SecurityFocus Microsoft Newsletter #226
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 02/07/05
- Previous message: d.pigna_at_email.it: "Re: disclosure the administrative password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Feb 2005 07:57:50 -0700 (MST) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #226
----------------------------------------
This Issue is Sponsored By: CrossTec
FREE Download - The Future in Desktop Firewalls is Available Now
NEW NetOp Desktop Firewall, the world's first driver-centric
firewall software - protecting your laptops and corporate PCs at
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_ms-secnews_050201
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Mobile Viruses
2. Microsoft's Velvet Glove
II. MICROSOFT VULNERABILITY SUMMARY
1. Golden FTP Server Remote Buffer Overflow Vulnerability
2. Help Desk Reloaded Unspecified Remote Vulnerability
3. RinetD select() Bit-Array Remote Buffer Overflow Vulnerabili...
4. NEC Socks5 select() Bit-Array Remote Buffer Overflow Vulnera...
5. PEiD Malformed PE File Remote Buffer Overflow Vulnerability
6. Bribble Unspecified Remote Authentication Bypass Vulnerabili...
7. Comersus Cart Multiple Vulnerabilities
8. PHPEventCalendar Multiple Remote HTML Injection Vulnerabilit...
9. Nullsoft Winamp Variant IN_CDDA.dll Remote Buffer Overflow V...
10. War FTP Daemon Remote Denial Of Service Vulnerability
11. SnugServer FTP Service Directory Traversal Vulnerability
12. Magic Winmail Server Multiple Vulnerabilities
13. University Of Washington IMAP Server CRAM-MD5 Remote Authent...
14. VooDoo CIRCLE NET_SEND Unspecified Vulnerability
15. IceWarp Web Mail Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. Domain logon without network connection + group poli... (Thread)
2. Preventing multiple logins in 2003 (Thread)
3. RESPONSE: Users "bypassing" Group Policy restriction... (Thread)
4. Users "bypassing" Group Policy restrictions (Thread)
5. Dhcp security (Thread)
6. DSQuery on active directory (Thread)
7. ISA server logs (Thread)
8. SecurityFocus Microsoft Newsletter #225 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. PE Explorer 1.96
2. Network Equipment Performance Monitor 2.2
3. Etherchange v1.0
4. IPFront 1.0
5. Azure Web Log 1.5
6. Interface Traffic Indicator 1.2.3
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Mobile Viruses
By Kelly Martin
Mobile viruses that spread through mobile phones are starting to appear,
but the big mobile virus epidemic is still a long ways off.
http://www.securityfocus.com/columnists/294
2. Microsoft's Velvet Glove
By Mark Burnett
Redmond's plan to make you install Windows authentication software before
downloading vital security patches is a reasonable and gentle effort to
limit piracy.
http://www.securityfocus.com/columnists/295
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Golden FTP Server Remote Buffer Overflow Vulnerability
BugTraq ID: 12333
Remote: Yes
Date Published: Jan 22 2005
Relevant URL: http://www.securityfocus.com/bid/12333
Summary:
Golden FTP Server is reported susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it to an insufficiently sized memory buffer.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the vulnerable server application.
Versions prior to 2.05b are reportedly affected by this vulnerability.
2. Help Desk Reloaded Unspecified Remote Vulnerability
BugTraq ID: 12339
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12339
Summary:
A remote unspecified vulnerability affects Help Desk Reloaded. Although the underlying issue causing this vulnerability is unknown, due to the nature of the affected software it is likely due to input validation failure. It may facilitate cross-site scripting, HTML injection, remote file include, or SQL injection attacks. It should be noted that this is not confirmed.
This BID will be updated as more details are released.
3. RinetD select() Bit-Array Remote Buffer Overflow Vulnerabili...
BugTraq ID: 12345
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12345
Summary:
rinetd is prone to a remote buffer overflow due to implementation of the 'select()' system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code.
4. NEC Socks5 select() Bit-Array Remote Buffer Overflow Vulnera...
BugTraq ID: 12350
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12350
Summary:
NEC Socks5 is prone to a remote buffer overflow due to implementation of the 'select()' system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code.
5. PEiD Malformed PE File Remote Buffer Overflow Vulnerability
BugTraq ID: 12355
Remote: Yes
Date Published: Jan 25 2005
Relevant URL: http://www.securityfocus.com/bid/12355
Summary:
A remote buffer overflow vulnerability reportedly affects PEiD. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker who entices an unsuspecting user to load a maliciously crafted Portable Executable (PE) file with the affected utility may exploit this issue.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
6. Bribble Unspecified Remote Authentication Bypass Vulnerabili...
BugTraq ID: 12361
Remote: Yes
Date Published: Jan 25 2005
Relevant URL: http://www.securityfocus.com/bid/12361
Summary:
An unspecified remote authentication bypass vulnerability affects Bribble. The underlying issue is currently unknown, however it is likely due to a design error triggered during the authentication process.
An attacker can leverage this issue to gain administrator access to the affected chat server.
7. Comersus Cart Multiple Vulnerabilities
BugTraq ID: 12362
Remote: Yes
Date Published: Jan 25 2005
Relevant URL: http://www.securityfocus.com/bid/12362
Summary:
Comersus Cart is reportedly affected by multiple vulnerabilities. There is a possiblity of gaining administrator access due to a failure of the application to remove an installation script after install. There is the possiblity of SQL injection by passing a malicious HTTP referer header. There are also some possible cross-site scripting issues.
The vendor has addressed these issues in Comersus Cart version 6.0.2; earlier version are reportedly vulnerable.
8. PHPEventCalendar Multiple Remote HTML Injection Vulnerabilit...
BugTraq ID: 12363
Remote: Yes
Date Published: Jan 25 2005
Relevant URL: http://www.securityfocus.com/bid/12363
Summary:
Multiple remote HTML injection vulnerabilities affect phpEventCalendar. These issues are due to a failure of the application to sanitize user supplied input prior to including it in dynamically generated Web content.
An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
9. Nullsoft Winamp Variant IN_CDDA.dll Remote Buffer Overflow V...
BugTraq ID: 12381
Remote: Yes
Date Published: Jan 27 2005
Relevant URL: http://www.securityfocus.com/bid/12381
Summary:
A remote buffer overflow vulnerability affects the IN_CDDA.dll library of Nullsoft's Winamp. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers. It should be noted that this issue is not related to the issue outlined in BID 11730 (Nullsoft Winamp IN_CDDA.dll Remote Buffer Overflow Vulnerability).
This issue will facilitate remote exploitation as an attacker may distribute malicious play-list files and entice unsuspecting users to process them with the affected application.
It should be noted that this issue was originally reported in BID 12245 (Nullsoft Winamp Multiple Unspecified Vulnerabilities). It has been assigned a new BID due to the release of more information.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application.
10. War FTP Daemon Remote Denial Of Service Vulnerability
BugTraq ID: 12384
Remote: Yes
Date Published: Jan 27 2005
Relevant URL: http://www.securityfocus.com/bid/12384
Summary:
War FTP Daemon is reported prone to a remote denial of service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner.
War FTP Daemon 1.82.00-RC9 is reported prone to this issue. It is likely that previous versions are vulnerable as well.
11. SnugServer FTP Service Directory Traversal Vulnerability
BugTraq ID: 12387
Remote: Yes
Date Published: Jan 27 2005
Relevant URL: http://www.securityfocus.com/bid/12387
Summary:
It is reported that the SnugServer FTP Service is susceptible to a directory traversal vulnerability.
It is conjectured that this vulnerability allows a remote attacker to read and write files outside of the FTP document root directory. An attacker may read and write files with the privileges of the FTP server process.
12. Magic Winmail Server Multiple Vulnerabilities
BugTraq ID: 12388
Remote: Yes
Date Published: Jan 27 2005
Relevant URL: http://www.securityfocus.com/bid/12388
Summary:
Magic Winmail Server is reportedly affected by multiple vulnerabilities.
There are two distinct directory traversal vulnerabilities in the Webmail interface allowing both arbitrary file downloads and uploads. There is also a HTML injection vulnerability in the Webmail interface that could lead to the theft of the administrator's session cookie.
There are several directory traversal vulnerabilities in the IMAP service commands which could permit a malicious user to read arbitrary emails, create or delete arbitrary files on the server and possibly retrieve arbitrary files from the server.
Magic Winmail Server's FTP service also reportedly fails to properly verify the IP address supplied by a user in a PORT command.
Magic Winmail Server version 4.0 (Build 1112) is reportedly affected by these issues; earlier versions may also be vulnerable.
13. University Of Washington IMAP Server CRAM-MD5 Remote Authent...
BugTraq ID: 12391
Remote: Yes
Date Published: Jan 28 2005
Relevant URL: http://www.securityfocus.com/bid/12391
Summary:
A remote authentication bypass vulnerability affects the CRAM-MD5 authentication functionality of the University of Washington IMAP server. This issue is due to a logic error that fails to properly validate authentication attempts.
It should be noted that this issue only affects servers with CRAM-MD5 authentication enabled, which is not the case by default.
A remote attacker may leverage this issue to authenticate to the affected server as any user.
14. VooDoo CIRCLE NET_SEND Unspecified Vulnerability
BugTraq ID: 12393
Remote: Yes
Date Published: Jan 28 2005
Relevant URL: http://www.securityfocus.com/bid/12393
Summary:
An unspecified vulnerability affects the NET_SEND command of VooDoo cIRCle. The underlying issue causing this vulnerability is currently unknown.
The details available surrounding this issue are insufficient to provide a detailed technical description. Furthermore the impact of this issue is also unknown. This BID will be updated when more information is released.
15. IceWarp Web Mail Multiple Remote Vulnerabilities
BugTraq ID: 12396
Remote: Yes
Date Published: Jan 28 2005
Relevant URL: http://www.securityfocus.com/bid/12396
Summary:
Multiple remote vulnerabilities reportedly affect IceWarp Web Mail. The underlying issues are due to input and access validation errors.
Multiple cross-site scripting and HTML injection vulnerabilities affect the vulnerable software. The product is also vulnerable to a file creation with arbitrary data vulnerability. Finally it is possible for an authenticated attacker to move and read arbitrary files on an affected computer with the privileges of the affected application.
An attacker may leverage these issues to move arbitrary files with the privileges of the affected server, to carry out cross-site scripting and HTML injection attacks and to create a file with arbitrary content. These issues may lead to system wide denial of service as well as other attacks.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Domain logon without network connection + group poli... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/389106
2. Preventing multiple logins in 2003 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/389010
3. RESPONSE: Users "bypassing" Group Policy restriction... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/389009
4. Users "bypassing" Group Policy restrictions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/388879
5. Dhcp security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/388871
6. DSQuery on active directory (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/388832
7. ISA server logs (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/388627
8. SecurityFocus Microsoft Newsletter #225 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/388596
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. PE Explorer 1.96
By: Heaventools Software
Relevant URL: http://www.heaventools.com/overview.htm
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
PE Explorer is a tool for inspecting and editing the inner workings of Windows 32-bit executable files. It offers a look at PE file structure and all of the resources in the file, and reports multiple details about a PE file (EXE, DLL, ActiveX controls, and several other Windows executable formats). Once inside, file structure can be analyzed and optimized, hostile code detected, spyware tracked down, problems diagnosed, changes made and resources repaired.
2. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
NEPM is a very general, highly configurable, two part software system that monitors any type of logged data from IP networked equipment and reports it via E-mail and web pages. Current conditions and history from systems based on Windows NT/2000 and UNIX can be tracked and reported. Most major server, switch and router systems can be monitored, without running agents on the target systems.
3. Etherchange v1.0
By: Arne Vidstrom
Relevant URL: http://www.ntsecurity.nu/toolbox/etherchange/
Platforms: Windows 2000, Windows XP
Summary:
EtherChange can change the Ethernet address of the network adapters in Windows 2000 / XP.
4. IPFront 1.0
By: Hernán M. Racciatti
Relevant URL: http://www.hernanracciatti.com.ar/ipfront/
Platforms: Windows 2000
Summary:
IPFront is a small tool named which enables users to generate IPSec rules easily. It really speeds-up the process of hardening Windows 2000/2003 in Bastion Host Environment.
Additionally, it allows to set-up IPSec exceptions, and enables a couple of TCP/IP Stack protections against DoSes.
So, IPFront is nothing more than a small Frontend/GUI that writes small scripts that one can later execute from within IPFront, or externally, as simple script files, in other servers,
5. Azure Web Log 1.5
By: Azure Desktop
Relevant URL: http://www.azuredesktop.com/download/awlog.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Log analyzer tells you all you want about your web site: What are the most popular pages and files on your site? How many visitors are there and where are they from? What browsers and OS they use? What is your sites traffic? Special features:Statistics for a year. Separate statistics for every page or file - daily hits for two last months, monthly hits for a year, referring site for particular page or file. Multiple site statistics support.
6. Interface Traffic Indicator 1.2.3
By: Carsten Schmidt
Relevant URL: http://software.ccschmidt.de/#inftraffic
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Interface Traffic Indicator, a graph utility to measure incoming and outgoing traffic on an interface in bits/sec, bytes/sec or utilization. Works on all SNMP-capable devices (computers, NICs, switches, routers, etc.) with adjustable poll intervall down to three seconds. You can use this programm in a professional network environment to monitor selected network interfaces (even backplane ports if the device provides the information) or you can monitor your home network or
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: CrossTec
FREE Download - The Future in Desktop Firewalls is Available Now
NEW NetOp Desktop Firewall, the world's first driver-centric
firewall software - protecting your laptops and corporate PCs at
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_ms-secnews_050201
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: d.pigna_at_email.it: "Re: disclosure the administrative password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
