SecurityFocus Microsoft Newsletter #252
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 08/17/05
- Previous message: Todd Stecher: "RE: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Aug 2005 20:42:53 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #252
----------------------------------------
New Partnership Announcement: SecurityFocus and ITinfosecure SecurityFocus and
ITinfosecure have teamed up to provide its customers with the most
comprehensive vendor-neutral IT security resource on the web! Users will now be
able to visit SecurityFocus.com to access information on the latest IT security
products through their partnership with ITinfosecure.com with their Product
Search feature. Combining this tool with SecurityFocus.s comprehensive
information of the latest IT security news and vulnerability information
ensures SecurityFocus remains the most comprehensive and trusted source of
security information on the Internet. Visit SecurityFocus today at
http://www.securityfocus.com
------------------------------------------------------------------
I. FRONT AND CENTER
1. Jose Nazario discusses worms
2. Packet forensics using TCP
II. MICROSOFT VULNERABILITY SUMMARY
1. Wine WineLauncher.IN Local Insecure File Creation Vulnerability
2. Microsoft Internet Explorer COM Object Instantiation Buffer Overflow
Vulnerability
3. Microsoft Internet Explorer Web Folder Behaviors Cross-Domain
Scripting Vulnerability
4. Microsoft Windows Plug and Play Buffer Overflow Vulnerability
5. Microsoft Windows Print Spooler Buffer Overflow Vulnerability
6. Microsoft Internet Explorer Unspecified SharePoint Portal Services Log
Sink ActiveX Vulnerability
7. Microsoft Windows Telephony Service Buffer Overflow Vulnerability
8. Microsoft Windows Kerberos Denial Of Service Vulnerability
9. Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability
10. AWStats Referrer Arbitrary Command Execution Vulnerability
11. MidiCart ASP Item_Show.ASP Code_No Parameter SQL Injection
Vulnerability
12. Gallery PostNuke Integration Access Validation Vulnerability
13. Novell eDirectory Server iMonitor Buffer Overflow Vulnerability
14. McAfee ePolicy Orchestrator Local Information Disclosure
Vulnerability
15. Veritas Backup Exec For Windows And NetWare Arbitrary File Download
Vulnerability
16. PHPBB BBCode IMG Tag Script Injection Vulnerability
17. FUDForum Tree View Access Validation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #251
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Jose Nazario discusses worms
By Federico Biancuzzi
Federico Biancuzzi interviews Jose Nazario to discuss modern computer worms and
the design goals behind them.
http://www.securityfocus.com/columnists/347
2. Packet forensics using TCP
By Don Parker and Mike Sues
This article looks at TCP packet forensics and examines why sequence and
acknowledgement numbers can be useful during an investigation.
http://www.securityfocus.com/infocus/1845
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Wine WineLauncher.IN Local Insecure File Creation Vulnerability
BugTraq ID: 14496
Remote: No
Date Published: 2005-08-08
Relevant URL: http://www.securityfocus.com/bid/14496
Summary:
A local insecure file creation vulnerability affects Wine. This issue is likely
due to a design error that causes the application to fail to verify the
existence of a file before writing to it.
The details available regarding this issue are not sufficient to provide an in
depth technical description. This BID will be updated when more information
becomes available.
An attacker may leverage this issue to overwrite arbitrary files with the
privileges of an unsuspecting user that activates the vulnerable application.
This issue is reported in version 20050725; other version may also be affected.
2. Microsoft Internet Explorer COM Object Instantiation Buffer Overflow
Vulnerability
BugTraq ID: 14511
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14511
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability.
This issue is exposed when certain COM objects are instantiated as ActiveX
controls. A malicious Web page could pass content to these objects that will
trigger memory corruption.
Successful exploitation could let remote attackers execute arbitrary code in
the context of the currently logged in user.
3. Microsoft Internet Explorer Web Folder Behaviors Cross-Domain Scripting
Vulnerability
BugTraq ID: 14512
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14512
Summary:
Microsoft Internet Explorer is prone to a security vulnerability that may let a
Web page execute malicious script code in the context of an arbitrary domain or
browser security zone. This issue is the result of a security flaw in the
browser security model when handling URIs when a Web folder view is rendered.
If exploited to access a foreign domain, this could allow script code embedded
in a malicious Web page to access the properties of another site that the
victim of the attack may trust. This would likely be exploited to steal
credentials or sensitive information from the victim. The issue could also be
exploited to execute arbitrary code by running malicious script code in a
browser security zone with lowered security settings, such as the Local
Machine, Trusted Sites or Intranet zone. Code execution would occur in the
context of the currently logged in user.
4. Microsoft Windows Plug and Play Buffer Overflow Vulnerability
BugTraq ID: 14513
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14513
Summary:
Microsoft Windows Plug and Play is prone to a buffer overflow vulnerability.
This issue takes place when the PnP service handles malformed messages
containing excessive data.
This vulnerability facilitates local privilege escalation and unauthorized
remote access depending on the underlying operating system. A successful
attack may result in arbitrary code execution resulting in an attacker gaining
SYSTEM privileges.
5. Microsoft Windows Print Spooler Buffer Overflow Vulnerability
BugTraq ID: 14514
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14514
Summary:
Microsoft Windows Print Spooler service is prone to a buffer overflow
vulnerability.
Specifically, this issue takes place when the Print Spooler service handles
malformed messages containing excessive data.
This vulnerability facilitates local privilege escalation and unauthorized
remote access depending on the underlying operating system. A successful
attack may result in arbitrary code execution, which can allow an attacker to
gain SYSTEM privileges.
6. Microsoft Internet Explorer Unspecified SharePoint Portal Services Log Sink
ActiveX Vulnerability
BugTraq ID: 14515
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14515
Summary:
Microsoft Internet Explorer is prone to an unspecified vulnerability in the
SharePoint Portal Service Log Sink ActiveX control.
The vendor has not released any further information about this vulnerability
other than to state the "kill bit" has been set on unsupported versions of the
control.
This issue may be related to BID 12646.
7. Microsoft Windows Telephony Service Buffer Overflow Vulnerability
BugTraq ID: 14518
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14518
Summary:
Microsoft Windows Telephony Service is prone to a buffer overflow
vulnerability. This issue is due to a failure in the application to perform
proper bounds checking on user-supplied data.
A successful attack can result in overflowing a finite sized buffer and
ultimately leading to arbitrary code execution in the context of the affected
service. This may allow the attacker to execute arbitrary code remotely or
locally to gain elevated privileges.
Remote code execution is only possible on Windows 2000 Server and Windows
Server 2003; other vulnerable platforms the attacker must have local
interactive access.
8. Microsoft Windows Kerberos Denial Of Service Vulnerability
BugTraq ID: 14519
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14519
Summary:
Microsoft Windows is susceptible to a remote Kerberos denial of service
vulnerability. By sending unspecified packets to the Kerberos service on TCP or
UDP port 88, attackers may cause the affected service to crash.
This vulnerability allows remote attackers to crash the affected authentication
service, denying further domain authentication to legitimate users. It should
be noted that exploitation requires that attackers have valid logon
credentials.
9. Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability
BugTraq ID: 14520
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14520
Summary:
The PKINIT implementation in Microsoft Windows is susceptible to a man in the
middle vulnerability. This issue is due to a failure of the software to
properly validate network data. This issue is only exploitable by attackers
that have access to valid logon credentials.
Attackers exploit this issue to spoof the domain controller/KDC during the
initial authentication process. By spoofing the domain controller/KDC,
attackers may gain access to the cleartext contents of encrypted network
traffic in arbitrary Kerberos-enabled services. Other attacks may also be
possible.
Microsoft implements draft 9 of the IETF PKINIT specification, and states that
the vulnerability is in the protocol specification itself. Other
implementations of PKINIT may therefore also be vulnerable to this issue.
10. AWStats Referrer Arbitrary Command Execution Vulnerability
BugTraq ID: 14525
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14525
Summary:
AWStats is affected by an arbitrary command execution vulnerability. This
issue is due to a failure in the application to properly sanitize user-supplied
input.
Successful exploitation of this vulnerability will permit an attacker to
execute arbitrary Perl code on the system hosting the affected application in
the security context of the Web server process. This may aid in further
attacks against the underlying system; other attacks are also possible.
It should be noted this vulnerability is only possible if the affected
application has at least one URLPlugin enabled.
11. MidiCart ASP Item_Show.ASP Code_No Parameter SQL Injection Vulnerability
BugTraq ID: 14544
Remote: Yes
Date Published: 2005-08-11
Relevant URL: http://www.securityfocus.com/bid/14544
Summary:
MidiCart ASP is prone to an SQL injection vulnerability. This issue is due to
a failure in the application to properly sanitize user-supplied input before
using it in an SQL query.
Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.
12. Gallery PostNuke Integration Access Validation Vulnerability
BugTraq ID: 14547
Remote: Yes
Date Published: 2005-08-11
Relevant URL: http://www.securityfocus.com/bid/14547
Summary:
Gallery is prone to an access validation issue when integrated with PostNuke.
This issue could allow any user with any level of admin privileges in PostNuke
to also have admin privileges over the entire Gallery.
This issue has been addressed in Gallery 1.5.1-RC2.
13. Novell eDirectory Server iMonitor Buffer Overflow Vulnerability
BugTraq ID: 14548
Remote: Yes
Date Published: 2005-08-11
Relevant URL: http://www.securityfocus.com/bid/14548
Summary:
The Novell eDirectory Server iMonitor is prone to a buffer overflow.
Successful exploitation could allow arbitrary code execution with Local System
privileges.
eDirectory 8.7.3 iMonitor is vulnerable to this issue. Earlier versions may
also be affected.
14. McAfee ePolicy Orchestrator Local Information Disclosure Vulnerability
BugTraq ID: 14549
Remote: No
Date Published: 2005-08-11
Relevant URL: http://www.securityfocus.com/bid/14549
Summary:
Network Associates McAfee ePolicy Orchestrator is susceptible to a local
information disclosure vulnerability. This issue is due to incorrectly
configured directory permissions in the default installation process of the
application.
This vulnerability allows local attackers to access arbitrary files located in
the same partition as the affected directory with SYSTEM privileges. This will
aid them in further attacks.
15. Veritas Backup Exec For Windows And NetWare Arbitrary File Download
Vulnerability
BugTraq ID: 14551
Remote: Yes
Date Published: 2005-08-12
Relevant URL: http://www.securityfocus.com/bid/14551
Summary:
Veritas Backup Exec for Windows Servers, Veritas Backup Exec for NetWare
Servers, NetBackup for NetWare Media Server Option, and Remote Agents for
Windows, Unix/Linux, and NetWare servers are prone to a vulnerability regarding
the unauthorized downloading of arbitrary files.
A remote attacker can exploit this vulnerability to download arbitrary files,
aiding them in further attack.
A Metasploit Framework exploit is available and there are reports of this
vulnerability currently being exploited in the wild.
16. PHPBB BBCode IMG Tag Script Injection Vulnerability
BugTraq ID: 14555
Remote: Yes
Date Published: 2005-08-12
Relevant URL: http://www.securityfocus.com/bid/14555
Summary:
phpBB is prone to a script injection vulnerability. This issue is due to a
failure of the application to properly sanitize user-supplied input in bbcode
'[IMG]' tags included in a user signature.
Successful exploitation of this vulnerability could permit the injection of
arbitrary HTML or script code into the browser of an unsuspecting user in the
context of the affected site.
This issue is reported to affect phpBB version 2.0.17; earlier versions may
also be vulnerable.
17. FUDForum Tree View Access Validation Vulnerability
BugTraq ID: 14556
Remote: Yes
Date Published: 2005-08-12
Relevant URL: http://www.securityfocus.com/bid/14556
Summary:
FUDforum is prone to an access validation vulnerability. This issue is due to
a failure in the application to perform proper access validation before
granting access to private forums.
An attacker can exploit this vulnerability to obtain posts from private forums.
This may result in a loss of confidentiality. Information obtained may also be
used in further attacks.
This issue is reported to affect FUDforum version 2.6.15; earlier versions may
also be vulnerable.
It should be noted this issue is only possible if the 'Tree View' feature is
enabled.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #251
http://www.securityfocus.com/archive/88/407760
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
New Partnership Announcement: SecurityFocus and ITinfosecure SecurityFocus and
ITinfosecure have teamed up to provide its customers with the most
comprehensive vendor-neutral IT security resource on the web! Users will now be
able to visit SecurityFocus.com to access information on the latest IT security
products through their partnership with ITinfosecure.com with their Product
Search feature. Combining this tool with SecurityFocus.s comprehensive
information of the latest IT security news and vulnerability information
ensures SecurityFocus remains the most comprehensive and trusted source of
security information on the Internet. Visit SecurityFocus today at
http://www.securityfocus.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Todd Stecher: "RE: IEEE 802.1x & EAP-TLS design based on Windows 2000 Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
