SecurityFocus Microsoft Newsletter #256

From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 09/14/05

  • Next message: Milos Puchta: "CC and Windows evaluation"
    Date: Wed, 14 Sep 2005 07:32:24 -0600 (MDT)
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #256
    ----------------------------------------

    This Issue is Sponsored By: AirDefense

    FREE WHITE PAPER & SOFTWARE DOWNLOAD . Protect your Wi-Fi Laptops
    Learn how wireless laptops can be compromised at public hotspots. This white
    paper explores how Wi-Phishing works and what procedures and policies are
    needed to secure the mobile workforce. Also download AirDefense Personal
    software to protect your wireless laptop anywhere from hotspot phishing, Evil
    Twin, hackers, misconfigurations.
    Download the white paper and AirDefense Personal software at:

    http://www.securityfocus.com/sponsor/Airdefense_linux-secnews_050913

    ------------------------------------------------------------------
    I. FRONT AND CENTER
           1. Embedded market ripe for picking
           2. Security lessons from Katrina
    II. MICROSOFT VULNERABILITY SUMMARY
           1. Rediff Bol Instant Messenger ActiveX Control Information Disclosure
    Vulnerability
           2. Microsoft Windows Keyboard Event Privilege Escalation Weakness
           3. ALTools ALZip ACE Archive File Name Buffer Overflow Vulnerability
           4. Microsoft IIS WebDAV HTTP Request Source Code Disclosure Vulnerability
           5. Eset Software NOD32 Antivirus ARJ Archive Handling Remote Buffer
    Overflow Vulnerability
           6. Microsoft September Advance Notification Unspecified Security
    Vulnerabilities
           7. Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow
    Vulnerability
           8. Sun Java System Web Proxy Server Unspecified Remote Denial Of Service
    Vulnerability
           9. Ipswitch Whatsup Small Business 2004 File Disclosure Vulnerability
           10. KillProcess Local Privilege Escalation Vulnerability
           11. Zebedee Remote Denial Of Service Vulnerability
           12. Ipswitch Whatsup Gold Map.ASP Cross-Site Scripting Vulnerability
           13. Ipswitch Whatsup Gold Cross-Site Scripting Vulnerability
           14. COOL! Remote Control Remote Denial Of Service Vulnerability
           15. PunBB BBCode URL Tag HTML Injection Vulnerability
           16. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
    III. MICROSOFT FOCUS LIST SUMMARY
           1. runas vs network connections etc etc....
           2. SecurityFocus Microsoft Newsletter #255
    IV. UNSUBSCRIBE INSTRUCTIONS
    V. SPONSOR INFORMATION

    I. FRONT AND CENTER
    ---------------------
    1. Embedded market ripe for picking
    By Daniel Hanson
    Perhaps an embedded version of windows in every device isn't such a bad thing
    after all.
    http://www.securityfocus.com/columnists/353

    2. Security lessons from Katrina
    By Mark Rasch
    > From this disaster, there are a few lessons IT staff, and IT security staff,
    > as well as senior management should learn.
    http://www.securityfocus.com/columnists/354

    II. MICROSOFT VULNERABILITY SUMMARY
    ------------------------------------
    1. Rediff Bol Instant Messenger ActiveX Control Information Disclosure
    Vulnerability
    BugTraq ID: 14740
    Remote: Yes
    Date Published: 2005-09-05
    Relevant URL: http://www.securityfocus.com/bid/14740
    Summary:
    Rediff Bol Instant Messenger is prone to an information disclosure
    vulnerability. A malicious ActiveX control could allow an attacker to obtain
    the contents of a vulnerable user's Windows Address Book.

    2. Microsoft Windows Keyboard Event Privilege Escalation Weakness
    BugTraq ID: 14743
    Remote: No
    Date Published: 2005-09-05
    Relevant URL: http://www.securityfocus.com/bid/14743
    Summary:
    Microsoft Windows is prone to a privilege escalation weakness. This issue is
    due to a design error when desktop applications handle keyboard events sent
    through the keybd_event() function. The specific issue is that programs may
    send keyboard events to higher privileged desktop applications.

    This poses a local security risk as malicious keyboard events may be sent to a
    desktop application such as 'explorer.exe' that is running as a higher
    privileged user. These keyboard events will be interpreted in the context of
    the target user. This issue could likely be abused after exploitation of a
    latent remote code execution vulnerability in a service to elevate privileges.
    In this scenario, a user with higher privileges than the service must be logged
    into the desktop.

    3. ALTools ALZip ACE Archive File Name Buffer Overflow Vulnerability
    BugTraq ID: 14759
    Remote: Yes
    Date Published: 2005-09-07
    Relevant URL: http://www.securityfocus.com/bid/14759
    Summary:
    ALTools ALZip is prone to a buffer overflow when handling ACE archives that
    contain files with overly long names.
    This may be exploited to execute arbitrary code in the context of the user who
    is running the application. The vulnerability is considered remotely
    exploitable in nature since malicious ACE archives will likely originate from
    an external, untrusted source.
    4. Microsoft IIS WebDAV HTTP Request Source Code Disclosure Vulnerability
    BugTraq ID: 14764
    Remote: Yes
    Date Published: 2005-09-04
    Relevant URL: http://www.securityfocus.com/bid/14764
    Summary:
    Microsoft IIS is reportedly affected by a remote script source disclosure
    vulnerability.

    A successful attack causes the Web server to present the requested file as a
    plain text file and subsequently disclosing the source.
    It should be noted that this issue only presents itself when the requested
    files are stored on a FAT or FAT32 volume and does not arise if the script
    files are stored on a NTFS volume.

    Microsoft IIS 5.1 is vulnerable to this issue.

    5. Eset Software NOD32 Antivirus ARJ Archive Handling Remote Buffer Overflow
    Vulnerability
    BugTraq ID: 14773
    Remote: Yes
    Date Published: 2005-09-08
    Relevant URL: http://www.securityfocus.com/bid/14773
    Summary:
    NOD32 Antivirus is affected by a remote buffer overflow vulnerability when
    handling ARJ archives.

    An attacker may exploit this vulnerability to gain unauthorized remote access
    with SYSTEM privileges.

    NOD32 for Windows version 2.5 running nod32.002 version 1.033 build 1127 is
    reportedly affected, however, it is possible that other versions are vulnerable
    as well.

    6. Microsoft September Advance Notification Unspecified Security
    Vulnerabilities
    BugTraq ID: 14780
    Remote: Unknown
    Date Published: 2005-09-08
    Relevant URL: http://www.securityfocus.com/bid/14780
    Summary:
    Microsoft has released advanced notification for one security bulletin that
    will be released on September 13, 2005.

    This security bulletin affects Microsoft Windows.

    Update: Microsoft reports there will no longer be any security updates on
    September 13th as part of the September monthly bulletin release cycle.

    7. Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow
    Vulnerability
    BugTraq ID: 14784
    Remote: Yes
    Date Published: 2005-09-09
    Relevant URL: http://www.securityfocus.com/bid/14784
    Summary:
    Mozilla/Netscape/Firefox are reported prone to a remote buffer overflow
    vulnerability when handling a malformed URI.

    A successful attack may result in a crash or the execution of arbitrary code.

    Firefox 1.0.6 and 1.5 Beta 1 are vulnerable to this issue. Mozilla 1.7.11 and
    Netscape 8.0.3.3 and 7.2 are affected as well.
    8. Sun Java System Web Proxy Server Unspecified Remote Denial Of Service
    Vulnerability
    BugTraq ID: 14788
    Remote: Yes
    Date Published: 2005-09-08
    Relevant URL: http://www.securityfocus.com/bid/14788
    Summary:
    Sun Java System Web Proxy Server is prone to an unspecified remote denial of
    service vulnerability. This issue allows remote attackers to cause the affected
    service to fail to respond to further requests.

    Successful exploitation will permit remote attackers to deny service to
    legitimate users.

    9. Ipswitch Whatsup Small Business 2004 File Disclosure Vulnerability
    BugTraq ID: 14792
    Remote: Yes
    Date Published: 2005-09-09
    Relevant URL: http://www.securityfocus.com/bid/14792
    Summary:
    Ipswitch Whatsup Small Business 2004 is prone to a file disclosure
    vulnerability. This is due to a lack of proper sanitization of user-supplied
    input.

    A remote attacker may exploit this vulnerability to reveal files that contain
    potentially sensitive information.

    10. KillProcess Local Privilege Escalation Vulnerability
    BugTraq ID: 14795
    Remote: No
    Date Published: 2005-09-09
    Relevant URL: http://www.securityfocus.com/bid/14795
    Summary:
    KillProcess is prone to a local buffer overflow vulnerability.

    A successful attack allows arbitrary machine code execution with the privileges
    of the user running KillProcess.

    KillProcess 2.20 and prior versions are vulnerable.

    11. Zebedee Remote Denial Of Service Vulnerability
    BugTraq ID: 14796
    Remote: Yes
    Date Published: 2005-09-09
    Relevant URL: http://www.securityfocus.com/bid/14796
    Summary:
    A remote denial of service vulnerability affects Zebedee. This issue is due to
    a failure of the application to properly handle exceptional network requests.

    Specifically, Zebedee is unable to handle requests for connections that contain
    a zero for the requested destination port.

    A remote attacker may leverage this issue to crash the affected application,
    denying service to legitimate users.

    Zebedee version 2.4.1 is reported vulnerable to this issue; other versions may
    also be affected.

    12. Ipswitch Whatsup Gold Map.ASP Cross-Site Scripting Vulnerability
    BugTraq ID: 14797
    Remote: Yes
    Date Published: 2005-09-09
    Relevant URL: http://www.securityfocus.com/bid/14797
    Summary:
    Ipswitch Whatsup Gold is prone to a cross-site scripting vulnerability. This
    issue is due to a lack of proper sanitization of user-supplied input.

    An attacker may leverage this issue to have arbitrary script code executed in
    the browser of an unsuspecting user in the context of the affected site. This
    may facilitate the theft of cookie-based authentication credentials as well as
    other attacks.

    13. Ipswitch Whatsup Gold Cross-Site Scripting Vulnerability
    BugTraq ID: 14799
    Remote: Yes
    Date Published: 2005-09-09
    Relevant URL: http://www.securityfocus.com/bid/14799
    Summary:
    Ipswitch Whatsup Gold is prone to a file disclosure vulnerability. This is due
    to a lack of proper sanitization of user-supplied input.

    A remote attacker may exploit this vulnerability to reveal files that contain
    potentially sensitive information. Information that is harvested in this manner
    may then be used to aid in further attacks against the software and the
    computer that is hosting the software.

    14. COOL! Remote Control Remote Denial Of Service Vulnerability
    BugTraq ID: 14802
    Remote: Yes
    Date Published: 2005-09-12
    Relevant URL: http://www.securityfocus.com/bid/14802
    Summary:
    COOL! Remote Control is vulnerable to a remote denial of service vulnerability.

    Successful exploitation will permit remote attackers to deny service to
    legitimate users or cause the client to crash.

    COOL! Remote Control 1.12 is affected by this issue. Other versions may be
    vulnerable as well.

    15. PunBB BBCode URL Tag HTML Injection Vulnerability
    BugTraq ID: 14808
    Remote: Yes
    Date Published: 2005-09-12
    Relevant URL: http://www.securityfocus.com/bid/14808
    Summary:
    PunBB is prone to an HTML injection vulnerability. This is due to a lack of
    proper sanitization of user-supplied input.

    Attacker-supplied HTML and script code would be executed in the context of the
    affected Web site, potentially allowing for theft of cookie-based
    authentication credentials. An attacker could also exploit this issue to
    control how the site is rendered to the user; other attacks are also possible.

    16. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
    BugTraq ID: 14811
    Remote: Yes
    Date Published: 2005-09-12
    Relevant URL: http://www.securityfocus.com/bid/14811
    Summary:
    Snort is reported prone to a remote denial of service vulnerability. The
    vulnerability is reported to exist in the 'PrintTcpOptions()' function of
    'log.c', and is a result of a failure to sufficiently handle malicious TCP
    packets.

    A remote attacker may trigger this vulnerability to crash a remote Snort server
    and in doing so may prevent subsequent malicious attacks from being detected.

    It should be noted that the vulnerable code path is only executed when Snort is
    run with the '-v' (verbose) flag. Due to the performance penalty of running the
    Snort application in verbose mode, it is likely that most production
    installations of the application are not vulnerable to this issue.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. runas vs network connections etc etc....
    http://www.securityfocus.com/archive/88/410243

    2. SecurityFocus Microsoft Newsletter #255
    http://www.securityfocus.com/archive/88/409934

    IV. UNSUBSCRIBE INSTRUCTIONS
    -----------------------------
    To unsubscribe send an e-mail message to
    ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
    contents of the subject or message body do not matter. You will receive a
    confirmation request message to which you will have to answer. Alternatively
    you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
    the website.

    If your email address has changed email listadmin@securityfocus.com and ask to
    be manually removed.

    V. SPONSOR INFORMATION
    ------------------------
    This Issue is Sponsored By: AirDefense

    FREE WHITE PAPER & SOFTWARE DOWNLOAD . Protect your Wi-Fi Laptops
    Learn how wireless laptops can be compromised at public hotspots. This white
    paper explores how Wi-Phishing works and what procedures and policies are
    needed to secure the mobile workforce. Also download AirDefense Personal
    software to protect your wireless laptop anywhere from hotspot phishing, Evil
    Twin, hackers, misconfigurations.
    Download the white paper and AirDefense Personal software at:

    http://www.securityfocus.com/sponsor/Airdefense_linux-secnews_050913

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Milos Puchta: "CC and Windows evaluation"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #131
      ... MICROSOFT VULNERABILITY SUMMARY ... Advanced Poll Remote Information Disclosure Vulnerability ... PHPNuke News Module Article.PHP SQL Injection Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter
      ... MICROSOFT VULNERABILITY SUMMARY ... EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities ... SmarterTools SmarterMail Subject Field HTML Injection Vulnerability ... An attacker can exploit these issues to crash the affected application, ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #211
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Kernel Local Denial of Service Vulnerabili... ... OCPortal Content Management System Remote File Include Vulne... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #229
      ... Windows NTFS Alternate Data Streams ... MICROSOFT VULNERABILITY SUMMARY ... VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab... ... AWStats Debug Remote Information Disclosure Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #237
      ... MICROSOFT VULNERABILITY SUMMARY ... JPortal Banner.PHP SQL Injection Vulnerability ... Microsoft Windows Kernel Object Management Denial Of Service... ... Microsoft Windows Message Queuing Remote Buffer Overflow Vul... ...
      (Focus-Microsoft)