SecurityFocus Microsoft Newsletter #222
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 01/05/05
- Previous message: Frank Knobbe: "Re: services running in windows domain (winXP clients)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 5 Jan 2005 08:17:58 -0700 (MST) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #222
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Trojan Horse Christmas
2. Spam Punishment Doesn't Fit the Crime
II. MICROSOFT VULNERABILITY SUMMARY
1. Business Objects Crystal Enterprise Report File Cross-Site S...
2. GNU A2PS fixps.in Script Insecure Temporary File Vulnerabili...
3. GNU A2PS psmandup.in Script Insecure Temporary File Vulnerab...
4. SugarCRM Multiple Cross-Site Scripting Vulnerability
5. PHProjekt Remote File Include Vulnerability
6. Moodle Multiple Input Validation Vulnerabilities
7. Hilgraeve HyperTerminal Remote Denial of Service Vulnerabili...
8. Van Dyke SecureCRT Remote Denial of Service Vulnerability
9. Microsoft Internet Explorer Local File Disclosure Weakness
10. MySQL Eventum Multiple Input Validation Vulnerabilities
11. Macallan Mail Solution Web Interface Authentication Bypass V...
12. Macallan Mail Solution HTTP GET Request Buffer Overflow Vuln...
13. ArGoSoft FTP Server Remote User Enumeration Vulnerability
14. Microsoft FrontPage 2000 Internet Publishing Service Provide...
III. MICROSOFT FOCUS LIST SUMMARY
1. services running in windows domain (winXP clients) (Thread)
2. SecurityFocus Microsoft Newsletter #221 (Thread)
3. SecurityFocus Microsoft Newsletter #220 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Interface Traffic Indicator 1.2.3
2. Colasoft Capsa 4.05
3. Attack Tool Kit (ATK) 3.0
4. IDS Policy Manager v1.5
5. PatchLink Update 6.01.78
6. Dekart Private Disk 2.03
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Trojan Horse Christmas
By Scott Granneman
Here are some suggestions on how to help your family members safely use
that new trojan horse they received under the Christmas tree this year.
http://www.securityfocus.com/columnists/288
2. Spam Punishment Doesn't Fit the Crime
By Mark Rasch
When spammers are treated more harshly than those who commit war crimes in
Rwanda, and are fined more than companies that destroy the environment,
it's time to revisit our strategy.
http://www.securityfocus.com/columnists/287
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Business Objects Crystal Enterprise Report File Cross-Site S...
BugTraq ID: 12107
Remote: Yes
Date Published: Dec 27 2004
Relevant URL: http://www.securityfocus.com/bid/12107
Summary:
Business Objects Crystal Enterprise is prone to a cross-site scripting vulnerability.
An attacker could exploit this issue by enticing a user to following a malicious link to a Report (RPT) file. Malicious script embedded in the link could access properties of the vulnerable Crystal Enterprise site, allowing for various attacks such as theft of cookie-based authentication credentials.
2. GNU A2PS fixps.in Script Insecure Temporary File Vulnerabili...
BugTraq ID: 12108
Remote: No
Date Published: Dec 27 2004
Relevant URL: http://www.securityfocus.com/bid/12108
Summary:
GNU a2ps is prone to a vulnerability that may allow malicious local users to corrupt files. This issue is due to the fact that the 'fixps.in' script creates temporary files in an insecure manner, allowing symbolic link attacks.
File corruption would occur in the context of the user running the script. It is not known if this issue could be leveraged to elevate privileges.
3. GNU A2PS psmandup.in Script Insecure Temporary File Vulnerab...
BugTraq ID: 12109
Remote: No
Date Published: Dec 27 2004
Relevant URL: http://www.securityfocus.com/bid/12109
Summary:
GNU a2ps is prone to a vulnerability that may allow malicious local users to corrupt files. This issue is due to the fact that the 'psmandup.in' script creates temporary files in an insecure manner, allowing symbolic link attacks.
File corruption would occur in the context of the user running the script. It is not known if this issue could be leveraged to elevate privileges.
4. SugarCRM Multiple Cross-Site Scripting Vulnerability
BugTraq ID: 12113
Remote: Yes
Date Published: Dec 26 2004
Relevant URL: http://www.securityfocus.com/bid/12113
Summary:
SugarCRM is prone to multiple cross-site scripting vulnerabilities. These issues are exposed through various URI parameters of the 'index.php' script. The affected parameters are not adequately sanitized of HTML and script code before being output into dynamically generated pages.
An attacker could exploit these issues by enticing a victim user into following a malicious link that contains hostile HTML and script code. This could be exploited to steal cookie-based authentication credentials.
The discoverer of these issues stated that some of the issues could theoretically allow for execution of arbitrary PHP code, though has not provided further information as to how this is possible.
5. PHProjekt Remote File Include Vulnerability
BugTraq ID: 12116
Remote: Yes
Date Published: Dec 28 2004
Relevant URL: http://www.securityfocus.com/bid/12116
Summary:
A remote file include vulnerability affects PHProjekt. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include()' function call.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This will facilitate unauthorized access.
6. Moodle Multiple Input Validation Vulnerabilities
BugTraq ID: 12120
Remote: Yes
Date Published: Dec 28 2004
Relevant URL: http://www.securityfocus.com/bid/12120
Summary:
Two input validation vulnerabilities reportedly affect Moodle. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating web content or loading scripts.
The first issue is a cross-site scripting vulnerability. The second issue is a directory traversal issue that may allow attackers to gain access to session data.
An attacker may leverage these issues to execute arbitrary client-side script code in the browsers of unsuspecting users through cross-site scripting attacks and gain access to sensitive session credentials through directory traversal attacks. Other attacks are also possible.
7. Hilgraeve HyperTerminal Remote Denial of Service Vulnerabili...
BugTraq ID: 12121
Remote: Yes
Date Published: Dec 29 2004
Relevant URL: http://www.securityfocus.com/bid/12121
Summary:
HyperTerminal is reported prone to a remote denial of service vulnerability. It is reported that supplying an excessive hostname value the application may trigger this vulnerability. Apparently, this causes the client application to crash.
This issue is reported to affect HyperTerminal versions prior to 5.0.
8. Van Dyke SecureCRT Remote Denial of Service Vulnerability
BugTraq ID: 12122
Remote: Yes
Date Published: Dec 29 2004
Relevant URL: http://www.securityfocus.com/bid/12122
Summary:
SecureCRT is reported prone to a remote denial of service vulnerability. It is reported that supplying an excessive string value the application through the hostname field may trigger this vulnerability. Apparently, this causes the client application to crash.
This issue is reported to affect SecureCRT 3.4.
9. Microsoft Internet Explorer Local File Disclosure Weakness
BugTraq ID: 12124
Remote: Yes
Date Published: Dec 29 2004
Relevant URL: http://www.securityfocus.com/bid/12124
Summary:
Microsoft Internet Explorer contains a weakness that may allow remote attackers to disclose directory contents on the local system. This issue may be combined with other vulnerabilities to disclose sensitive information or reference previously placed malicious files on the system.
It is reported that this issue may be triggered by employing the 'SRC' attribute of an IFRAME. It should be noted that an attacker must be able to reference properties of the IFRAME remotely to carry out this attack. This may be accomplished by exploiting a zone bypass type of vulnerability.
Another attack scenario could involve an attacker placing a malicious file on a vulnerable system and then using this technique to determine the location of the file.
10. MySQL Eventum Multiple Input Validation Vulnerabilities
BugTraq ID: 12133
Remote: Yes
Date Published: Dec 30 2004
Relevant URL: http://www.securityfocus.com/bid/12133
Summary:
MySQL Eventum is designed to be a software bug-tracking application. It is Web-based, implemented in PHP with a MySQL database back end. It is freely available for Unix, Apple Mac OS X, other Unix variants, and Microsoft Windows.
Multiple input validation vulnerabilities reportedly affect MySQL Eventum. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic Web page content.
The issues specifically reported are cross-site scripting, a default, undocumented administrator account, and HTML injection vulnerabilities.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate theft of cookie-based authentication credentials as well as other attacks.
11. Macallan Mail Solution Web Interface Authentication Bypass V...
BugTraq ID: 12136
Remote: Yes
Date Published: Dec 31 2004
Relevant URL: http://www.securityfocus.com/bid/12136
Summary:
Macallan Mail Solution is prone to a vulnerability that may permit remote attackers to gain unauthorized access to the Web interface.
It is reported that by including extraneous URL-encoded slash characters (%2f), a remote user may access restricted pages in the Web interface and perform various actions. It was also reported that authentication may be bypassed by specifying a non-existent directory when requesting a resource within the Web interface.
This issue is a variant of the vulnerability described in BID 9646.
12. Macallan Mail Solution HTTP GET Request Buffer Overflow Vuln...
BugTraq ID: 12137
Remote: Yes
Date Published: Dec 31 2004
Relevant URL: http://www.securityfocus.com/bid/12137
Summary:
Macallan Mail Solution is prone to a remotely exploitable buffer overflow vulnerability. This issue is exposed when the Web interface is sent an overly long HTTP GET request.
This issue was reported to result in denial of service, however, code execution is likely since it appears that an attacker can influence the value of the saved instruction pointer and therefore control execution flow of the program.
13. ArGoSoft FTP Server Remote User Enumeration Vulnerability
BugTraq ID: 12139
Remote: Yes
Date Published: Dec 31 2004
Relevant URL: http://www.securityfocus.com/bid/12139
Summary:
A remote information disclosure vulnerability reportedly ArGoSoft FTP Server. This issue is due to a design error that can be leveraged to present sensitive information to attacks.
An attacker may leverage this issue to harvest valid usernames, potentially facilitating brute force attacks.
14. Microsoft FrontPage 2000 Internet Publishing Service Provide...
BugTraq ID: 12141
Remote: Yes
Date Published: Dec 31 2004
Relevant URL: http://www.securityfocus.com/bid/12141
Summary:
A file upload vulnerability allegedly affects the DATA Access Internet Publishing Service Provider Distributed Versioning and Authoring (DAV) functionality of Microsoft FrontPage 2000.
An attacker may leverage this issue to upload arbitrary files to the affected computer. This will allow the execution of server-based script code, and will facilitate a compromise of the affected server. Depending on the purpose on the server, an attacker could also exploit the issue to place malicious or abuse content on the server.
It should be noted that the individual reporting this issue may have discovered it while auditing a poorly configured implementation of the affected software; if this were the case this issue may not be a vulnerability. This BID will be updated immediately upon the release of new information.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. services running in windows domain (winXP clients) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/385919
2. SecurityFocus Microsoft Newsletter #221 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/385603
3. SecurityFocus Microsoft Newsletter #220 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/385547
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Interface Traffic Indicator 1.2.3
By: Carsten Schmidt
Relevant URL: http://software.ccschmidt.de/#inftraffic
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Interface Traffic Indicator, a graph utility to measure incoming and outgoing traffic on an interface in bits/sec, bytes/sec or utilization. Works on all SNMP-capable devices (computers, NICs, switches, routers, etc.) with adjustable poll intervall down to three seconds. You can use this programm in a professional network environment to monitor selected network interfaces (even backplane ports if the device provides the information) or you can monitor your home network or
2. Colasoft Capsa 4.05
By: Roy Luo
Relevant URL: http://www.colasoft.com/
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Capsa is a powerful but easy to use network monitor and analyzer designed for packet decoding and network diagnosis. With the abilities of real time monitoring and data analyzing, you can capture and decode network traffic transmitted over local host and local network. Capsa has Packet Analysis Module and three advanced analysis modules: Email Analysis Module, Web Analysis Module and Transaction Analysis Module.
3. Attack Tool Kit (ATK) 3.0
By: Marc Ruef
Relevant URL: http://www.computec.ch/projekte/atk/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The Attack Tool Kit (ATK) is an open-source utility to realize penetration tests and enhance security audits. The most important changes in ATK 3.0 are the introduction of a dedicated exploiting routine and the Plugin AutoUpdate (over HTTP).
4. IDS Policy Manager v1.5
By: ActiveWorx
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
IDS Policy Manager was designed to manage Snort IDS sensors in a distributed environment. This is done by having the ability to take the textconfiguration and rule files and allow you to modify them with an easy touse graphical interface. With the added ability to merge new rule sets,manage preprocessors, control output modules and scp rules to sensors, thistool makes managing snort easy for most security professionals.
5. PatchLink Update 6.01.78
By: PatchLink Corporation
Relevant URL: http://www.patchlink.com/products_services/plu_evaluationrequest.html
Platforms: AIX, DG-UX, Digital UNIX/Alpha, DOS, HP-UX, Java, Linux, MacOS, Net, NetBSD, Netware, OpenVMS, PalmOS, POSIX, SecureBSD, SINIX, Solaris, SunOS, True64 UN, True64 UNIX, Ultrix, UNICOS, UNIX, Unixware, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
With PATCHLINK UPDATE, patch management is the secure, proactive, and preventative process it should be. PATCHLINK UPDATE scans networks for security holes and closes them with the click of a mouse, no matter the operating system, the vendor applications, the mix, or the size of the environment. From 5K nodes to 20+K nodes, PATCHLINK UPDATE works quickly, accurately and safely to ensure desktops and servers are patched correctly and completely the first time around.
6. Dekart Private Disk 2.03
By: Dekart
Relevant URL: http://www.private-disk.net/
Platforms: Windows XP
Summary:
Private Disk - is an easy-to-use, reliable, user-friendly and smart program that lets you create encrypted disk partitions (drive letters) to keep your private and confidential data secure. Uses 256-bit AES encryption.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Frank Knobbe: "Re: services running in windows domain (winXP clients)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
