SecurityFocus Microsoft Newsletter #247
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 07/06/05
- Previous message: Matt Bazan: "exchange server attempting to connect to odd ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Jul 2005 22:31:10 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #247
----------------------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 29 hands-on training courses and 10 conference tracks, networking opportunities with over 2,000 delegates from 30+ nations.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050705
------------------------------------------------------------------
I. FRONT AND CENTER
1. Rats in the security world
2. Fighting EPO Viruses
3. Who's to blame?
II. MICROSOFT VULNERABILITY SUMMARY
1. ASPNuke Multiple Cross-Site Scripting Vulnerabilities
2. ASPNuke Language_Select.ASP HTTP Response Splitting Vulnerability
3. ASPNuke Comment_Post.ASP SQL Injection Vulnerability
4. True North Software IA EMailServer Remote Format String Vulnerability
5. RealNetworks Real and RealOne Player Unspecified MP3 ActiveX Control Execution Vulnerability
6. Adobe Acrobat/Adobe Reader Safari Frameworks Folder Permission Escalation Vulnerability
7. Adobe Acrobat/Adobe Reader Arbitrary File Execution Vulnerability
8. Infradig Inframail Advantage Server Edition Multiple Remote Buffer Overflow Vulnerabilities
9. SofoTex BisonFTP Remote Denial Of Service Vulnerability
10. Hosting Controller Error.ASP Cross-Site Scripting Vulnerability
11. PHPBB Viewtopic.PHP Remote Code Execution Vulnerability
12. Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability
13. Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
14. Community Link Pro Login.CGI File Parameter Remote Command Execution Vulnerability
15. Raven Software Soldier Of Fortune 2 Ignore Command Remote Denial of Service Vulnerability
16. NateOn Messenger Directory Listing Disclosure Vulnerability
17. Drupal Arbitrary PHP Code Execution Vulnerability
18. Mambo Open Source Multiple Unspecified Injection Vulnerabilities
19. Mambo Open Source Session ID Spoofing Vulnerability
20. Prevx Pro 2005 Intrusion Prevention System Multiple Vulnerabilities
21. Golden FTP Server Pro Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. what is file refcache.ser
2. Blackhat Vegas 2005 Training
3. SecurityFocus Microsoft Newsletter #246
4. DOMAIN CONTROLLER STOLEN...WHAT NEXT?
5. Local admin password
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Rats in the security world
By Mark Burnett
I say it's now time we took a step back and exterminated some of these rats.
http://www.securityfocus.com/columnists/336
2. Fighting EPO Viruses
By Piotr Bania
This short article describes the so-called Entry-Point Obscuring (EPO) virus coding technique, primarily through a direct analysis of the Win32.CTX.Phage virus.
http://www.securityfocus.com/infocus/1841
3. Who's to blame?
By Kelly Martin
If there's one thing the security industry is really good at, it's pointing fingers.
http://www.securityfocus.com/columnists/337
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. ASPNuke Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14062
Remote: Yes
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14062
Summary:
ASPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
2. ASPNuke Language_Select.ASP HTTP Response Splitting Vulnerability
BugTraq ID: 14063
Remote: Yes
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14063
Summary:
ASPNuke is prone to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
3. ASPNuke Comment_Post.ASP SQL Injection Vulnerability
BugTraq ID: 14064
Remote: Yes
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14064
Summary:
ASPNuke is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
4. True North Software IA EMailServer Remote Format String Vulnerability
BugTraq ID: 14065
Remote: Yes
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14065
Summary:
True North Software IA eMailServer is prone to a remote format string vulnerability. This issue is likely due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function.
Reports indicate that immediate consequences of successful exploitation is a denial of service.
IA eMailServer version 5.2.2. Build: 1051, is prone to this issue. Previous versions might also be affected.
5. RealNetworks Real and RealOne Player Unspecified MP3 ActiveX Control Execution Vulnerability
BugTraq ID: 14073
Remote: Yes
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14073
Summary:
NGSSoftware report that a vulnerability affects RealPlayer for Windows. Reports indicate that the issue may be exploited to overwrite an arbitrary file or execute an ActiveX control using a specially formatted malicious MP3 file.
Details about this vulnerability have been withheld until a later date (Sep 27th, 2005). This BID will be updated as soon as this information is made available.
6. Adobe Acrobat/Adobe Reader Safari Frameworks Folder Permission Escalation Vulnerability
BugTraq ID: 14075
Remote: No
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14075
Summary:
Adobe Acrobat and Adobe Reader running on Mac OS X are affected by a folder permission escalation vulnerability.
The vulnerability exists in the Adobe Reader and Acrobat updater.
A successful attack can allow local attackers to add potentially malicious Frameworks leading to various attacks including potential privilege escalation.
7. Adobe Acrobat/Adobe Reader Arbitrary File Execution Vulnerability
BugTraq ID: 14076
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14076
Summary:
Adobe Acrobat and Adobe Reader running on Mac OS X are affected by a vulnerability that can allow remote attackers to execute arbitrary files on a computer.
This issue arises when a PDF file containing malicious JavaScript code is handled by the applications.
Exploitation of this issue can lead to various attacks including execution of arbitrary code with the privileges of the user running Adobe Acrobat or Adobe Reader.
8. Infradig Inframail Advantage Server Edition Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14077
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14077
Summary:
Infradig Inframail Advantage Server Edition is affected by multiple remote buffer overflow vulnerabilities. These issues arise due to a lack of boundary checks performed by the application and may allow remote attackers to execute machine code in the context of the server process.
The following specific issues were identified:
A remote buffer overflow vulnerability affects the FTP server component of Inframail Advantage Server Edition.
Another remote buffer overflow vulnerability affects the mail server component of Inframail Advantage Server Edition.
Infradig Inframail Advantage Server Edition 6.0 version 6.37 is reportedly affected by this issue.
9. SofoTex BisonFTP Remote Denial Of Service Vulnerability
BugTraq ID: 14079
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14079
Summary:
SofoTex BisonFTP is prone to a remote denial of service vulnerability. Reports indicate that the issue may only be exploited after successful authentication.
A remote attacker may exploit this issue to deny service for legitimate users.
10. Hosting Controller Error.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14080
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14080
Summary:
Hosting Controller is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'error.asp' script.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
11. PHPBB Viewtopic.PHP Remote Code Execution Vulnerability
BugTraq ID: 14086
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14086
Summary:
The 'viewtopic.php' phpBB script is prone to a remote PHP script injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI parameters before using them to construct dynamically generated web pages.
This issue may allow a remote attacker to execute arbitrary commands in the context of the web server that is hosting the vulnerable software.
12. Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability
BugTraq ID: 14087
Remote: Yes
Date Published: 2005-06-29
Relevant URL: http://www.securityfocus.com/bid/14087
Summary:
Microsoft Internet Explorer is prone to a heap-based buffer overflow vulnerability. The vulnerability is exposed when the 'javaprxy.dll' COM object is instantiated by a malicious Web page.
This issue may potentially be exploited to execute arbitrary code in the context of the client.
The issue was reported in Internet Explorer 6.0 releases on Windows XP SP2. Other versions may also be affected.
13. Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
BugTraq ID: 14093
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14093
Summary:
Microsoft has released Update Rollup 1 for Windows 2000 SP4. This release addresses a number of bugs, including some potential security vulnerabilities and weaknesses and includes various security enhancements and roll-ups for previous security updates. In addition to many previously released security patches, the Update Rollup also includes fixes for many issues that may potentially impact security properties of various operating system components.
14. Community Link Pro Login.CGI File Parameter Remote Command Execution Vulnerability
BugTraq ID: 14097
Remote: Yes
Date Published: 2005-06-29
Relevant URL: http://www.securityfocus.com/bid/14097
Summary:
Community Link Pro is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
Due to this, an attacker can prefix arbitrary commands with the '|' character and have them executed in the context of the server.
15. Raven Software Soldier Of Fortune 2 Ignore Command Remote Denial of Service Vulnerability
BugTraq ID: 14098
Remote: Yes
Date Published: 2005-06-29
Relevant URL: http://www.securityfocus.com/bid/14098
Summary:
A remote denial of service vulnerability affects Raven Software Soldier Of Fortune 2.
The problem presents itself specifically when the affected server application receives an excessively large value through a '/ignore' command from a malicious client.
An attacker may leverage this issue to cause an affected server to crash, denying service to legitimate users.
16. NateOn Messenger Directory Listing Disclosure Vulnerability
BugTraq ID: 14100
Remote: Yes
Date Published: 2005-06-29
Relevant URL: http://www.securityfocus.com/bid/14100
Summary:
NateOn messenger is prone to a remote directory listing information disclosure vulnerability. The issue manifests due to an unspecified input validation issue.
An attacker may exploit this issue to gain directory listings for a target user. Information that is harvested in this manner may be used to aid in further attacks against a target user.
17. Drupal Arbitrary PHP Code Execution Vulnerability
BugTraq ID: 14110
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14110
Summary:
Drupal is prone to a vulnerability that permits the execution of arbitrary PHP code. This issue is due to a failure in the application to properly sanitize user-supplied input.
The application's filter mechanism fails to properly sanitize user-supplied input to 'comments' and 'postings'.
The vendor has addressed this issue in Drupal versions 4.6.2 and 4.5.4; earlier versions are reported vulnerable.
18. Mambo Open Source Multiple Unspecified Injection Vulnerabilities
BugTraq ID: 14117
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14117
Summary:
Mambo is prone to multiple unspecified injection vulnerabilities. These issues are most likely due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could lead to unauthorized access; other attacks may also be possible.
The vendor has addressed these issues in Mambo version 4.5.2.2 and later; earlier versions are reported vulnerable.
19. Mambo Open Source Session ID Spoofing Vulnerability
BugTraq ID: 14119
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14119
Summary:
Mambo is prone to a session ID spoofing vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
The vendor has addressed this issue in Mambo 4.5.2.2 and later; earlier versions are reported vulnerable.
20. Prevx Pro 2005 Intrusion Prevention System Multiple Vulnerabilities
BugTraq ID: 14123
Remote: No
Date Published: 2005-07-01
Relevant URL: http://www.securityfocus.com/bid/14123
Summary:
Prevx Pro 2005 Intrusion Prevention System is affected by multiple vulnerabilities.
Local attackers can bypass security features of the application. This may lead to various attacks against the affected computer.
All versions of Prevx Pro 2005 are considered to be vulnerable at the moment.
21. Golden FTP Server Pro Multiple Remote Vulnerabilities
BugTraq ID: 14124
Remote: Yes
Date Published: 2005-07-01
Relevant URL: http://www.securityfocus.com/bid/14124
Summary:
Golden FTP Server Pro is affected by multiple remote vulnerabilities.
The following specific issues were identified:
Golden FTP Server Pro is susceptible to a directory traversal vulnerability. A remote attacker may disclose file names and user names from the application directory.
An attacker can disclose the absolute path of a share by attempting to retrieve a file that does not exist.
These issues may aid in other attacks against the affected computer.
Golden FTP Server Pro 2.60 is affected by these vulnerabilities.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. what is file refcache.ser
http://www.securityfocus.com/archive/88/404249
2. Blackhat Vegas 2005 Training
http://www.securityfocus.com/archive/88/403786
3. SecurityFocus Microsoft Newsletter #246
http://www.securityfocus.com/archive/88/403852
4. DOMAIN CONTROLLER STOLEN...WHAT NEXT?
http://www.securityfocus.com/archive/88/403683
5. Local admin password
http://www.securityfocus.com/archive/88/403594
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 29 hands-on training courses and 10 conference tracks, networking opportunities with over 2,000 delegates from 30+ nations.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050705
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Matt Bazan: "exchange server attempting to connect to odd ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
