SecurityFocus Microsoft Newsletter #223
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 01/12/05
- Previous message: Stegman, William: "RE: Anti-spyware Beta from Microsoft available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Jan 2005 09:02:11 -0700 (MST) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #223
----------------------------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: "Testing Your Web Applications for Security Defects"- White Paper
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, and Parameter Manipulation.
All undetectable by Firewalls and IDS! Get the Top 10 Most Critical
Code-Based Web Application Vulnerabilities
http://www.securityfocus.com/sponsor/SPIDynamics_ms-secnews_050111
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Microsoft Anti-Spyware?
2. The Perils of Deep Packet Inspection
3. Stamping Passport
II. MICROSOFT VULNERABILITY SUMMARY
1. GFI MailEssentials and MailSecurity HTML Email Remote Denial...
2. Bugzilla Internal Error Cross-Site Scripting Vulnerability
3. 3Com 3CDaemon Multiple Remote Vulnerabilities
4. Soldner Secret Wars Multiple Remote Vulnerabilities
5. LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerabil...
6. WinHKI Multiple Remote Vulnerabilities
7. Winace Remote Directory Traversal Vulnerability
8. Jeuce Personal Web Server Directory Traversal And Denial Of ...
9. Microsoft Multiple Unspecified Security Vulnerabilities
10. SugarCRM/SugarSales Remote File Include Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Anti-spyware Beta from Microsoft available (Thread)
2. suggestions for proxy server to run on w2003 box.. ... (Thread)
3. suggestions for proxy server to run on w2003 box.. ... (Thread)
4. suggestions for proxy server to run on w2003 box.. (Thread)
5. Windows Update Services (Thread)
6. XP SP2 Blind install (Thread)
7. services running in windows domain (winXP clients) (Thread)
8. SecurityFocus Microsoft Newsletter #222 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Azure Web Log 1.5
2. Interface Traffic Indicator 1.2.3
3. Colasoft Capsa 4.05
4. Attack Tool Kit (ATK) 3.0
5. IDS Policy Manager v1.5
6. PatchLink Update 6.01.78
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Microsoft Anti-Spyware?
By Kelly Martin
Microsoft has jumped into the anti-spyware market, but is this a new
approach to thwarting bugs, or are they gearing up to profit from a dubious
industry they helped create?
http://www.securityfocus.com/columnists/289
2. The Perils of Deep Packet Inspection
By Dr. Thomas Porter
This paper looks at the evolution of firewall technology towards Deep
Packet Inspection, and then discusses some of the security issues with this
evolving technology.
http://www.securityfocus.com/infocus/1817
3. Stamping Passport
By Mark Burnett
Microsoft can save its ailing authentication service, but only by scaling
back its expectations on what kind of accounts and services it's fit to secure.
http://www.securityfocus.com/columnists/290
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. GFI MailEssentials and MailSecurity HTML Email Remote Denial...
BugTraq ID: 12148
Remote: Yes
Date Published: Jan 03 2005
Relevant URL: http://www.securityfocus.com/bid/12148
Summary:
GFI MailEssentials and MailSecurity are prone to a remote denial of service vulnerability. This issue occurs when a specifically malformed HTML email message is processed. Rebooting the server or restarting the service will not resolve the issue.
2. Bugzilla Internal Error Cross-Site Scripting Vulnerability
BugTraq ID: 12154
Remote: Yes
Date Published: Jan 04 2005
Relevant URL: http://www.securityfocus.com/bid/12154
Summary:
Bugzilla is prone to a cross-site scripting vulnerability. The issue is exposed when the software renders internal errors that include user-supplied input.
This issue may be exploited by enticing a user into following a link that will cause hostile HTML and script code to be rendered in an internal error page. Exploitation may allow for theft of cookie-based authentication credentials or other attacks.
3. 3Com 3CDaemon Multiple Remote Vulnerabilities
BugTraq ID: 12155
Remote: Yes
Date Published: Jan 04 2005
Relevant URL: http://www.securityfocus.com/bid/12155
Summary:
3CDaemon is reportedly prone to multiple vulnerabilities. These issues may allow an attacker to crash the application, disclose sensitive information, and potentially execute arbitrary code on a vulnerable computer.
The following specific issues were identified:
Multiple format string vulnerabilities are reported to affect the application. These issues may allow an attacker to cause a denial of service condition or write to arbitrary process memory and potentially execute code.
Multiple buffer overflow vulnerabilities affect the application as well. These issues may allow remote attackers to execute arbitrary code on a vulnerable computer or crash the application.
3CDaemon also discloses sensitive information when a request for certain MS-DOS device names is carried out. This type of sensitive information may be used in further attacks against the computer.
3CDaemon 2.0 revision 10 is reported prone to these vulnerabilities, however, other versions may also be affected.
4. Soldner Secret Wars Multiple Remote Vulnerabilities
BugTraq ID: 12162
Remote: Yes
Date Published: Jan 04 2005
Relevant URL: http://www.securityfocus.com/bid/12162
Summary:
Secret Wars is reported prone to multiple vulnerabilities. These issues can allow an attacker to cause a denial of service condition in the server, potentially execute arbitrary code and carry out HTML injection attacks through the administrative Web interface.
Secret Wars 30830 and prior versions are affected by this vulnerability.
5. LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerabil...
BugTraq ID: 12173
Remote: Yes
Date Published: Jan 05 2005
Relevant URL: http://www.securityfocus.com/bid/12173
Summary:
It has been reported that 'tiffdump' is affected by a heap corruption vulnerability due to an integer overflow error that can be triggered when malicious or malformed image files are processed. Theoretically, an attacker can exploit this vulnerability to execute arbitrary code in the context of the affected application when TIFF image data is processed. Because image data is frequently external in origin, these vulnerabilities are considered remotely exploitable.
6. WinHKI Multiple Remote Vulnerabilities
BugTraq ID: 12176
Remote: Yes
Date Published: Jan 06 2005
Relevant URL: http://www.securityfocus.com/bid/12176
Summary:
WinHKI is reportedly prone to multiple remote vulnerabilities. These issues may allow an attacker to carry out denial of service and directory traversal attacks to place files in arbitrary locations on a vulnerable computer.
The following specific issues were identified:
The first two issues may allow remote attackers to carry out denial of service attacks. An attacker can craft a malicious BH or LHA file and send it to a user to be processed through WinHKI. If successful, this may result in a crash or a hang.
An attacker can also carry out directory traversal type attacks to place malicious files in arbitrary locations. These issues present themselves when the application processes malformed BH, CAB, and ZIP compressed files. This can allow the attacker to place potentially malicious files and corrupt data on a computer, which can aid in various attacks.
WinHKI 1.4d is reported prone to these vulnerabilities. It is possible that other versions are affected as well.
7. Winace Remote Directory Traversal Vulnerability
BugTraq ID: 12177
Remote: Yes
Date Published: Jan 06 2005
Relevant URL: http://www.securityfocus.com/bid/12177
Summary:
Reportedly, an attacker can carry out directory traversal type attacks. These issues present themselves when the application processes malformed compressed files.
A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer, which can aid in various attacks.
All versions of Winace are considered vulnerable at the present.
8. Jeuce Personal Web Server Directory Traversal And Denial Of ...
BugTraq ID: 12183
Remote: Yes
Date Published: Jan 06 2005
Relevant URL: http://www.securityfocus.com/bid/12183
Summary:
It is reported that Jeuce Personal Web Server is susceptible to remote directory traversal and denial of service vulnerabilities.
The directory traversal vulnerability is due to a failure of the application to properly sanitize user-supplied input data. This vulnerability reportedly allows remote attackers to retrieve the contents of arbitrary, potentially sensitive files located on the serving computer with the credentials of the affected server process.
The denial of service vulnerability reportedly allows remote attackers to cause the affected application to either crash, or refuse to service further requests.
Version 2.13 of Jeuce Personal Web Server is reportedly affected by these vulnerabilities. Other versions may also be affected.
9. Microsoft Multiple Unspecified Security Vulnerabilities
BugTraq ID: 12186
Remote: Unknown
Date Published: Jan 06 2005
Relevant URL: http://www.securityfocus.com/bid/12186
Summary:
Microsoft has released advanced notification that they will be releasing three security bulletins for Windows on January 11th, 2005. The vendor has not enumerated how many vulnerabilities will be addressed by these security bulletins, nor what specific components or platforms may be affected.
The maximum severity rating of any of these bulletins is 'Critical'.
10. SugarCRM/SugarSales Remote File Include Vulnerability
BugTraq ID: 12191
Remote: Yes
Date Published: Jan 07 2005
Relevant URL: http://www.securityfocus.com/bid/12191
Summary:
SUgarCRM and SugarSales are reported prone to a vulnerability that may allow attackers to influence the include path for external files.
This vulnerability allows arbitrary script code to be executed in the context of the web server hosting the affected software. In the case of including local files, this may expose sensitive information. In the case of including remote files, it is possible to include a malicious PHP script from a remote source.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Anti-spyware Beta from Microsoft available (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/386667
2. suggestions for proxy server to run on w2003 box.. ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/386655
3. suggestions for proxy server to run on w2003 box.. ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/386647
4. suggestions for proxy server to run on w2003 box.. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/386613
5. Windows Update Services (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/386423
6. XP SP2 Blind install (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/386398
7. services running in windows domain (winXP clients) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/386094
8. SecurityFocus Microsoft Newsletter #222 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/386034
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Azure Web Log 1.5
By: Azure Desktop
Relevant URL: http://www.azuredesktop.com/download/awlog.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Log analyzer tells you all you want about your web site: What are the most popular pages and files on your site? How many visitors are there and where are they from? What browsers and OS they use? What is your sites traffic? Special features:Statistics for a year. Separate statistics for every page or file - daily hits for two last months, monthly hits for a year, referring site for particular page or file. Multiple site statistics support.
2. Interface Traffic Indicator 1.2.3
By: Carsten Schmidt
Relevant URL: http://software.ccschmidt.de/#inftraffic
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Interface Traffic Indicator, a graph utility to measure incoming and outgoing traffic on an interface in bits/sec, bytes/sec or utilization. Works on all SNMP-capable devices (computers, NICs, switches, routers, etc.) with adjustable poll intervall down to three seconds. You can use this programm in a professional network environment to monitor selected network interfaces (even backplane ports if the device provides the information) or you can monitor your home network or
3. Colasoft Capsa 4.05
By: Roy Luo
Relevant URL: http://www.colasoft.com/
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Capsa is a powerful but easy to use network monitor and analyzer designed for packet decoding and network diagnosis. With the abilities of real time monitoring and data analyzing, you can capture and decode network traffic transmitted over local host and local network. Capsa has Packet Analysis Module and three advanced analysis modules: Email Analysis Module, Web Analysis Module and Transaction Analysis Module.
4. Attack Tool Kit (ATK) 3.0
By: Marc Ruef
Relevant URL: http://www.computec.ch/projekte/atk/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The Attack Tool Kit (ATK) is an open-source utility to realize penetration tests and enhance security audits. The most important changes in ATK 3.0 are the introduction of a dedicated exploiting routine and the Plugin AutoUpdate (over HTTP).
5. IDS Policy Manager v1.5
By: ActiveWorx
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
IDS Policy Manager was designed to manage Snort IDS sensors in a distributed environment. This is done by having the ability to take the textconfiguration and rule files and allow you to modify them with an easy touse graphical interface. With the added ability to merge new rule sets,manage preprocessors, control output modules and scp rules to sensors, thistool makes managing snort easy for most security professionals.
6. PatchLink Update 6.01.78
By: PatchLink Corporation
Relevant URL: http://www.patchlink.com/products_services/plu_evaluationrequest.html
Platforms: AIX, DG-UX, Digital UNIX/Alpha, DOS, HP-UX, Java, Linux, MacOS, Net, NetBSD, Netware, OpenVMS, PalmOS, POSIX, SecureBSD, SINIX, Solaris, SunOS, True64 UN, True64 UNIX, Ultrix, UNICOS, UNIX, Unixware, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
With PATCHLINK UPDATE, patch management is the secure, proactive, and preventative process it should be. PATCHLINK UPDATE scans networks for security holes and closes them with the click of a mouse, no matter the operating system, the vendor applications, the mix, or the size of the environment. From 5K nodes to 20+K nodes, PATCHLINK UPDATE works quickly, accurately and safely to ensure desktops and servers are patched correctly and completely the first time around.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: "Testing Your Web Applications for Security Defects"- White Paper
Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS, and Parameter Manipulation.
All undetectable by Firewalls and IDS! Get the Top 10 Most Critical
Code-Based Web Application Vulnerabilities
http://www.securityfocus.com/sponsor/SPIDynamics_ms-secnews_050111
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Stegman, William: "RE: Anti-spyware Beta from Microsoft available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
