SecurityFocus Microsoft Newsletter #254

• Previous message: Derick Anderson: "Group Policy: multiple password policies in the same domain?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 31 Aug 2005 07:40:24 -0600 (MDT)
To: Focus-MS <focus-ms@securityfocus.com>

SecurityFocus Microsoft Newsletter #254
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I. FRONT AND CENTER
       1. The great firewall of China
II. MICROSOFT VULNERABILITY SUMMARY
       1. Sysinternals Process Explorer CompanyName Value Buffer Overflow
Vulnerability
       2. Computer Associates Message Queuing Denial Of Service Vulnerability
       3. Computer Associates Message Queuing Buffer Overflow Vulnerability
       4. Computer Associates Message Queuing CAFT Spoofing Vulnerability
       5. ZipTorrent Proxy Server Password Disclosure Vulnerability
       6. Mercora IMRadio Plaintext Password Disclosure Weakness
       7. MPlayer Audio Header Buffer Overflow Vulnerability
       8. Home Ftp Server Multiple Vulnerabilities
       9. PAFileDB Auth.PHP SQL Injection Vulnerability
       10. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
       11. HP OpenView Network Node Manager Multiple Remote Command Execution
Vulnerabilities
       12. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
       13. Microsoft Internet Explorer Unspecified Remote Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter #253
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. The great firewall of China
By Scott Granneman
When a barrage of attacks and hacking attempts come from IP addresses traced
back to China, and you don't do any business in China, do you block their
entire IP address range and call it a day?
http://www.securityfocus.com/columnists/350

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Sysinternals Process Explorer CompanyName Value Buffer Overflow
Vulnerability
BugTraq ID: 14616
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14616
Summary:
Process Explorer is prone to a buffer overflow vulnerability. This issue is
due to a failure in the application to perform proper bounds checking on
user-supplied data.

A successful attack can result in the overflowing of a finite sized buffer and
may ultimately lead to the execution of arbitrary code in the context of the
affected application.

2. Computer Associates Message Queuing Denial Of Service Vulnerability
BugTraq ID: 14621
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14621
Summary:
Computer Associates Message Queuing (CAM) is prone to a remote denial of
service vulnerability.

A remote attacker can exploit this vulnerability to deny service to legitimate
users.

It should be noted exploitation of this issue does not cause the affected
application to consume system resources. The only known consequence is no
further connections to the TCP port can take place.

3. Computer Associates Message Queuing Buffer Overflow Vulnerability
BugTraq ID: 14622
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14622
Summary:
Computer Associates Message Queuing (CAM) is prone to a buffer overflow
vulnerability. This issue is due to a failure in the application to perform
proper bounds checking on user-supplied data.

A successful attack can cause the process's execution stack to overflow and may
ultimately lead to the execution of arbitrary code in the context of the
affected application. This may facilitate privilege escalation to SYSTEM level
privileges.

4. Computer Associates Message Queuing CAFT Spoofing Vulnerability
BugTraq ID: 14623
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14623
Summary:
CAM is prone to a vulnerability that could permit the spoofing of a CAFT
application utilizing the CAM instance. This may ultimately allow the
execution of arbitrary commands.
CAFT is a file transfer application that utilizes CAM to send and receive the
files. The problem presents itself due to a failure in the CAM service to
verify the legitimacy of the CAFT application. An attacker can spoof a
legitimate CAFT instance and ultimately execute arbitrary CAM commands with
elevated privileges.

5. ZipTorrent Proxy Server Password Disclosure Vulnerability
BugTraq ID: 14645
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14645
Summary:
ZipTorrent is affected by a vulnerability that may allow local attackers to
obtain the proxy server passwords of affected users.

This may lead to various attacks against affected users including the
disclosure of sensitive information.

ZipTorrent 1.3.7.3 is vulnerable to this issue, however, other versions may be
affected as well.

6. Mercora IMRadio Plaintext Password Disclosure Weakness
BugTraq ID: 14646
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14646
Summary:
Mercora IMRadio is prone to a plaintext password disclosure weakness. Registry
keys for the application are not encrypted or obfuscated in any way.
A local attacker may monitor the keyboard, CRT and mouse activity of a local
administrator and retrieve the usernames and passwords for other users of the
affected application.It should be noted that normal user accounts do not have
the ability to read these registry keys.
In the event that an attacker gains administrative privileges by some other
means, these usernames and passwords could be viewed and recorded to launch
further attacks on the affected computer.

7. MPlayer Audio Header Buffer Overflow Vulnerability
BugTraq ID: 14652
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14652
Summary:
A buffer overflow vulnerability affects MPlayer. This issue is due to a failure
of the application to properly validate the length of user-supplied strings
prior to copying them into static process buffers.

The problem presents itself when the affected application attempts to process
audio streams that contain overly large values in their header.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.

8. Home Ftp Server Multiple Vulnerabilities
BugTraq ID: 14653
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14653
Summary:
Home Ftp Server is affected by multiple vulnerabilities. These issues can
allow local attackers to disclose sensitive information and remote attackers to
carry out directory traversal attacks.

Home Ftp Server 1.0.7 b45 is reported to be vulnerable. Other versions may be
affected as well.

9. PAFileDB Auth.PHP SQL Injection Vulnerability
BugTraq ID: 14654
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14654
Summary:
paFileDB is prone to an SQL injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before
using it in an SQL query.

Exploitation of this issue may allow for compromise of the software, session
hijacking, or attacks against the underlying database. Other attacks are also
possible.

10. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
BugTraq ID: 14655
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14655
Summary:
LeapFTP client is prone to a remote buffer overflow vulnerability.

The issue arises when the client handles a malformed LeapFTP Site Queue (.lsq)
file.

A remote attacker may gain unauthorized access in the context of the user
running the application.

LeapFTP versions prior to 2.7.6.612 are affected by this vulnerability.

11. HP OpenView Network Node Manager Multiple Remote Command Execution
Vulnerabilities
BugTraq ID: 14662
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14662
Summary:
HP OpenView Network Node Manager is prone to multiple remote arbitrary command
execution vulnerabilities.

These issue arises when the user-specified 'node' URI parameter of various
scripts is utilized as a part of a command to be executed with the 'system()'
function.

These issues may facilitate unauthorized remote access in the context of the
Web server to the affected computer.

These issues affects version 6.41 and 7.5 on the Solaris platform. Unknown
versions of the package on Microsoft Windows platforms is also affected. It is
likely that other versions and platforms are also affected.

12. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
BugTraq ID: 14678
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14678
Summary:
FUDforum is prone to a remote arbitrary PHP file upload vulnerability.

An attacker can merge an image file with a script file and upload it to an
affected server.

This issue can facilitate unauthorized remote access.

FUDforum versions prior to 2.7.1 are reported to be affected. Currently
Symantec cannot confirm if version 2.7.1 is affected as well.

13. Microsoft Internet Explorer Unspecified Remote Vulnerability
BugTraq ID: 14683
Remote: Yes
Date Published: 2005-08-27
Relevant URL: http://www.securityfocus.com/bid/14683
Summary:
Microsoft Internet Explorer is affected by an unspecified remote vulnerability.

This vulnerability affects Internet Explorer 6.0 running on Microsoft Windows
XP SP2. A successful attack can crash the browser or potentially result in
arbitrary code execution.

Due to a lack of information, further details cannot be provided. This BID
will be updated when more information becomes available.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #253
http://www.securityfocus.com/archive/88/409064

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.

If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.

V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Derick Anderson: "Group Policy: multiple password policies in the same domain?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]