SecurityFocus Microsoft Newsletter #258

• Previous message: Derick Anderson: "RE: Active Directory and IIS on production servers, and clustering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Sep 2005 07:48:05 -0600 (MDT)
To: Focus-MS <focus-ms@securityfocus.com>

SecurityFocus Microsoft Newsletter #258
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I. FRONT AND CENTER
        1. Anonymity made easy
        2. Skype security and privacy concerns
        3. Windows rootkits come of age
II. MICROSOFT VULNERABILITY SUMMARY
        1. Veritas Storage Exec Multiple Remote DCOM Buffer Overflow
Vulnerabilities
        2. VBulletin Multiple Moderator And Administrator SQL Injection
Vulnerabilities
        3. VBulletin Multiple Cross-Site Scripting Vulnerabilities
        4. Opera Web Browser Mail Client Multiple Vulnerabilities
        5. Opera Web Browser Unspecified Drag And Drop File Upload
Vulnerability
        6. Microsoft Internet Explorer for Mac OS Denial of Service
Vulnerability
        7. Mozilla Browser/Firefox JavaScript Engine Integer Overflow
Vulnerability
        8. PowerArchiver Long Filename Buffer Overflow Vulnerability
        9. 7-Zip ARJ File Buffer Overflow Vulnerability
        10. Wzdftpd SITE Command Arbitrary Command Execution Vulnerability
        11. RealNetworks RealPlayer And Helix Player Format String
Vulnerability
        12. FL Studio FLP File Processing Heap Overflow Vulnerability
        13. SecureW2 Insecure Pre-Master Secret Generation Vulnerability
        14. Novell GroupWise Client Local Integer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
        1. Active Directory and IIS on production servers, and clustering
        2. ElseNot Project
        3. Group Policy Question on firewalls
        4. SecurityFocus Microsoft Newsletter #257
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Anonymity made easy
By Matthew Tanase
The opening passage to True Names, a novella written by noted science
fiction author Vernor Vinge nearly 25 years ago, delivers an eerily
prescient summary of modern Internet usage.
http://www.securityfocus.com/columnists/356

2. Skype security and privacy concerns
By Scott Granneman
One of my stranger hobbies is collecting interesting and weird anecdotes I
find in the news.
http://www.securityfocus.com/columnists/357

3.Windows rootkits come of age
By Federico Biancuzzi
SecurityFocus interviews Greg Hoglund and Jamie Butler on the state of
Windows rootkits and how quickly they have evolved.
http://www.securityfocus.com/columnists/358

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Veritas Storage Exec Multiple Remote DCOM Buffer Overflow
Vulnerabilities
BugTraq ID: 14801
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14801
Summary:
Veritas Storage Exec is susceptible to multiple remote buffer overflow
vulnerabilities. These issues are due to the lack of proper bounds
checking of user-supplied data prior to copying it to fixed size memory
buffers.

These issues are located in multiple DCOM servers in the affected product.
Both stack-based, and heap-based overflows are identified. By calling
associated ActiveX controls, attackers may exploit these overflows to
execute arbitrary machine code.

These vulnerabilities may be exploited by visiting malicious Web sites, or
viewing HTML email containing malicious script code.

2. VBulletin Multiple Moderator And Administrator SQL Injection
Vulnerabilities
BugTraq ID: 14872
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14872
Summary:
vBulletin is prone to multiple SQL injection vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input before using it in SQL queries.

Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

3. VBulletin Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14874
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14874
Summary:
vBulletin is prone to multiple cross-site scripting vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the
affected site. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.

4. Opera Web Browser Mail Client Multiple Vulnerabilities
BugTraq ID: 14880
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14880
Summary:
Opera Web Browser Mail client is affected by multiple vulnerabilities.
These issues could allow remote attackers to spoof attachment names and
carry out script injection attacks.

These vulnerabilities may also be combined to carry out various attacks.

Opera Web Browser 8.02 is reportedly vulnerable, however, it is likely
that other versions are affected as well.

5. Opera Web Browser Unspecified Drag And Drop File Upload Vulnerability
BugTraq ID: 14884
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14884
Summary:
Opera Web Browser is affected by an unspecified drag and drop file upload
vulnerability.

The cause of this issue was not specified, however, it may allow remote
attackers to upload arbitrary files to a computer. This can lead to
various attacks including arbitrary code execution in the context of the
user running the browser.

Due to lack of information, further details cannot be provided at the
moment. This BID will be update when more information becomes available.

6. Microsoft Internet Explorer for Mac OS Denial of Service Vulnerability
BugTraq ID: 14899
Remote: Yes
Date Published: 2005-09-22
Relevant URL: http://www.securityfocus.com/bid/14899
Summary:
Microsoft Internet Explorer for Mac OS is prone to a denial of service
vulnerability. This issue occurs when Internet Explorer attempts to
render a Web page with malformed content.

This vulnerability exists in Internet Explorer 5.2.3 for Mac OS.

7. Mozilla Browser/Firefox JavaScript Engine Integer Overflow
Vulnerability
BugTraq ID: 14917
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14917
Summary:
Mozilla Browser/Firefox are affected by an integer overflow vulnerability
in their JavaScript engine.

This issue may be exploited by a remote attacker who entices a user to
visit a malicious site.

A successful attack may facilitate unauthorized remote access to a
vulnerable computer.

Netscape Browser 8.0.3.3, Netscape 7.2, and K-Meleon 0.9 are vulnerable to
this issue as well.

8. PowerArchiver Long Filename Buffer Overflow Vulnerability
BugTraq ID: 14922
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14922
Summary:
A remote buffer overflow vulnerability exists in the PowerArchiver
application that could result in arbitrary code execution. This issue
arises because the application fails to perform boundary checks prior to
copying user-supplied data into sensitive process buffers.

An attacker may exploit this vulnerability to gain unauthorized remote
access in the context of SYSTEM. Further attacks are also possible.

9. 7-Zip ARJ File Buffer Overflow Vulnerability
BugTraq ID: 14925
Remote: Yes
Date Published: 2005-09-23
Relevant URL: http://www.securityfocus.com/bid/14925
Summary:
7-Zip is prone to a stack-based buffer overflow vulnerability.

Successful exploitation of this vulnerability will allow arbitrary code
execution.
Other attacks are also possible.

The vulnerability has been confirmed in version 3.13, 4.23, and 4.26 BETA.
Other versions may also be affected.

10. Wzdftpd SITE Command Arbitrary Command Execution Vulnerability
BugTraq ID: 14935
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14935
Summary:
wzdftpd is affected by a remote arbitrary command execution vulnerability.

This issue can allow an attacker to execute commands in the context of an
affected server and potentially gain unauthorized access.

wzdftpd 0.5.4 is reported to be vulnerable. Other versions may be
affected as well.

11. RealNetworks RealPlayer And Helix Player Format String Vulnerability
BugTraq ID: 14945
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14945
Summary:
RealPlayer and Helix player are susceptible to a format string
vulnerability. This issue is due to a failure of the application to
properly sanitize user-supplied input, allowing a remote attacker to
supply format specifiers directly to a formatted printing function.

Successful exploitation of this vulnerability allows remote attackers to
execute arbitrary machine code in the context of the affected application.

This issue was reported on RealNetworks RealPlayer 10.0.5.756 Gold on
Linux. Other versions are also likely affected.

12. FL Studio FLP File Processing Heap Overflow Vulnerability
BugTraq ID: 14946
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14946
Summary:
FL Studio is susceptible to a remote heap overflow vulnerability. This
issue is due to a failure of the application to properly bounds check
user-supplied data prior to copying it to an insufficiently sized memory
buffer.

The application fails to bounds check user-supplied data contained in FLP
files, resulting in the possibility of overflowing a destination heap
buffer. This allows attackers to control the contents of critical memory
control structures and write arbitrary data to arbitrary memory locations.

This issue likely allows attackers to execute arbitrary machine code in
the context of the user running the affected application.

This issue is reported in version 5.0.1 of FL Studio. Other versions may
also be affected.

13. SecureW2 Insecure Pre-Master Secret Generation Vulnerability
BugTraq ID: 14947
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14947
Summary:
SecureW2 is susceptible to an insecure pre-master secret generation
vulnerability. This issue is due to a design flaw in the application that
causes weak random numbers to be used in a cryptographic operation.

Due to the insecure use of random number generator functions, the secret
used in further client-server communications may be predicted by
attackers. This may lead to the loss of security properties associated
with the EAP-TTLS protocol, leading to a false sense of security.

By exploiting this vulnerability, attackers may gain access to the
cleartext contents of encrypted communication, aiding them in further
attacks. Man-in-the-middle, and other attacks may also be possible.

14. Novell GroupWise Client Local Integer Overflow Vulnerability
BugTraq ID: 14952
Remote: No
Date Published: 2005-09-27
Relevant URL: http://www.securityfocus.com/bid/14952
Summary:
Novell GroupWise Client is prone to a local integer overflow
vulnerability.

The attacker may leverage this issue to corrupt process memory, which may
lead to a crash or arbitrary code execution. A complete compromise of the
affected system may be possible.

GroupWise 6.5.3 is reported to be vulnerable. It is possible that other
versions are affected as well.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Active Directory and IIS on production servers, and clustering
http://www.securityfocus.com/archive/88/411805

2. ElseNot Project
http://www.securityfocus.com/archive/88/411721

3. Group Policy Question on firewalls
http://www.securityfocus.com/archive/88/411323

4. SecurityFocus Microsoft Newsletter #257
http://www.securityfocus.com/archive/88/411282

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Derick Anderson: "RE: Active Directory and IIS on production servers, and clustering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]