SecurityFocus Microsoft Newsletter #216
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 11/23/04
- Previous message: Derek Schaible: "RE: Microsoft rights management server alternatives"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Nov 2004 15:45:39 -0700 (MST) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #216
----------------------------------------
This Issue is Sponsored By: Symantec
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_ms-secnews_041123
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Bill Gates Is Right?
II. MICROSOFT VULNERABILITY SUMMARY
1. Ipswitch IMail Server Delete Command Remote Buffer Overflow ...
2. AlShare Software NetNote Server Remote Denial of Service Vul...
3. Samba QFILEPATHINFO Unicode Filename Remote Buffer Overflow ...
4. Microsoft Internet Explorer Cookie Overwrite Vulnerability
5. New Media Generation Hired Team: Trial Multiple Remote Vulne...
6. Microsoft Internet Explorer File Download Security Warning B...
7. Fastream NetFile FTP/Web Server HEAD Request Denial Of Servi...
8. MiniBB Remote SQL Injection Vulnerability
9. Moodle Multiple Unspecified Input Validation Vulnerabilities
10. Cscope Insecure Temporary File Creation Vulnerabilities
11. Gentoo SETI@home EBuild Insecure Default Permissions Vulnera...
12. PHPBB Admin_cash.PHP Remote PHP File Include Vulnerability
13. Digital Mappings Systems POP3 Server Remote Buffer Overrun V...
14. Zone Labs ZoneAlarm Remote Ad-Blocking Denial Of Service Vul...
15. PHPMyAdmin Multiple Remote Cross-Site Scripting Vulnerabilit...
16. Mailtraq Administration Console Local Privilege Escalation V...
17. Danware NetOp Remote Control Information Disclosure Vulnerab...
18. Microsoft Windows Logon Screensaver Local Privilege Escalati...
19. Opera Web Browser Java Implementation Multiple Remote Vulner...
20. Netopia Timbuktu Server For Apple Mac OSX Remote Buffer Over...
III. MICROSOFT FOCUS LIST SUMMARY
1. Microsoft rights management server alternatives (Thread)
2. SecurityFocus Microsoft Newsletter #215 (Thread)
3. Supported products in Windows Security Center (WSC) (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Dekart Private Disk 2.03
2. Remote Process Watcher 1.0
3. Rkdscan 1.0
4. Spybot-S&D 1.3
5. lock 2.0
6. WapgGui 1.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Bill Gates Is Right?
By Scott Granneman
Bill Gates is right about one thing: asking people to use a two-factor form
of authentication would go a long way toward alleviating a lot of the
password problems that plague computer security today.
http://www.securityfocus.com/columnists/277
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Ipswitch IMail Server Delete Command Remote Buffer Overflow ...
BugTraq ID: 11675
Remote: Yes
Date Published: Nov 13 2004
Relevant URL: http://www.securityfocus.com/bid/11675
Summary:
Ipswitch IMail is reported prone to a remote buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application. Exploitation of this issue can allow a remote attacker to execute arbitrary code on a vulnerable computer to gain unauthorized access.
Ipswitch IMail 8.13 is reported prone to this vulnerability. It is possible that other versions are affected as well.
2. AlShare Software NetNote Server Remote Denial of Service Vul...
BugTraq ID: 11677
Remote: Yes
Date Published: Nov 13 2004
Relevant URL: http://www.securityfocus.com/bid/11677
Summary:
NetNote server is reported prone to a remote denial of service vulnerability. This issue occurs because the application does not handle exceptional conditions properly.
NetNote server 2.2 build 230 is reported vulnerable to this issue, however, it is likely that other versions are affected as well.
3. Samba QFILEPATHINFO Unicode Filename Remote Buffer Overflow ...
BugTraq ID: 11678
Remote: Yes
Date Published: Nov 15 2004
Relevant URL: http://www.securityfocus.com/bid/11678
Summary:
Samba is reported prone to a remote buffer overflow vulnerability. This issue presents itself because the application does not perform proper boundary checks before copying user-supplied data into finite sized process buffers. This issue can allow an attacker to execute arbitrary code on a vulnerable computer to gain unauthorized access.
This vulnerability is reported to affect Samba versions 3.0.0 to 3.0.7.
4. Microsoft Internet Explorer Cookie Overwrite Vulnerability
BugTraq ID: 11680
Remote: Yes
Date Published: Nov 15 2004
Relevant URL: http://www.securityfocus.com/bid/11680
Summary:
Microsoft Internet Explorer is reported prone to vulnerability that may allow a remote attacker overwrite existing cookies in the browser.
It is alleged that this issue can be exploited to hijack a user's Web session, however, it is not confirmed how this attack would be possible. If a legitimate cookie is corrupted, it may be possible to cause a partial denial of service attack.
5. New Media Generation Hired Team: Trial Multiple Remote Vulne...
BugTraq ID: 11683
Remote: Yes
Date Published: Nov 15 2004
Relevant URL: http://www.securityfocus.com/bid/11683
Summary:
Multiple remote vulnerabilities reportedly affect New Media Generation Hired Team: Trial. These issues are due to failure to properly validate user-supplied input, handle exceptional conditions, and properly validate access credentials.
A remote attacker may leverage these issues to execute arbitrary code, carry out denial of service attacks and kick any player from the current game session.
6. Microsoft Internet Explorer File Download Security Warning B...
BugTraq ID: 11686
Remote: Yes
Date Published: Nov 16 2004
Relevant URL: http://www.securityfocus.com/bid/11686
Summary:
Microsoft Internet Explorer is reported prone to a file download security warning bypass vulnerability. This issue may be exploited to download a malicious file to the client system.
When a URI location is not found the user usually receives a 404 error message. It is reported that this issue allows an attacker to create a custom HTTP 404 error message and use the 'execCommand' method to save a Web page to the local system.
By enticing a user to follow a malicious link the attacker can plant malicious files on vulnerable systems in order to execute malicious code.
7. Fastream NetFile FTP/Web Server HEAD Request Denial Of Servi...
BugTraq ID: 11687
Remote: Yes
Date Published: Nov 16 2004
Relevant URL: http://www.securityfocus.com/bid/11687
Summary:
Fastream NetFile FTP/Web Server is reported susceptible to an HTTP HEAD request denial of service vulnerability.
This vulnerability allows remote attackers to create many simultaneous HTTP HEAD requests to the vulnerable server application. Once the attacker has created sufficient connections, further requests from legitimate users will reportedly be denied. Due to the failure of the application to close the previous connections, it is conjectured that attackers can indefinitely block further requests to the Web server.
Version 7.1 of Fastream NetFIle FTP/Web Server was reported susceptible to this vulnerability. Other versions are also likely affected.
8. MiniBB Remote SQL Injection Vulnerability
BugTraq ID: 11688
Remote: Yes
Date Published: Nov 16 2004
Relevant URL: http://www.securityfocus.com/bid/11688
Summary:
miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query.
miniBB versions prior to 1.7f are reported prone to this issue.
9. Moodle Multiple Unspecified Input Validation Vulnerabilities
BugTraq ID: 11691
Remote: Yes
Date Published: Nov 16 2004
Relevant URL: http://www.securityfocus.com/bid/11691
Summary:
Moodle is reported susceptible to multiple unspecified input validation vulnerabilities. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied input data.
These unspecified issues may be cross-site scripting, HTML injection, or SQL injection vulnerabilities.
Cross-site scripting and HTML injection issues could permit a remote attacker to cause hostile HTML or script code to be rendered in the web browser of victim users. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
SQL injection issues may be exploited to manipulate SQL queries, potentially revealing or corrupting sensitive database data. SQL injection issues may also facilitate attacks against the underlying database software.
Versions prior to 1.4.2 are reported susceptible to these vulnerabilities.
10. Cscope Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 11697
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11697
Summary:
Cscope is reportedly affected by insecure temporary file creation vulnerabilities. These issues are due to a design error that causes the application to fail to verify the existence of a file before writing to it.
It is reported that during execution the affected utility creates temporary files in the system's temporary directory, '/tmp', with predictable names. This allows attackers to create malicious symbolic links that will be written to by the vulnerable utility when an unsuspecting user executes it.
An attacker may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
Versions up to and including version 15.5 are reported vulnerable.
11. Gentoo SETI@home EBuild Insecure Default Permissions Vulnera...
BugTraq ID: 11699
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11699
Summary:
The Gentoo SETI@home eBuild package is reported prone to a weak default permissions vulnerability.
A local attacker may exploit this vulnerability to escalate privileges.
12. PHPBB Admin_cash.PHP Remote PHP File Include Vulnerability
BugTraq ID: 11701
Remote: Yes
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11701
Summary:
A vulnerability is reported to exist in the phpBB Cash_Mod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system.
Remote attackers could potentially exploit this issue via a vulnerable variable to include a remote malicious PHP script, which will be executed in the context of the web server hosting the vulnerable software.
13. Digital Mappings Systems POP3 Server Remote Buffer Overrun V...
BugTraq ID: 11705
Remote: Yes
Date Published: Nov 18 2004
Relevant URL: http://www.securityfocus.com/bid/11705
Summary:
It is reported that a boundary condition error exists in the Digital Mappings Systems POP3 server. A remote attacker sending a username of excessive length during the authentication process to the POP3 server may cause a buffer overrun that could result in execution of malicious instructions and system compromise.
This vulnerability could result in a remote attacker gaining unauthorized access to a vulnerable host with the POP3 server process privileges.
14. Zone Labs ZoneAlarm Remote Ad-Blocking Denial Of Service Vul...
BugTraq ID: 11706
Remote: Yes
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11706
Summary:
A remote denial of service vulnerability affects Zone Labs ZoneAlarm. The vulnerability exists in the ad-blocking feature. This issue is due to a failure of the application to handle exceptional scripts embedded in Web sites.
It should be noted that the affected functionality is not enabled by default. This issue only affects computers with the vulnerable component activated.
An attacker may leverage this issue to cause the affected computer to become unstable and lock, potentially denying service to legitimate users.
15. PHPMyAdmin Multiple Remote Cross-Site Scripting Vulnerabilit...
BugTraq ID: 11707
Remote: Yes
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11707
Summary:
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to perform proper sanitization prior to including user-supplied input in dynamically generated content.
An attacker may leverage these issues to execute arbitrary client side script code in the browser of an unsuspecting user. This may potentially lead to theft of cookie-based authentication credentials as well as other attacks.
16. Mailtraq Administration Console Local Privilege Escalation V...
BugTraq ID: 11708
Remote: No
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11708
Summary:
Mailtraq allows a user to activate the Mailtraq administration console software by easily launching the software from an icon in the Windows system tray. It is reported that a local user may exploit the administration console interface to escalate privileges.
17. Danware NetOp Remote Control Information Disclosure Vulnerab...
BugTraq ID: 11710
Remote: Yes
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11710
Summary:
It is reported that NetOp Remote Control is susceptible to an information disclosure vulnerability.
This vulnerability reportedly allows remote attackers to discern the name of the user that is logged in and the internal IP address and hostname of the targeted computer. This information may aid malicious users in further attacks.
Versions prior to 7.65 build 2004278 are reported vulnerable to this issue.
18. Microsoft Windows Logon Screensaver Local Privilege Escalati...
BugTraq ID: 11711
Remote: No
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11711
Summary:
The Microsoft Windows default logon screensaver is reported prone to a local privilege escalation vulnerability. It is reported that the screensaver is started with SYSTEM privileges on Microsoft Windows NT, 2000 and XP computers.
A local attacker that has sufficient privileges to modify or replace the default logon screensaver, or that had sufficient privileges to modify registry entries that relate to the logon screensaver, may exploit this vulnerability to attain local SYSTEM privileges. The default configuration for the software may expose this vulnerability on affected platforms due to lax permissions on the screensaver executable. This could vary depending on the host platform.
19. Opera Web Browser Java Implementation Multiple Remote Vulner...
BugTraq ID: 11712
Remote: Yes
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11712
Summary:
Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation.
These issues may allow an attacker to craft a Java applet that violate Sun's Java secure programming guidelines.
These issues may be leveraged to carry out a variety of unspecified attacks including sensitive information disclosure and denial of service attacks. Any successful exploitation would take place with the privileges of the user running the affected browser application.
Although only version 7.54 is reportedly vulnerable, it is likely that earlier versions are vulnerable to these issues as well.
20. Netopia Timbuktu Server For Apple Mac OSX Remote Buffer Over...
BugTraq ID: 11714
Remote: Yes
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11714
Summary:
Netopia Timbuktu server component for Apple Mac OSX is reported prone to a remote unspecified buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application.
This vulnerability can allow an attacker to corrupt process memory leading to a denial of service condition. If an attacker is able to overwrite sensitive memory addresses and redirect process execution to attacker-supplied arbitrary code, this vulnerability may result in the attacker gaining unauthorized access to the computer.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Microsoft rights management server alternatives (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/381986
2. SecurityFocus Microsoft Newsletter #215 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/381367
3. Supported products in Windows Security Center (WSC) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/381330
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Dekart Private Disk 2.03
By: Dekart
Relevant URL: http://www.private-disk.net/
Platforms: Windows XP
Summary:
Private Disk - is an easy-to-use, reliable, user-friendly and smart program that lets you create encrypted disk partitions (drive letters) to keep your private and confidential data secure. Uses 256-bit AES encryption.
2. Remote Process Watcher 1.0
By: Fitsec Tmi
Relevant URL: http://www.fitsec.com/downloads
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
A Java based software that watches processes running on the computers inside a domain. Gives out warnings when it spots a process that it doesn't recognize or processes that have been marked on the warning list. It is also able to autokill processes marked as critical.
3. Rkdscan 1.0
By: Andres Tarasco - www.sia.es
Relevant URL: http://cyruxnet.org/download/rkdscan.rar
Platforms: Windows 2000
Summary:
Rkdscan is able to remotely detect if NT based Computers are compromised With "Hacker Defender" Rootkit
4. Spybot-S&D 1.3
By: Patrick M. Kolla
Relevant URL: http://www.spybot.info/en/index.html
Platforms: Windows XP
Summary:
Spybot - Search & Destroy can detect and remove spyware of different kinds
from your computer. Spyware is a relatively new kind of threat that
common anti-virus applications do not yet cover. If you see new toolbars in
your Internet Explorer that you didn't intentionally install, if your browser
crashes, or if you browser start page has changed without your knowing, you
most probably have spyware. But even if you don't see anything, you may be
infected.
5. lock 2.0
By: Uri Fridman
Relevant URL: http://www.geocities.com/urifrid/lock-2.0-src.zip
Platforms: Windows 2000
Summary:
Lock is a command line tool to lock the
workstation, options include:
- lock the workstation
- lock workstation and run default
screensaver
- minimize all open windows and lock the
workstation
- send the system to sleep (standby)
open source, free and small.
6. WapgGui 1.0
By: William D. Bartholomew
Relevant URL: http://www.bartholomew.id.au/Default.aspx?tabid=32
Platforms: Windows 2000, Windows XP
Summary:
A free, open-source, user-friendly interface to run the WAPG password generator. Supports generation of random and pronounceable passwords, specifying minimum and maximum length, specifying what character classes should or must be used, and much more.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Symantec
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_ms-secnews_041123
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Derek Schaible: "RE: Microsoft rights management server alternatives"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
