SecurityFocus Microsoft Newsletter #214
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 11/12/04
- Previous message: fIrestOrm: "Supported products in Windows Security Center (WSC)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Nov 2004 11:11:47 -0700 (MST) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #214
----------------------------------------
This Issue is Sponsored By: Check Point
Your internal network is vulnerable and must be protected
from worms, Trojan horses, spyware and other threats.
Download a free, fact-filled Internal Security Information
Kit to learn how. Includes new META Group white paper, Flash
demo, and much more. Download now-free!
http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_041109
------------------------------------------------------------------------
I. FRONT AND CENTER
1. The Cost of Security Training
2. Trends in Web Application Security
3. Phishing For Savvy Users
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer HTML Form Malformed A Tag Status...
2. Cherokee HTTPD Auth_Pam Authentication Remote Format String ...
3. PostgreSQL Unspecified RPM Initialization Script Vulnerabili...
4. Cisco Secure Access Control Server Remote Authentication Byp...
5. MailEnable Professional Webmail Unspecified Vulnerability
6. RARLAB WinRAR Repair Archive Undisclosed Vulnerability
7. Microsoft Internet Explorer IFRAME Status Bar URI Obfuscatio...
8. Proxytunnel Remote Format String Vulnerability
9. Sun Java System Web And Application Servers Remote Denial Of...
10. TIPS MailPost Remote Debug Mode Information Disclosure Vulne...
11. TIPS MailPost APPEND Variable Cross-Site Scripting Vulnerabi...
12. TIPS MailPost Error Message Cross-Site Scripting Vulnerabili...
13. TIPS MailPost Remote File Enumeration Vulnerability
14. F-Secure Anti-Virus For Microsoft Exchange Password Protecte...
15. Gallery Unspecified Remote HTML Injection Vulnerability
16. Microsoft ISA Server Unspecified Vulnerability
17. Moodle Remote Glossary Module SQL Injection Vulnerability
18. IceWarp Web Mail Multiple Remote Vulnerabilities
19. AntiBoard Unspecified SQL Injection Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. root_drv.sys rootkit (Thread)
2. SecurityFocus Microsoft Newsletter #213 (Thread)
3. Event Log - Controling critical files and folders. (Thread)
4. Notifying users of password expiration via e-mail` (Thread)
5. AW: Remove "Shutdown" command from w2k PCs but enabl... (Thread)
6. GPO that forces users to use a proxy server. (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CAT Cellular Authentication Token and eAuthentication Servic...
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. creddump
2. WapgGuihttp://workspaces.gotdotnet.com/wapggui 1.0
3. antinat v0.81
4. PopMessenger 1.60
5. ByteShelter I 1.0
6. DiskInternals Uneraser 2.01
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. The Cost of Security Training
By Don Parker
The cost of providing security training to your staff may be high, but what
is the cost of not providing any training at all?
http://www.securityfocus.com/columnists/275
2. Trends in Web Application Security
By Kapil Raina
This article discusses current trends in penetration testing for web
application security, and in particular discusses a framework for selecting
the best tool or tools to use for this increasingly common type of application.
http://www.securityfocus.com/infocus/1809
3. Phishing For Savvy Users
By Scott Granneman
Recent "phishing" episodes are still often overlooked by tech-savvy users,
but a lesson in history shows how entire nations have been fooled.
http://www.securityfocus.com/columnists/274
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Internet Explorer HTML Form Malformed A Tag Status...
BugTraq ID: 11565
Remote: Yes
Date Published: Oct 30 2004
Relevant URL: http://www.securityfocus.com/bid/11565
Summary:
Microsoft Internet Explorer is reported prone to a URI obfuscation weakness.
This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to originate from a trusted location.
This vulnerability is reported to affect Internet Explorer 6 SP2, other versions might also be affected.
This issue is similar to BID 10023.
2. Cherokee HTTPD Auth_Pam Authentication Remote Format String ...
BugTraq ID: 11574
Remote: Yes
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11574
Summary:
It is reported that Cherokee is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function.
A remote attacker may exploit this vulnerability to execute arbitrary code in the context of the affected service.
3. PostgreSQL Unspecified RPM Initialization Script Vulnerabili...
BugTraq ID: 11575
Remote: Unknown
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11575
Summary:
An unspecified RPM initialization script vulnerability affects PostgreSQL. The underlying issue causing this vulnerability is currently unknown.
The impact of this issue is currently unknown. This BID will be updated immediately upon the release of more information.
4. Cisco Secure Access Control Server Remote Authentication Byp...
BugTraq ID: 11577
Remote: Yes
Date Published: Nov 02 2004
Relevant URL: http://www.securityfocus.com/bid/11577
Summary:
Cisco Secure Access Control Server is affected by a remote authentication bypass vulnerability. This issue is due to a failure of the software to properly validate user credentials prior to granting access.
The problem presents itself when an attacker attempts to authenticate to the affected server. Apparently the application will grant access to any attacker that presents a valid user name and a certificate that is cryptographically correct.
An attacker can leverage this issue to gain unauthorized remote access to any devices or networks that rely on the affected software for access control.
5. MailEnable Professional Webmail Unspecified Vulnerability
BugTraq ID: 11578
Remote: Yes
Date Published: Nov 02 2004
Relevant URL: http://www.securityfocus.com/bid/11578
Summary:
MailEnable Professional Webmail is reported prone to an unspecified potential security vulnerability. The cause and impact of this issue is currently unknown. Due to the nature of the software, this issue is likely remotely exploitable.
MailEnable Professional 1.5 and prior versions are affected by this vulnerability.
6. RARLAB WinRAR Repair Archive Undisclosed Vulnerability
BugTraq ID: 11581
Remote: No
Date Published: Nov 02 2004
Relevant URL: http://www.securityfocus.com/bid/11581
Summary:
RARLAB WinRAR is reported prone to an undisclosed vulnerability. The issue is reported to exist in the 'Repair Archive' functionality of WinRAR.
The details of this vulnerability are not known; this BID will be updated as further information in regards to this vulnerability becomes available.
7. Microsoft Internet Explorer IFRAME Status Bar URI Obfuscatio...
BugTraq ID: 11590
Remote: Yes
Date Published: Nov 02 2004
Relevant URL: http://www.securityfocus.com/bid/11590
Summary:
Microsoft Internet Explorer is reported prone to a URI obfuscation weakness.
This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to originate from a trusted location.
This vulnerability is reported to affect Internet Explorer 6, other versions might also be affected.
8. Proxytunnel Remote Format String Vulnerability
BugTraq ID: 11592
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11592
Summary:
Proxytunnel is prone to a remotely exploitable format string vulnerability. This vulnerability is exposed when the proxy server handles malicious input from another remote server. This issue occurs when the software is run in daemon mode.
Successful exploitation of this vulnerability may allow for execution of arbitrary code in the context of the proxy server.
9. Sun Java System Web And Application Servers Remote Denial Of...
BugTraq ID: 11593
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11593
Summary:
A remote denial of service vulnerability affects the Sun Java Web Server and the Sun Java Application Server. This issue is due to a failure of the server applications to process malformed data.
An attacker may exploit this issue to cause the affected server to crash, denying service to legitimate users.
10. TIPS MailPost Remote Debug Mode Information Disclosure Vulne...
BugTraq ID: 11595
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11595
Summary:
TIPS MailPost is affected by a remote debug mode information disclosure vulnerability. This issue is due to a design error that allows for the disclosure of sensitive information.
An attacker may leverage this issue to gain knowledge of sensitive information such as the server Web root directory and the Web server versions. Information disclosed in this way may facilitate further attacks.
11. TIPS MailPost APPEND Variable Cross-Site Scripting Vulnerabi...
BugTraq ID: 11596
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11596
Summary:
MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and script code in a user's browser.
This vulnerability may allow for theft of cookie-based authentication credentials or other attacks.
MailPost 5.1.1sv is reported prone to this issue. It is possible that other versions are affected as well.
12. TIPS MailPost Error Message Cross-Site Scripting Vulnerabili...
BugTraq ID: 11598
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11598
Summary:
MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and script code in a user's browser through a malicious error message returned from the application.
This attack would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
MailPost 5.1.1sv is reported prone to this issue. It is possible that other versions are affected as well.
13. TIPS MailPost Remote File Enumeration Vulnerability
BugTraq ID: 11599
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11599
Summary:
TIPS MailPost is affected by a remote file enumeration vulnerability. This issue is due to a failure to properly sanitize user requests.
An attacker may leverage this issue to gain knowledge of the existence of files outside the Web root directory. Information disclosed in this way may facilitate further attacks.
14. F-Secure Anti-Virus For Microsoft Exchange Password Protecte...
BugTraq ID: 11600
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11600
Summary:
F-Secure Anti-Virus for Microsoft Exchange is reported prone to a scanner bypass vulnerability. It is reported that a specially crafted archive that is nested within another archive is sufficient to trigger this vulnerability. Such an archive may contain malicious applications and will not be detected and quarantined at the email gateway.
15. Gallery Unspecified Remote HTML Injection Vulnerability
BugTraq ID: 11602
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11602
Summary:
An unspecified HTML injection vulnerability reportedly affects Gallery. This issue is due to a failure of the application to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
16. Microsoft ISA Server Unspecified Vulnerability
BugTraq ID: 11605
Remote: Unknown
Date Published: Nov 04 2004
Relevant URL: http://www.securityfocus.com/bid/11605
Summary:
Microsoft has published advance notification that they will be releasing a security update for Internet Security and Acceleration (ISA) Server. Fixes are pending release on November 9th, 2004. No further details are known.
17. Moodle Remote Glossary Module SQL Injection Vulnerability
BugTraq ID: 11608
Remote: Yes
Date Published: Nov 05 2004
Relevant URL: http://www.securityfocus.com/bid/11608
Summary:
Moodle is affected by a remote SQL injection vulnerability in its glossary module. This issue is due to a failure of the application to properly sanitize user-supplier input.
An attacker may leverage this issue to execute arbitrary SQL queries against the underlying database, potentially facilitating disclosure or corruption of sensitive data. Other attacks are also possible.
18. IceWarp Web Mail Multiple Remote Vulnerabilities
BugTraq ID: 11611
Remote: Yes
Date Published: Nov 05 2004
Relevant URL: http://www.securityfocus.com/bid/11611
Summary:
Reportedly, multiple remote vulnerabilities affect IceWarp Web Mail. These issues are due to access validation and design errors.
An attacker may leverage these issues to populate a file on an affected computer, in a known location and potentially reveal a user's authentication credentials. These issues may aid in further attacks.
19. AntiBoard Unspecified SQL Injection Vulnerability
BugTraq ID: 11613
Remote: Yes
Date Published: Nov 05 2004
Relevant URL: http://www.securityfocus.com/bid/11613
Summary:
An unspecified SQL injection vulnerability reportedly affects AntiBoard. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.
Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. root_drv.sys rootkit (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/380625
2. SecurityFocus Microsoft Newsletter #213 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/380236
3. Event Log - Controling critical files and folders. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/380235
4. Notifying users of password expiration via e-mail` (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/380203
5. AW: Remove "Shutdown" command from w2k PCs but enabl... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/380158
6. GPO that forces users to use a proxy server. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/380147
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. creddump
By: Massimiliano Montoro
Relevant URL: http://www.oxid.it/downloads/creddump.zip
Platforms: Windows XP
Summary:
Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 and Windows XP to provide a secured store for credential information. It and allows you to input user name and passwords for various network resources and applications once, and then have the system automatically supply that information for subsequent visits to those resources without your intervention.
2. WapgGuihttp://workspaces.gotdotnet.com/wapggui 1.0
By: William D. Bartholomew
Relevant URL: http://workspaces.gotdotnet.com/wapggui
Platforms: Windows 2000, Windows XP
Summary:
A free, open-source, user-friendly interface to run the WAPG password generator. Supports generation of random and pronounceable passwords, specifying minimum and maximum length, specifying what character classes should or must be used, and much more.
3. antinat v0.81
By: Malcolm Smith
Relevant URL: http://yallara.cs.rmit.edu.au/~malsmith/products/antinat/
Platforms: MacOS, POSIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The Antinat SOCKS Server is a multi-threaded, scalable SOCKS server with a client library for writing proxy-based applications. It supports SOCKS 4, SOCKS 5, authentication, firewalling, UDP, and name resolution.
4. PopMessenger 1.60
By: LeadMind Development
Relevant URL: http://www.leadmind.com
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Chat and send text messages and files to anyone on your LAN easily and securely!
5. ByteShelter I 1.0
By: MazZoft NDA
Relevant URL: http://www.mazzoft.com/bs1.zip
Platforms: Windows 2000, Windows 95/98
Summary:
This steganography tools lets you conceal data in Outlook e-mail messages and .doc files.
6. DiskInternals Uneraser 2.01
By: Alexey Babenko
Relevant URL: http://diskinternals.com/download/Uneraser_Setup.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
DiskInternals Uneraser can recover any deleted file, including documents, photos, mp3 and zip files, or even folders and damaged disks. In addition to HDD, the program supports any type of storage media (music sticks, cameras, flash drives, USB drives, etc)! It works with encrypted files and helps you undelete file lost because of a virus attack or an employee's malicious behavior. No special skills needed; 100% free to try.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Check Point
Your internal network is vulnerable and must be protected
from worms, Trojan horses, spyware and other threats.
Download a free, fact-filled Internal Security Information
Kit to learn how. Includes new META Group white paper, Flash
demo, and much more. Download now-free!
http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_041109
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: fIrestOrm: "Supported products in Windows Security Center (WSC)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
