SecurityFocus Microsoft Newsletter #254

From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 08/31/05

  • Next message: Nikolai Belstein: "RE: RE: IEEE 802.1x & dynamic vlan assignment"
    Date: Wed, 31 Aug 2005 07:40:24 -0600 (MDT)
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #254
    ----------------------------------------

    Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
    is a free service that gives you the ability to track and manage attacks.
    Analyzer automatically correlates attacks from various Firewall and network
    based Intrusion Detection Systems, giving you a comprehensive view of your
    computer or general network. Sign up today!

    http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

    ------------------------------------------------------------------
    I. FRONT AND CENTER
           1. The great firewall of China
    II. MICROSOFT VULNERABILITY SUMMARY
           1. Sysinternals Process Explorer CompanyName Value Buffer Overflow
    Vulnerability
           2. Computer Associates Message Queuing Denial Of Service Vulnerability
           3. Computer Associates Message Queuing Buffer Overflow Vulnerability
           4. Computer Associates Message Queuing CAFT Spoofing Vulnerability
           5. ZipTorrent Proxy Server Password Disclosure Vulnerability
           6. Mercora IMRadio Plaintext Password Disclosure Weakness
           7. MPlayer Audio Header Buffer Overflow Vulnerability
           8. Home Ftp Server Multiple Vulnerabilities
           9. PAFileDB Auth.PHP SQL Injection Vulnerability
           10. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
           11. HP OpenView Network Node Manager Multiple Remote Command Execution
    Vulnerabilities
           12. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
           13. Microsoft Internet Explorer Unspecified Remote Vulnerability
    III. MICROSOFT FOCUS LIST SUMMARY
           1. SecurityFocus Microsoft Newsletter #253
    IV. UNSUBSCRIBE INSTRUCTIONS
    V. SPONSOR INFORMATION

    I. FRONT AND CENTER
    ---------------------
    1. The great firewall of China
    By Scott Granneman
    When a barrage of attacks and hacking attempts come from IP addresses traced
    back to China, and you don't do any business in China, do you block their
    entire IP address range and call it a day?
    http://www.securityfocus.com/columnists/350

    II. MICROSOFT VULNERABILITY SUMMARY
    ------------------------------------
    1. Sysinternals Process Explorer CompanyName Value Buffer Overflow
    Vulnerability
    BugTraq ID: 14616
    Remote: Yes
    Date Published: 2005-08-20
    Relevant URL: http://www.securityfocus.com/bid/14616
    Summary:
    Process Explorer is prone to a buffer overflow vulnerability. This issue is
    due to a failure in the application to perform proper bounds checking on
    user-supplied data.

    A successful attack can result in the overflowing of a finite sized buffer and
    may ultimately lead to the execution of arbitrary code in the context of the
    affected application.

    2. Computer Associates Message Queuing Denial Of Service Vulnerability
    BugTraq ID: 14621
    Remote: Yes
    Date Published: 2005-08-22
    Relevant URL: http://www.securityfocus.com/bid/14621
    Summary:
    Computer Associates Message Queuing (CAM) is prone to a remote denial of
    service vulnerability.

    A remote attacker can exploit this vulnerability to deny service to legitimate
    users.

    It should be noted exploitation of this issue does not cause the affected
    application to consume system resources. The only known consequence is no
    further connections to the TCP port can take place.

    3. Computer Associates Message Queuing Buffer Overflow Vulnerability
    BugTraq ID: 14622
    Remote: Yes
    Date Published: 2005-08-22
    Relevant URL: http://www.securityfocus.com/bid/14622
    Summary:
    Computer Associates Message Queuing (CAM) is prone to a buffer overflow
    vulnerability. This issue is due to a failure in the application to perform
    proper bounds checking on user-supplied data.

    A successful attack can cause the process's execution stack to overflow and may
    ultimately lead to the execution of arbitrary code in the context of the
    affected application. This may facilitate privilege escalation to SYSTEM level
    privileges.

    4. Computer Associates Message Queuing CAFT Spoofing Vulnerability
    BugTraq ID: 14623
    Remote: Yes
    Date Published: 2005-08-22
    Relevant URL: http://www.securityfocus.com/bid/14623
    Summary:
    CAM is prone to a vulnerability that could permit the spoofing of a CAFT
    application utilizing the CAM instance. This may ultimately allow the
    execution of arbitrary commands.
    CAFT is a file transfer application that utilizes CAM to send and receive the
    files. The problem presents itself due to a failure in the CAM service to
    verify the legitimacy of the CAFT application. An attacker can spoof a
    legitimate CAFT instance and ultimately execute arbitrary CAM commands with
    elevated privileges.

    5. ZipTorrent Proxy Server Password Disclosure Vulnerability
    BugTraq ID: 14645
    Remote: No
    Date Published: 2005-08-23
    Relevant URL: http://www.securityfocus.com/bid/14645
    Summary:
    ZipTorrent is affected by a vulnerability that may allow local attackers to
    obtain the proxy server passwords of affected users.

    This may lead to various attacks against affected users including the
    disclosure of sensitive information.

    ZipTorrent 1.3.7.3 is vulnerable to this issue, however, other versions may be
    affected as well.

    6. Mercora IMRadio Plaintext Password Disclosure Weakness
    BugTraq ID: 14646
    Remote: No
    Date Published: 2005-08-23
    Relevant URL: http://www.securityfocus.com/bid/14646
    Summary:
    Mercora IMRadio is prone to a plaintext password disclosure weakness. Registry
    keys for the application are not encrypted or obfuscated in any way.
    A local attacker may monitor the keyboard, CRT and mouse activity of a local
    administrator and retrieve the usernames and passwords for other users of the
    affected application.It should be noted that normal user accounts do not have
    the ability to read these registry keys.
    In the event that an attacker gains administrative privileges by some other
    means, these usernames and passwords could be viewed and recorded to launch
    further attacks on the affected computer.

    7. MPlayer Audio Header Buffer Overflow Vulnerability
    BugTraq ID: 14652
    Remote: Yes
    Date Published: 2005-08-24
    Relevant URL: http://www.securityfocus.com/bid/14652
    Summary:
    A buffer overflow vulnerability affects MPlayer. This issue is due to a failure
    of the application to properly validate the length of user-supplied strings
    prior to copying them into static process buffers.

    The problem presents itself when the affected application attempts to process
    audio streams that contain overly large values in their header.

    An attacker may exploit this issue to execute arbitrary code with the
    privileges of the user that activated the vulnerable application. This may
    facilitate unauthorized access or privilege escalation.

    8. Home Ftp Server Multiple Vulnerabilities
    BugTraq ID: 14653
    Remote: Yes
    Date Published: 2005-08-24
    Relevant URL: http://www.securityfocus.com/bid/14653
    Summary:
    Home Ftp Server is affected by multiple vulnerabilities. These issues can
    allow local attackers to disclose sensitive information and remote attackers to
    carry out directory traversal attacks.

    Home Ftp Server 1.0.7 b45 is reported to be vulnerable. Other versions may be
    affected as well.

    9. PAFileDB Auth.PHP SQL Injection Vulnerability
    BugTraq ID: 14654
    Remote: Yes
    Date Published: 2005-08-24
    Relevant URL: http://www.securityfocus.com/bid/14654
    Summary:
    paFileDB is prone to an SQL injection vulnerability. This issue is due to a
    failure in the application to properly sanitize user-supplied input before
    using it in an SQL query.

    Exploitation of this issue may allow for compromise of the software, session
    hijacking, or attacks against the underlying database. Other attacks are also
    possible.

    10. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
    BugTraq ID: 14655
    Remote: Yes
    Date Published: 2005-08-24
    Relevant URL: http://www.securityfocus.com/bid/14655
    Summary:
    LeapFTP client is prone to a remote buffer overflow vulnerability.

    The issue arises when the client handles a malformed LeapFTP Site Queue (.lsq)
    file.

    A remote attacker may gain unauthorized access in the context of the user
    running the application.

    LeapFTP versions prior to 2.7.6.612 are affected by this vulnerability.

    11. HP OpenView Network Node Manager Multiple Remote Command Execution
    Vulnerabilities
    BugTraq ID: 14662
    Remote: Yes
    Date Published: 2005-08-25
    Relevant URL: http://www.securityfocus.com/bid/14662
    Summary:
    HP OpenView Network Node Manager is prone to multiple remote arbitrary command
    execution vulnerabilities.

    These issue arises when the user-specified 'node' URI parameter of various
    scripts is utilized as a part of a command to be executed with the 'system()'
    function.

    These issues may facilitate unauthorized remote access in the context of the
    Web server to the affected computer.

    These issues affects version 6.41 and 7.5 on the Solaris platform. Unknown
    versions of the package on Microsoft Windows platforms is also affected. It is
    likely that other versions and platforms are also affected.

    12. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
    BugTraq ID: 14678
    Remote: Yes
    Date Published: 2005-08-29
    Relevant URL: http://www.securityfocus.com/bid/14678
    Summary:
    FUDforum is prone to a remote arbitrary PHP file upload vulnerability.

    An attacker can merge an image file with a script file and upload it to an
    affected server.

    This issue can facilitate unauthorized remote access.

    FUDforum versions prior to 2.7.1 are reported to be affected. Currently
    Symantec cannot confirm if version 2.7.1 is affected as well.

    13. Microsoft Internet Explorer Unspecified Remote Vulnerability
    BugTraq ID: 14683
    Remote: Yes
    Date Published: 2005-08-27
    Relevant URL: http://www.securityfocus.com/bid/14683
    Summary:
    Microsoft Internet Explorer is affected by an unspecified remote vulnerability.

    This vulnerability affects Internet Explorer 6.0 running on Microsoft Windows
    XP SP2. A successful attack can crash the browser or potentially result in
    arbitrary code execution.

    Due to a lack of information, further details cannot be provided. This BID
    will be updated when more information becomes available.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. SecurityFocus Microsoft Newsletter #253
    http://www.securityfocus.com/archive/88/409064

    IV. UNSUBSCRIBE INSTRUCTIONS
    -----------------------------
    To unsubscribe send an e-mail message to
    ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
    contents of the subject or message body do not matter. You will receive a
    confirmation request message to which you will have to answer. Alternatively
    you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
    the website.

    If your email address has changed email listadmin@securityfocus.com and ask to
    be manually removed.

    V. SPONSOR INFORMATION
    ------------------------
    Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
    is a free service that gives you the ability to track and manage attacks.
    Analyzer automatically correlates attacks from various Firewall and network
    based Intrusion Detection Systems, giving you a comprehensive view of your
    computer or general network. Sign up today!

    http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Nikolai Belstein: "RE: RE: IEEE 802.1x & dynamic vlan assignment"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #131
      ... MICROSOFT VULNERABILITY SUMMARY ... Advanced Poll Remote Information Disclosure Vulnerability ... PHPNuke News Module Article.PHP SQL Injection Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #211
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Kernel Local Denial of Service Vulnerabili... ... OCPortal Content Management System Remote File Include Vulne... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #229
      ... Windows NTFS Alternate Data Streams ... MICROSOFT VULNERABILITY SUMMARY ... VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab... ... AWStats Debug Remote Information Disclosure Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #237
      ... MICROSOFT VULNERABILITY SUMMARY ... JPortal Banner.PHP SQL Injection Vulnerability ... Microsoft Windows Kernel Object Management Denial Of Service... ... Microsoft Windows Message Queuing Remote Buffer Overflow Vul... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #260
      ... MICROSOFT VULNERABILITY SUMMARY ... Remote: Yes ... attacker to execute arbitrary code on a vulnerable computer with SYSTEM ...
      (Focus-Microsoft)