...
8. IceWarp Web Mail Multiple Unspecified Remote Input Validatio...
9. Microsoft Windows NetDDE Remote Buffer Overflow Vulnerabilit...
10. Microsoft Excel File Handler Buffer Overflow Vulnerability
11. Microsoft SMTP Service and Exchange Routing Engine Buffer Ov...
12. Microsoft Windows WMF/EMF Image Format Rendering Remote Buff...
13. Microsoft CABARC Directory Traversal Vulnerability
14. Microsoft Internet Explorer Double Byte Character Set Handli...
15. Microsoft Window Management API Local Privilege Escalation V...
16. Microsoft NNTP Component Heap Overflow Vulnerability
17. Microsoft RPC Runtime Library Remote Denial Of Service And I...
18. Microsoft Internet Explorer Plug-in Navigations Handling Add...
19. Microsoft Windows Compressed (zipped) Folder Buffer Overflow...
20. Microsoft Internet Explorer Secure Sockets Layer Caching Vul...
21. Microsoft IIS Server WebDAV XML Requests Denial of Service V...
22. Adobe Acrobat Reader Remote Access Validation Vulnerability
23. Microsoft Windows 2003 Services Default SACL Access Right We...
24. Microsoft Internet Explorer Unspecified showHelp Zone Bypass...
25. Research In Motion Blackberry Remote Denial of Service Vulne...
26. SCT Campus Pipeline Render.UserLayoutRootNode.uP Cross-Site ...
27. LibTIFF Multiple Buffer Overflow Vulnerabilities
28. ShixxNOTE 6.net Remote Buffer Overflow Vulnerability
29. Microsoft Windows XP Weak Default Configuration Vulnerabilit...
30. Macromedia JRun Management Console HTML Injection Vulnerabil...
31. Microsoft Frontpage Asycpict.DLL JPEG Handling Remote Denial...
32. Macromedia JRun Session ID Cookie HTTP Response Splitting Vu...
33. Macromedia JRun Management Console Administrative Session Fi...
34. MailEnable Multiple Remote Denial Of Service Vulnerabilities
35. Ideal Science IdealBB Multiple Unspecified Remote Input Vali...
36. CyberStrong eShop ASP Shopping Cart Unspecified Cross-Site S...
37. Express-Web Content Management System Unspecified Cross-Site...
38. DevoyBB Forum Multiple Unspecified Remote Input Validation V...
39. WowBB Forum Multiple Unspecified Remote Input Validation Vul...
40. Yak! Chat Client FTP Server Directory Traversal Vulnerabilit...
III. MICROSOFT FOCUS LIST SUMMARY
1. Remote connections (Thread)
2. Remove domain user from local administrators group (Thread)
3. Can we really block users from installing applicatio... (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Firewall RuleMaker
2. CAT Cellular Authentication Token and eAuthentication Servic...
3. KeyCaptor Keylogger
4. SpyBuster
5. FreezeX
6. NeoExec for Active Directory
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. ByteShelter I 1.0
2. DiskInternals Uneraser 2.01
3. DiskInternals NTFS Reader 1.01
4. Airscanner Mobile Firewall 1.0
5. SiVuS, The VoIP Vulnerability Scanner 1.07
6. XArp 0.1.5
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Securing Exchange With ISA Server 2004
By Jonathan Hassell
This article will highlight the security issues involved with providing
Outlook Web Access or full Outlook client connections over the Internet,
and then discuss how Microsoft's new ISA Server 2004 can be configured to
mitigate these threats.
http://www.securityfocus.com/infocus/1807
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. MySQL Multiple Local Vulnerabilities
BugTraq ID: 11357
Remote: No
Date Published: Oct 11 2004
Relevant URL: http://www.securityfocus.com/bid/11357
Summary:
MySQL is reported prone to multiple local vulnerabilities. These issues may allow an attacker to bypass security restrictions or cause a denial of service condition in the application.
It is reported that an attacker can bypass certain security restrictions and gain access to and corrupt potentially sensitive data due to an error in 'ALTER TABLE ... RENAME' operations.
A denial of service condition presents itself when multiple threads ALTER MERGE tables to change the UNION.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
2. Macromedia ColdFusion MX CreateObject And CFOBJECT Java Exte...
BugTraq ID: 11364
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11364
Summary:
It is reported that ColdFusion MX contains a weakness that allows all developers to utilize the CFOBJECT tag and the CreateObject function to execute potentially malicious code in the context of the affected application server.
This weakness allows malicious developers to execute code that is not appropriate for a shared server environment, or to perform administrative actions in the context of the affected application server. Malicious developers may possibly exploit this weakness to aid them in further application or system attacks.
Versions 6.0 and 6.1 of Macromedia ColdFusion MX are reported to be affected by this weakness.
3. Microsoft Windows Kernel Local Denial of Service Vulnerabili...
BugTraq ID: 11365
Remote: No
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11365
Summary:
The Microsoft Windows kernel is prone to a denial of service vulnerability. This issue can allow a local attacker to cause a vulnerable computer to stop responding and restart. This can effectively deny service to legitimate users.
This issue does not pose a privilege escalation threat.
4. Microsoft Internet Explorer Install Engine ActiveX Control B...
BugTraq ID: 11366
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11366
Summary:
A remotely exploitable buffer overflow vulnerability exists in the Microsoft Internet Explorer Install Engine ActiveX control. This vulnerability is caused by insufficient bounds checking of arguments passed to the control.
The vulnerability may be exploited to execute arbitrary code in the context of the client user.
** Update: NGSSoftware has released a preliminary advisory for this issue announcing that technical details will be withheld until January 19th, 2005.
5. Microsoft Internet Explorer Heartbeat ActiveX Control Unspec...
BugTraq ID: 11367
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11367
Summary:
An unspecified vulnerability exists in the Microsoft Internet Explorer Heartbeat MSN gaming ActiveX control (heartbeat.ocx).
6. OCPortal Content Management System Remote File Include Vulne...
BugTraq ID: 11368
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11368
Summary:
Reportedly ocPortal is affected by a remote file include vulnerability. This issue is due to a failure of the application to sanitize user supplied URI input.
An attacker might leverage this issue to run arbitrary server side script code on a vulnerable computer with the privileges of the web server process. This may potentially result in a compromise of the vulnerable computer as well as other attacks.
7. Microsoft Windows Kernel Virtual DOS Machine Privilege Escal...
BugTraq ID: 11369
Remote: No
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11369
Summary:
Microsoft Windows Kernel Virtual DOS Machine is reported prone to a local privilege escalation vulnerability.
The Microsoft Virtual DOS Machine (VDM) is a protected environment that emulates MS-DOS on Windows NT-based operating systems. This issue arises due to an access validation error. A local attacker can exploit this vulnerability to gain elevated privileges on a vulnerable computer.
8. IceWarp Web Mail Multiple Unspecified Remote Input Validatio...
BugTraq ID: 11371
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11371
Summary:
Multiple unspecified remote input validation vulnerabilities reportedly affect IceWarp Web Mail. These issues are due to a failure of the application to validate or filter user-supplied input.
Although the impact of all of these issues is currently unknown, it is known that an attacker can exploit some of these issues to carry out cross-site scripting attacks.
9. Microsoft Windows NetDDE Remote Buffer Overflow Vulnerabilit...
BugTraq ID: 11372
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11372
Summary:
Microsoft Windows NetDDE is affected by a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly verify the lengths of strings contained within unspecified network messages prior to copying them into finite buffers.
It should be noted that NetDDE is not activated by default on Windows computers.
An attacker may leverage this issue to execute arbitrary code on an affected computer with SYSTEM privileges. It is also noted that in some circumstances, where NetDDE services have been installed but not started, local attackers might exploit this issue to gain elevated privileges since it may be possible for an unprivileged user to start the services.
** Update: NGSSoftware has released a preliminary advisory for this issue announcing that technical details will be withheld until January 19th, 2005.
** Update: Immunity Research has reported that a remote attacker may require authentication prior to the exploitation of this vulnerability. Further details of this report can be found in the referenced message "ms04-031 pre-auth ??".
10. Microsoft Excel File Handler Buffer Overflow Vulnerability
BugTraq ID: 11373
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11373
Summary:
Microsoft Excel is reported prone to an buffer overflow vulnerability. The issue presents itself when the vulnerable software handles a malicious Excel file.
Ultimately a remote attacker may exploit this vulnerability to execute arbitrary code. Code execution will occur in the context of a user that is using a vulnerable version of Excel to view a malicious Excel spread***.
11. Microsoft SMTP Service and Exchange Routing Engine Buffer Ov...
BugTraq ID: 11374
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11374
Summary:
The Microsoft Windows 2003 SMTP Service and Exchange Routing Engine have been reported prone to a buffer overflow. This occurs during the processing responses to DNS lookups. Successful exploitation could allow for remote code execution in the context of the vulnerable service.
12. Microsoft Windows WMF/EMF Image Format Rendering Remote Buff...
BugTraq ID: 11375
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11375
Summary:
Microsoft Windows WMF/EMF image rendering library is affected by a remote buffer overflow vulnerability. This issue is due to a failure of the affected library to properly verify the lengths of strings contained within an affected image file prior to copying them into finite buffers.
Any code execution that occurs will take place with SYSTEM privileges due to the nature of the affected library. This will also permit local privilege escalation attacks.
13. Microsoft CABARC Directory Traversal Vulnerability
BugTraq ID: 11376
Remote: No
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11376
Summary:
CABARC is reported prone to a directory traversal vulnerability. This issue may allow a local attacker to gain access to potentially sensitive files on a vulnerable computer.
It is reported that an attacker can escape the path by supplying '../' character sequences.
14. Microsoft Internet Explorer Double Byte Character Set Handli...
BugTraq ID: 11377
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11377
Summary:
It is reported that Microsoft Internet Explorer is prone to a vulnerability that may allow a malicious Web page to spoof the address bar of the browser. This vulnerability presents itself due to a malfunction that occurs when certain double byte characters are encountered. As a result, this vulnerability will only affect computers that are configured to employ double byte character sets.
This could be used to lure Web users into a false sense of trust since a malicious or spoofed site may pose as a site that is trusted by the user.
15. Microsoft Window Management API Local Privilege Escalation V...
BugTraq ID: 11378
Remote: No
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11378
Summary:
Microsoft has reported that several unspecified Window Management API functions can allow a local attacker to change the attributes of an application with higher level of privileges. This can allow the attacker to gain elevated privileges on a vulnerable computer.
This issue represents a fundamental design flaw, as certain messages used to communicate between windows on a desktop may adversely affect the operation of a receiving process. By altering various properties of window components running with higher privileges, an attacker can create circumstances where attacks such as buffer overflows and potential arbitrary code execution are possible.
This issue likely affects some native Windows applications but other third-party applications may also provide an opportunity for exploitation.
16. Microsoft NNTP Component Heap Overflow Vulnerability
BugTraq ID: 11379
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11379
Summary:
The Microsoft Network News Transfer Protocol (NNTP) Component is prone to a buffer overflow condition. Successful exploitation of this vulnerability could allow remote code execution in the context of the process accessing the vulnerable component.
17. Microsoft RPC Runtime Library Remote Denial Of Service And I...
BugTraq ID: 11380
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11380
Summary:
Microsoft RPC Runtime Library is affected by a remote denial of service and information disclosure vulnerability. This issue is due to a failure of the library to properly handle exceptional network traffic.
An attacker may leverage this issue to disclose potentially sensitive information and to cause the affected application to crash, denying service to legitimate users.
18. Microsoft Internet Explorer Plug-in Navigations Handling Add...
BugTraq ID: 11381
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11381
Summary:
It is reported that Microsoft Internet Explorer is prone to a vulnerability that may allow a malicious Web page containing embedded flash multimedia to spoof the address bar of the browser.
This could be used to lure Web users into a false sense of trust since a malicious or spoofed site may pose as a site that is trusted by the user.
19. Microsoft Windows Compressed (zipped) Folder Buffer Overflow...
BugTraq ID: 11382
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11382
Summary:
Microsoft Windows contains a buffer overflow in the Compressed (zipped) Folders feature. A maliciously crafted compressed file could overrun an internal buffer causing arbitrary code to be executed in the security context of the current user.
20. Microsoft Internet Explorer Secure Sockets Layer Caching Vul...
BugTraq ID: 11383
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11383
Summary:
Microsoft Internet Explorer is reported prone to a Secure Sockets Layer caching vulnerability.
It is reported that arbitrary content may be cached to the computer that is viewing a malicious site when this vulnerability is exploited. This cached content will be rendered in the context of a legitimate site when a legitimate site is viewed.
21. Microsoft IIS Server WebDAV XML Requests Denial of Service V...
BugTraq ID: 11384
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11384
Summary:
Microsoft IIS Server is prone to a remote denial of service vulnerability when handling malformed WebDAV requests. The vulnerability exists in the Microsoft XML Parser component and can be exploited through the WebDAV XML message handler.
It is reported that this issue requires a remote attacker to create specially crafted WebDAV requests and send them to a vulnerable server over TCP port 80. There is a possibility of increased CPU resource and memory consumption as the IIS server attempts to process these requests. This can eventually lead to a denial of service condition in the server. A reboot is required to restore normal functionality.
This vulnerability can also be exploited through other applications that rely on Microsoft XML Parser to process XML messages.
22. Adobe Acrobat Reader Remote Access Validation Vulnerability
BugTraq ID: 11386
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11386
Summary:
An access validation vulnerability affects Adobe Acrobat Reader. This issue is due to a design error that allows a malicious file to be embedded inside a Portable Document Format (PDF) file.
An attacker may leverage this issue to disclose files that are readable by the unsuspecting user who activates a malicious PDF file. Information disclosed in this way may facilitate further attacks against the affected computer.
23. Microsoft Windows 2003 Services Default SACL Access Right We...
BugTraq ID: 11387
Remote: No
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11387
Summary:
It is reported that the default SACL access right settings for multiple Microsoft Windows 2003 services are weak.
Reports indicate that several services have lax permissions that will allow unprivileged local users to start them.
Because any user can start these services, an administrator may be under a false sense of security.
24. Microsoft Internet Explorer Unspecified showHelp Zone Bypass...
BugTraq ID: 11388
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11388
Summary:
Microsoft Security Bulletin MS04-038 includes fixes to address an unspecified vulnerability in Internet Explorer that may permit elevation of zone privileges by bypassing from the Internet Zone to the Local Zone.
The vendor has stated that additional security verifications have been added to prevent the showHelp DHTML method from being abused by a malicious Web site to load HTML Help files in the context of the Local Zone. It is unclear at this point whether they mean HTML Help files that already exist on the system or HTML Help files that originate from a remote source.
Although unconfirmed, this could be related to the following unspecified vulnerability that was addressed in Windows XP SP2/BID 10897 ( Microsoft Windows XP SP2 Released - Multiple Vulnerabilities Fixed):
- HTML Help Update to Limit Functionality When It Is Invoked with the window.showHelp( ) Method
This is likely similar to earlier issues that have been reported in showHelp, such as BID 9320. Microsoft has not released further details about this vulnerability.
25. Research In Motion Blackberry Remote Denial of Service Vulne...
BugTraq ID: 11389
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11389
Summary:
The Research In Motion Blackberry 7230 is affected by a remote denial of service vulnerability. This issue is due to the device attempting to copy a long message in to flash memory.
An attacker may leverage this issue to cause the affected device to restart, causing a loss of all email messages saved on the device.
Update: This issue was originally identified as a buffer overflow vulnerability. New information suggests that it is only a remote denial of service condition. This BID is being updated to reflect this information.
26. SCT Campus Pipeline Render.UserLayoutRootNode.uP Cross-Site ...
BugTraq ID: 11392
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11392
Summary:
Campus Pipeline is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
27. LibTIFF Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 11406
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11406
Summary:
LibTIFF is affected by multiple buffer overflow vulnerabilities. This issue is due to a failure of the application to properly perform boundary checks prior to copying user-supplied strings into finite process buffers.
An attacker may leverage these issues to execute arbitrary code on a vulnerable computer with the privileges of the user running the vulnerable application, facilitating unauthorized access. These issues may also be leveraged to cause an affected application to crash.
28. ShixxNOTE 6.net Remote Buffer Overflow Vulnerability
BugTraq ID: 11409
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11409
Summary:
ShixxNOTE 6.net is reported susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly perform boundary checks prior to copying user-supplied strings into finite process buffers.
An attacker may leverage this issue to execute arbitrary code on a vulnerable computer with the privileges of the user running the vulnerable application.
29. Microsoft Windows XP Weak Default Configuration Vulnerabilit...
BugTraq ID: 11410
Remote: No
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11410
Summary:
Microsoft Windows XP Service Pack 2 is reported prone to a weak default configuration vulnerability. Internet Connection Firewall (ICF) includes functionality that controls what binaries are permitted to listen for incoming connections.
It is reported that one of the executables that is permitted to listen for incoming network connections may provide a conduit to bypass ICF access controls. Due to a configuration weakness, this executable is accessible for all users.
A local attacker may exploit this vulnerability to create a listening port to provide remote access to a vulnerable computer.
30. Macromedia JRun Management Console HTML Injection Vulnerabil...
BugTraq ID: 11411
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11411
Summary:
Macromedia JRun is prone to an HTML injection vulnerability. This issue exists in the Management Console and may allow hijacking of administrative sessions.
31. Microsoft Frontpage Asycpict.DLL JPEG Handling Remote Denial...
BugTraq ID: 11412
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11412
Summary:
Microsoft Frontpage is reported prone to multiple remote denial of service vulnerabilities when handling malformed JPEG files. These issues exist due to insufficient verification performed by the 'asycpict.dll' module.
Reportedly, these issues can only cause a denial of service condition, however, it may be possible to execute arbitrary code on a vulnerable computer as well. This has not been confirmed at the moment.
It should be noted that in an initial advisory these vulnerabilities were reported to affect the 'asycpict.dll' library. In the report it is mentioned that this library is shipped with all versions of Microsoft Windows XP, however, conflicting reports indicate that this is not accurate. These conflicting reports indicate that this library is in fact shipped with Microsoft Front Page 97 and 98. Additionally, one of these reports indicated that the library was also shipped with Microsoft Internet Explorer version 3.01. This is not confirmed.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
32. Macromedia JRun Session ID Cookie HTTP Response Splitting Vu...
BugTraq ID: 11413
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11413
Summary:
An HTTP response splitting vulnerability affects Macromedia JRun due to Session ID handling. This issue is due to a failure of the application to properly handle how POST requests are processed.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks, which try to entice client users into a false sense of trust.
33. Macromedia JRun Management Console Administrative Session Fi...
BugTraq ID: 11414
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11414
Summary:
Macromedia JRun is prone to session fixation vulnerability. This issue exists in the Management Console.
The application is reported prone to session fixation vulnerability. This attack can allow an attacker to set a session ID in a user's browser and hijack the user's session upon authentication to JRun.
This issue can allow remote attackers to bypass authentication checks, and possibly allow them to gain administrative access to the web application.
This issue was originally reported in BID 11245 (Macromedia JRun Multiple Remote Vulnerabilities). It is now being separated and assigned a new BID.
34. MailEnable Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 11418
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11418
Summary:
MailEnable is affected by multiple remote denial of service vulnerabilities. These issues are due to a failure of the application to handle malformed requests.
An attacker may leverage these issues to cause the IMAP and SNMP services to crash, denying service to legitimate users.
35. Ideal Science IdealBB Multiple Unspecified Remote Input Vali...
BugTraq ID: 11424
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11424
Summary:
Ideal Science IdealBB is reported prone to multiple unspecified input validation vulnerabilities. These issues result from insufficient sanitization of user-supplied data.
It is reported that the application is affected by SQL injection, cross-site scripting and HTTP response splitting vulnerabilities.
All versions of IdealBB are considered vulnerable at the moment.
36. CyberStrong eShop ASP Shopping Cart Unspecified Cross-Site S...
BugTraq ID: 11425
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11425
Summary:
An unspecified cross-site scripting vulnerability exists in CyberStrong eShop ASP Shopping Cart. This could potentially be exploited to steal cookie-based authentication credentials or launch other attacks.
37. Express-Web Content Management System Unspecified Cross-Site...
BugTraq ID: 11426
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11426
Summary:
An unspecified cross-site scripting vulnerability exists in Express-Web Content Management System. This could potentially be exploited to steal cookie-based authentication credentials or launch other attacks.
38. DevoyBB Forum Multiple Unspecified Remote Input Validation V...
BugTraq ID: 11428
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11428
Summary:
DevoyBB is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content and SQL database queries.
An attacker can leverage these issues to manipulate or reveal database contents through SQL injection attacks as well as carry out other attacks and steal cookie-based authentication credentials through cross-site scripting attacks.
39. WowBB Forum Multiple Unspecified Remote Input Validation Vul...
BugTraq ID: 11429
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11429
Summary:
WowBB is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content and SQL database queries.
An attacker can leverage these issues to manipulate or reveal database contents through SQL injection attacks as well as carry out other attacks and steal cookie-based authentication credentials through cross-site scripting attacks.
40. Yak! Chat Client FTP Server Directory Traversal Vulnerabilit...
BugTraq ID: 11433
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11433
Summary:
Yak! Chat Client FTP server is reported prone to a remote directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
This issue can ultimately allow an attacker to compromise a computer by placing malicious files on the system and executing these files through other means.
Yak! 2.1.2 and prior versions are reported vulnerable to this issue.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Remote connections (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/378293
2. Remove domain user from local administrators group (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/378282
3. Can we really block users from installing applicatio... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/378246
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control software product for managers of Cisco PIX and Netscreen firewalls.
2. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
3. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
4. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
5. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
6. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. ByteShelter I 1.0
By: MazZoft NDA
Relevant URL: http://www.mazzoft.com/bs1.zip
Platforms: Windows 2000, Windows 95/98
Summary:
This steganography tools lets you conceal data in Outlook e-mail messages and .doc files.
2. DiskInternals Uneraser 2.01
By: Alexey Babenko
Relevant URL: http://diskinternals.com/download/Uneraser_Setup.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
DiskInternals Uneraser can recover any deleted file, including documents, photos, mp3 and zip files, or even folders and damaged disks. In addition to HDD, the program supports any type of storage media (music sticks, cameras, flash drives, USB drives, etc)! It works with encrypted files and helps you undelete file lost because of a virus attack or an employee's malicious behavior. No special skills needed; 100% free to try.
3. DiskInternals NTFS Reader 1.01
By: Alexey Babenko
Relevant URL: http://diskinternals.com/download/NTFS_Reader_Setup.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Provides read access to NTFS disks from Windows 95, 98 and Me. Allows you to save any files to any disk visible on the system or on the network. Supports saving compressed or encrypted files.
While saving, it ignores file security policies. It means that it is possible to access absolutely any file on a NTFS disk from Windows 9x.
4. Airscanner Mobile Firewall 1.0
By: Airscanner Corp
Relevant URL: http://www.airscanner.com/downloads/fw/amfw.exe
Platforms: Windows CE
Summary:
A Full-Strength Personal Firewall for Your Windows Mobile/Pocket PC handheld.
Airscanner Mobile Firewall for Windows Mobile Pocket PC is a low-level, bi-directional, packet filtering firewall that examines all incoming and outgoing TCP/IP traffic.
This personal firewall ensures that data is permitted based on access control lists that you select from a set of predefined filters, or from filters that you create yourself.
The firewall parses packets as they come in (or go out)
5. SiVuS, The VoIP Vulnerability Scanner 1.07
By: SiVuS
Relevant URL: http://www.vopsecurity.org/html/downloads.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
New release of the first free VoIP vulnerability scanner with enhanced features. Additional vulnerability checks, faster discovery scanner, ability to save and reload configurations and more. SiVuS can be downloaded from www.vopsecurity.org
6. XArp 0.1.5
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:
XArp is a graphical tool to monitor the ARP cache. It periodically requests the local ARP cache and reports changes in the IP to MAC mapping. Thus it can be used to recognize ARP poisoning which is used to prepare 'man in the middle' attacks on switched networks.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: SPI Dynamics
ALERT: "How Hackers Launch Blind SQL Injection Attacks- New White Paper
The newest web app vulnerability? Blind SQL Injection!
Even if your web application does not return error messages, it may still
be open to a Blind SQL Injection Attack. Blind SQL Injection can deliver
total control of your server to a hacker giving them the ability to read,
write and manipulate all data stored in your backend systems! Download this
*FREE* white paper from SPI Dynamics for a complete guide to protection!
http://www.securityfocus.com/sponsor/SPIDynamics_ms-secnews_041020
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Laura Robinson: "Re: RE: Remote connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
