SecurityFocus Microsoft Newsletter #251

From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 08/10/05

  • Next message: Todd Stecher: "RE: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server"
    Date: Wed, 10 Aug 2005 07:45:26 -0600 (MDT)
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #251
    ----------------------------------------

    This Issue is Sponsored By: Netmon

    Concerned about malware infestations, employee productivity, system failures or
    service performance on your network? Awareness is the key. Download the free
    17-page whitepaper, "Developing an Effective Network Monitoring Strategy"
    today. No registration required.
    http://www.securityfocus.com/sponsor/Netmon_ms-secnews_050712

    ------------------------------------------------------------------
    I. FRONT AND CENTER
           1. Greasing the wheel with Greasemonkey
           2. Security still underfunded
           3. Windows Syscall Shellcode
    II. MICROSOFT VULNERABILITY SUMMARY
           1. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
           2. MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
           3. MySQL Eventum Multiple SQL Injection Vulnerabilities
           4. Trend Micro OfficeScan POP3 Module Shared Section Insecure Permissions
    Vulnerability
           5. Pablo Software Solutions Quick 'n Easy FTP Server User Command Denial
    of Service Vulnerability
           6. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass
    Vulnerability
           7. Microsoft ActiveSync Network Synchronization Multiple Vulnerabilities
           8. ProRat Server Remote Buffer Overflow Vulnerability
           9. Symantec Norton GoBack Local Authentication Bypass Vulnerability
           10. NetworkActiv Web Server Cross-Site Scripting Vulnerability
           11. Microsoft August Advance Notification Unspecified Security
    Vulnerabilities
           12. Microsoft Windows Unspecified Remote Arbitrary Code Execution
    Vulnerability
    III. MICROSOFT FOCUS LIST SUMMARY
           1. IEEE 802.1x & EAP-TLS design based on Windows 2000 Server
           2. SecurityFocus Microsoft Newsletter #250
    IV. UNSUBSCRIBE INSTRUCTIONS
    V. SPONSOR INFORMATION

    I. FRONT AND CENTER
    ---------------------
    1. Greasing the wheel with Greasemonkey
    By Scott Granneman
    If blogging is enjoyable because it allows us to watch an interesting mind at
    work, then Jon Udell's blog is definitely among the most enjoyable.
    http://www.securityfocus.com/columnists/346

    2. Security still underfunded
    By Kelly Martin
    Blackhat is one of my favorite places to do some casual online banking over an
    insecure WiFi connection. Where's the risk, right?
    http://www.securityfocus.com/columnists/345

    3. Windows Syscall Shellcode
    By Piotr Bania
    This article has been written to show that is possible to write shellcode for
    Windows operating systems that doesn't use standard API calls at all.
    http://www.securityfocus.com/infocus/1844

    II. MICROSOFT VULNERABILITY SUMMARY
    ------------------------------------
    1. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
    BugTraq ID: 14434
    Remote: Yes
    Date Published: 2005-07-31
    Relevant URL: http://www.securityfocus.com/bid/14434
    Summary:
    BusinessMail is affected by multiple remote buffer overflow vulnerabilities.
    These issues arise due to a lack of boundary checks performed by the
    application and may allow remote attackers to execute machine code in the
    context of the server process.
    BusinessMail 4.60 is reportedly vulnerable. Other versions may be affected as
    well.

    2. MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
    BugTraq ID: 14436
    Remote: Yes
    Date Published: 2005-08-01
    Relevant URL: http://www.securityfocus.com/bid/14436
    Summary:
    MySQL Eventum is prone to multiple cross-site scripting vulnerabilities. These
    issues are due to a failure in the application to properly sanitize
    user-supplied input.

    An attacker may leverage any of these issues to have arbitrary script code
    executed in the browser of an unsuspecting user in the context of the affected
    site. This may facilitate the theft of cookie-based authentication credentials
    as well as other attacks.

    3. MySQL Eventum Multiple SQL Injection Vulnerabilities
    BugTraq ID: 14437
    Remote: Yes
    Date Published: 2005-08-01
    Relevant URL: http://www.securityfocus.com/bid/14437
    Summary:
    MySQL Eventum is prone to multiple SQL injection vulnerabilities. These issues
    are due to a failure in the application to properly sanitize user-supplied
    input before using it in SQL queries.

    Successful exploitation could result in a compromise of the application,
    disclosure or modification of data, or may permit an attacker to exploit
    vulnerabilities in the underlying database implementation.

    4. Trend Micro OfficeScan POP3 Module Shared Section Insecure Permissions
    Vulnerability
    BugTraq ID: 14448
    Remote: No
    Date Published: 2005-08-01
    Relevant URL: http://www.securityfocus.com/bid/14448
    Summary:
    Trend Micro OfficeScan pop3 module utilizes Shared Sections in an insecure
    manner.

    Attackers may read the data stored in the affected memory region, gaining
    access to potentially sensitive information. They may also write arbitrary data
    to the shared memory segment.

    By writing data to this region, they may alter the message that is displayed to
    the user when the pop3 module intercepts malware in email. This may be utilized
    in social engineering attacks.

    This vulnerability may possibly be exploited to crash the OfficeScan service,
    or potentially execute arbitrary machine code with System level privileges.
    This has not been confirmed.

    This vulnerability is reported in version 5.58 of OfficeScan. Other versions
    may also be affected.

    5. Pablo Software Solutions Quick 'n Easy FTP Server User Command Denial of
    Service Vulnerability
    BugTraq ID: 14451
    Remote: Yes
    Date Published: 2005-08-02
    Relevant URL: http://www.securityfocus.com/bid/14451
    Summary:
    Quick 'n Easy FTP Server is prone to a remotely exploitable denial of service
    vulnerability. This may be triggered by a client through an overly long
    argument for the USER command.

    Successful exploitation may lead to a crash due to resource exhaustion.

    This issue was originally identified as a buffer overflow vulnerability. Due
    to the availability of more details, it is being changed to a denial of service
    vulnerability.

    6. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass Vulnerability
    BugTraq ID: 14455
    Remote: Yes
    Date Published: 2005-08-02
    Relevant URL: http://www.securityfocus.com/bid/14455
    Summary:
    Metasploit Framework is susceptible to a restriction bypass vulnerability in
    msfweb. This issue is due to a failure of the application to properly implement
    access control restrictions.

    This issue allows remote attackers to bypass security restrictions in the
    affected Web server. Attackers may exploit this issue to attack arbitrary
    computers using the Metasploit Framework, while originating the attacks from
    the computer hosting the vulnerable msfweb process.

    Attackers may also interact with the payload features in the Metasploit
    Framework to manipulate files on the hosting computer, likely leading to
    executing arbitrary commands and then complete system compromise.

    It should be noted that the Metasploit Framework documentation specifies that
    msfweb should not be globally accessible, due to potential security problems.

    7. Microsoft ActiveSync Network Synchronization Multiple Vulnerabilities
    BugTraq ID: 14457
    Remote: Yes
    Date Published: 2005-08-02
    Relevant URL: http://www.securityfocus.com/bid/14457
    Summary:
    Several specific issues have been identified with the network synchronization
    protocol used by Microsoft ActiveSync.

    The first issue is the use of cleartext communications for all network traffic.
    The second issue is the lack of password authentication.

    The third issue is an information disclosure issue when attempting to initiate
    network synchronization.

    The last issue is a denial of service vulnerability.

    These issues combine to allow remote attackers to gain access to potentially
    sensitive information, aiding them in further attacks. Attackers may also alter
    or destroy data by simulating the synchronization protocol, or crash the
    ActiveSync service.

    8. ProRat Server Remote Buffer Overflow Vulnerability
    BugTraq ID: 14458
    Remote: Yes
    Date Published: 2005-08-02
    Relevant URL: http://www.securityfocus.com/bid/14458
    Summary:
    ProRat Server is affected by a remote buffer overflow vulnerability.

    A successful attack can result in overflowing a finite sized buffer and
    ultimately leading to arbitrary code execution in the context of the affected
    process. This may allow the attacker to gain elevated privileges.

    9. Symantec Norton GoBack Local Authentication Bypass Vulnerability
    BugTraq ID: 14461
    Remote: No
    Date Published: 2005-08-03
    Relevant URL: http://www.securityfocus.com/bid/14461
    Summary:
    Norton GoBack is prone to a local authentication bypass vulnerability.

    A successful attack causes the application to accept an arbitrary password
    value and allow an attacker to make various configuration changes. Other
    attacks may be possible as well.

    Symantec is currently investigating this issue. This BID will be updated when
    further analysis is complete.

    10. NetworkActiv Web Server Cross-Site Scripting Vulnerability
    BugTraq ID: 14473
    Remote: Yes
    Date Published: 2005-08-04
    Relevant URL: http://www.securityfocus.com/bid/14473
    Summary:
    NetworkActiv Web Server is prone to a cross-site scripting vulnerability. This
    issue is due to a failure in the application to properly sanitize user-supplied
    input.

    An attacker may leverage this issue to have arbitrary script code executed in
    the browser of an unsuspecting user in the context of the affected site. This
    may facilitate the theft of cookie-based authentication credentials as well as
    other attacks.

    11. Microsoft August Advance Notification Unspecified Security Vulnerabilities
    BugTraq ID: 14476
    Remote: Unknown
    Date Published: 2005-08-04
    Relevant URL: http://www.securityfocus.com/bid/14476
    Summary:
    Microsoft has released advanced notification that they will be releasing six
    security bulletins on August 9, 2005.

    All six of the security bulletins address Microsoft Windows.

    12. Microsoft Windows Unspecified Remote Arbitrary Code Execution Vulnerability
    BugTraq ID: 14480
    Remote: Yes
    Date Published: 2005-08-01
    Relevant URL: http://www.securityfocus.com/bid/14480
    Summary:
    Microsoft Windows is affected by an unspecified remote arbitrary code execution
    vulnerability.

    Reportedly, this issue can allow remote unauthenticated attackers to gain
    access to an affected computer without any user interaction.

    Reports indicate that this issue may lend itself to the development of
    self-propagating malicious code due to the lack of user interaction required
    for exploitation. It is conjectured that a SYSTEM level compromise is
    possible.

    Due to a lack of details, further information is not available at the moment.
    This BID will be updated when more information becomes available.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. IEEE 802.1x & EAP-TLS design based on Windows 2000 Server
    http://www.securityfocus.com/archive/88/407639

    2. SecurityFocus Microsoft Newsletter #250
    http://www.securityfocus.com/archive/88/407139

    IV. UNSUBSCRIBE INSTRUCTIONS
    -----------------------------
    To unsubscribe send an e-mail message to
    ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
    contents of the subject or message body do not matter. You will receive a
    confirmation request message to which you will have to answer. Alternatively
    you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
    the website.

    If your email address has changed email listadmin@securityfocus.com and ask to
    be manually removed.

    V. SPONSOR INFORMATION
    ------------------------
    This Issue is Sponsored By: Netmon

    Concerned about malware infestations, employee productivity, system failures or
    service performance on your network? Awareness is the key.
    Download the free 17-page whitepaper, "Developing an Effective Network
    Monitoring Strategy" today. No registration required.
    http://www.securityfocus.com/sponsor/Netmon_ms-secnews_050712

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Todd Stecher: "RE: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #131
      ... MICROSOFT VULNERABILITY SUMMARY ... Advanced Poll Remote Information Disclosure Vulnerability ... PHPNuke News Module Article.PHP SQL Injection Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #441
      ... MICROSOFT VULNERABILITY SUMMARY ... Popcorn POP3 Response Remote Heap Buffer Overflow Vulnerability ... Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability ... Attackers can exploit this issue to cause the graphical interface of the server to stop responding, ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #211
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Kernel Local Denial of Service Vulnerabili... ... OCPortal Content Management System Remote File Include Vulne... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #229
      ... Windows NTFS Alternate Data Streams ... MICROSOFT VULNERABILITY SUMMARY ... VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab... ... AWStats Debug Remote Information Disclosure Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #237
      ... MICROSOFT VULNERABILITY SUMMARY ... JPortal Banner.PHP SQL Injection Vulnerability ... Microsoft Windows Kernel Object Management Denial Of Service... ... Microsoft Windows Message Queuing Remote Buffer Overflow Vul... ...
      (Focus-Microsoft)