SecurityFocus Microsoft Newsletter #250

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 3 Aug 2005 07:39:53 -0600 (MDT)
To: Focus-MS <focus-ms@securityfocus.com>

SecurityFocus Microsoft Newsletter #250
----------------------------------------

This Issue is Sponsored By: CrossTec

NetOp Desktop Firewall & Policy Server lets you centrally manage which
applications can run on your enterprise PCs. NetOp's tiny driver-centric
design prevents unauthorized programs and processes, including viruses,
keyloggers, spyware and more from executing -- without slowing down your
systems. The future of endpoint protection is available today. Try it FREE.

http://www.securityfocus.com/sponsor/CrossTec_sf-news_050726

------------------------------------------------------------------
I. FRONT AND CENTER
       1. CardSystems made its choices clear
       2. The CardSystems blame game
II. MICROSOFT VULNERABILITY SUMMARY
       1. GoodTech SMTP Server RCPT TO Multiple Remote Buffer Overflow
Vulnerabilities
       2. Sophos Anti-Virus Library Unspecified Remote Heap Overflow
Vulnerability
       3. Vim ModeLines Further Variant Arbitrary Command Execution
Vulnerability
       4. Microsoft Windows Unspecified USB Driver Buffer Overflow Vulnerability
       5. Ares Fileshare Remote Buffer Overflow Vulnerability
       6. FTPShell Server Denial of Service Vulnerability
       7. Hosting Controller Unauthorized Access Vulnerability
       8. Novell GroupWise Client Remote Buffer Overflow Vulnerability
       9. Opera Web Browser Content-Disposition Header Download Dialog File
Extension Spoofing Vulnerability
       10. PHPList Admin Page SQL Injection Vulnerability
       11. Opera Web Browser Image Dragging Cross-Domain Scripting and File
Retrieval Vulnerability
       12. LibTiff Tiff Image Header Divide By Zero Denial of Service
Vulnerability
       13. Novell eDirectory NMAS Authentication Bypass Vulnerability
       14. Metasploit Framework Unspecified Remote Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter #249
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. CardSystems made its choices clear
By Daniel Hanson
The last thing that many of us need is another example where a situation needs
to be solved by ill-conceived legislation that is proposed and passed in the
heat of something big.
http://www.securityfocus.com/columnists/343

2. The CardSystems blame game
By Mark Rasch
On July 21, 2005, the United States House of Representatives Committee on
Financial Services, Subcommittee on Oversight held a hearing on "Credit Card
Data Processing: How Secure Is It?"
http://www.securityfocus.com/columnists/344

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. GoodTech SMTP Server RCPT TO Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14357
Remote: Yes
Date Published: 2005-07-23
Relevant URL: http://www.securityfocus.com/bid/14357
Summary:
GoodTech SMTP Server is susceptible to two remote buffer overflow
vulnerabilities when handling RCPT TO commands. This issue is due to a failure
of the application to properly bounds check user-supplied data prior to copying
it to fixed size memory buffers.

These vulnerabilities allow remote attackers to execute arbitrary machine code
with System level privileges in the context of the affected application.

2. Sophos Anti-Virus Library Unspecified Remote Heap Overflow Vulnerability
BugTraq ID: 14362
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14362
Summary:
An unspecified remote heap overflow vulnerability exists in Sophos Anti-Virus
Library. This issue is due to a failure of the library to properly bounds check
user-supplied input prior to copying data to an internal memory buffer.

No further information is known at this time. This BID will be updated as
further information becomes available.

3. Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability
BugTraq ID: 14374
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14374
Summary:
Vim is susceptible to an arbitrary command execution vulnerability with
ModeLines. This issue is due to insufficient sanitization of user-supplied
input.

By modifying a text file to include ModeLines containing the 'glob()', or
'expand()' functions with shell metacharacters, attackers may cause arbitrary
commands to be executed.

This vulnerability allows an attacker to execute arbitrary commands with the
privileges of the vim user. This gives an attacker the ability to gain remote
access to computers running the vulnerable software.

This issue is similar to BIDs 6384 and 11941.

4. Microsoft Windows Unspecified USB Driver Buffer Overflow Vulnerability
BugTraq ID: 14376
Remote: No
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14376
Summary:
An unspecified buffer overflow vulnerability affects USB drivers in Microsoft
Windows operating systems. This issue is due to a failure of the affected
driver to properly bounds check input provided by USB devices.

This issue presents itself when USB devices are attached to computers running
affected device drivers. Upon insertion, the operating system automatically
loads the appropriate device driver to handle the new hardware. By maliciously
altering the data returned to the operating system, it is possible to overflow
memory used in the affected USB device driver.

The information currently available is insufficient to provide a more in-depth
technical description. This BID will be updated as more details become
available.

An attacker may leverage this issue to execute arbitrary machine code with
System privileges on affected computers, or cause the affected computer to
crash. This would occur by attaching a malicious USB device to affected
computers, without the need for an account on the computer.

5. Ares Fileshare Remote Buffer Overflow Vulnerability
BugTraq ID: 14377
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14377
Summary:
Ares Fileshare is affected by a remote buffer overflow vulnerability.

This vulnerability arises when the application handles long search strings.

A successful attack can result in memory corruption leading to arbitrary code
execution in the context of the user running the application.

Ares FileShare 1.1 is affected by this vulnerability.

6. FTPShell Server Denial of Service Vulnerability
BugTraq ID: 14382
Remote: Yes
Date Published: 2005-07-26
Relevant URL: http://www.securityfocus.com/bid/14382
Summary:
FTPshell server is prone to a denial of service vulnerability. This issue is
due to a failure in the application to handle exceptional conditions.

The problem presents itself when an attacker opens and closes, without using
the 'quit' command, a connection to the application multiple times. This will
cause the application to terminate. An attacker can exploit this vulnerability
to deny service to legitimate users.

7. Hosting Controller Unauthorized Access Vulnerability
BugTraq ID: 14393
Remote: Yes
Date Published: 2005-07-26
Relevant URL: http://www.securityfocus.com/bid/14393
Summary:
Hosting Controller is prone to an unauthorized access vulnerability.

An attacker can manipulate the application to navigate beyond their folder and
view the folders for all resellers and Web admin utilizing this instance of the
Hosting Controller application. This would result in information disclosure
and a loss of confidentiality. Information obtained may also aid in further
attacks.

8. Novell GroupWise Client Remote Buffer Overflow Vulnerability
BugTraq ID: 14398
Remote: Yes
Date Published: 2005-07-27
Relevant URL: http://www.securityfocus.com/bid/14398
Summary:
Novell GroupWise Client is affected by a remote buffer overflow vulnerability.

Specifically, this vulnerability arises when a user attempts to log in to a
GroupWise post office that contains a malicious 'GWVW02??.INI' file.

This can facilitate unauthorized access in the context of the user.

This issue affects all versions of Novell GroupWise 6.5 client dated prior to
July 15, 2005.

9. Opera Web Browser Content-Disposition Header Download Dialog File Extension
Spoofing Vulnerability
BugTraq ID: 14402
Remote: Yes
Date Published: 2005-07-28
Relevant URL: http://www.securityfocus.com/bid/14402
Summary:
Opera Web Browser is prone to a vulnerability that can allow remote attackers
to spoof file extensions through the download dialog.

An attacker may exploit this issue by crafting a malformed HTTP
'Content-Disposition' header that spoofs file extensions to trick vulnerable
users into opening and executing a malicious file.

Opera Web Browser versions prior to 8.02 are affected by this issue.

10. PHPList Admin Page SQL Injection Vulnerability
BugTraq ID: 14403
Remote: Yes
Date Published: 2005-07-28
Relevant URL: http://www.securityfocus.com/bid/14403
Summary:
PHPList is prone to an SQL injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied data before using
it in an SQL query.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

11. Opera Web Browser Image Dragging Cross-Domain Scripting and File Retrieval
Vulnerability
BugTraq ID: 14410
Remote: Yes
Date Published: 2005-07-28
Relevant URL: http://www.securityfocus.com/bid/14410
Summary:
Opera Web Browser is prone to a vulnerability that may allow an attacker to
carry out cross-domain scripting attacks and retrieve files from the local
computer.

Opera Web Browser versions prior to 8.02 are affected by this issue.

12. LibTiff Tiff Image Header Divide By Zero Denial of Service Vulnerability
BugTraq ID: 14417
Remote: Yes
Date Published: 2005-07-29
Relevant URL: http://www.securityfocus.com/bid/14417
Summary:
LibTIFF is affected by a vulnerability that may cause a denial of service in
applications utilizing the library. This issue is due to a failure in the
library to sufficiently validate specific header values.

An attacker can exploit this vulnerability to cause a denial of service, or
loss of data in applications utilizing the affected library.

This issue is known to affect the CUPS printing system and the Evolution email
client; other applications using the LibTIFF library may also be affected.

This issue may be related to BID 12874 - ImageMagick TIFF Image File
Unspecified Denial Of Service Vulnerability.

13. Novell eDirectory NMAS Authentication Bypass Vulnerability
BugTraq ID: 14419
Remote: Yes
Date Published: 2005-07-29
Relevant URL: http://www.securityfocus.com/bid/14419
Summary:
Novell eDirectory is prone to an issue that could result in unauthorized access
to a user's account.

An unauthorized attacker can change a user's password because the application
fails to verify responses to challenge questions.

eDirectory NMAS versions prior to 2.3.8 are affected.

14. Metasploit Framework Unspecified Remote Vulnerability
BugTraq ID: 14431
Remote: Yes
Date Published: 2005-07-30
Relevant URL: http://www.securityfocus.com/bid/14431
Summary:
Metasploit Framework is prone to an unspecified vulnerability. This issue
allows remote attackers to compromise the computer of users using the affected
application.

This vulnerability is likely exploited by returning malicious data to the
application in unknown network connections, causing arbitrary code to be
executed in the context of the scanning application.

UPDATE: This BID has been retired as it been determined that the issue is not a
vulnerability. Additional information has been provided that states the issue
is a due to insufficient filtering of potentially malicious terminal escape
sequences when logging external input. These escape sequences are not
interpreted at any point by the application, and only pose a threat if rendered
with an external viewer within a terminal emulator program that will interpret
them. In that instance, this presents a security vulnerability in the terminal
emulator program. As Metasploit does not interpret the malicious input itself,
it is not within the scope of the application to filter this type of input.
This is not a vulnerability in Metasploit since it does not impact security
properties of the application itself.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #249
http://www.securityfocus.com/archive/88/406595

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.

If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: CrossTec

NetOp Desktop Firewall & Policy Server lets you centrally manage which
applications can run on your enterprise PCs. NetOp's tiny driver-centric
design prevents unauthorized programs and processes, including viruses,
keyloggers, spyware and more from executing -- without slowing down your
systems. The future of endpoint protection is available today. Try it FREE.

http://www.securityfocus.com/sponsor/CrossTec_sf-news_050726

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]