SecurityFocus Microsoft Newsletter #259
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 10/05/05
- Previous message: Ansgar -59cobalt- Wiechers: "Re: windows secure copy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 5 Oct 2005 07:28:53 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #259
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Can writing software be a crime?
2. Reducing browser privileges
II. MICROSOFT VULNERABILITY SUMMARY
1. Wzdftpd SITE Command Arbitrary Command Execution Vulnerability
2. RealNetworks RealPlayer And Helix Player Format String Vulnerability
3. FL Studio FLP File Processing Heap Overflow Vulnerability 4. SecureW2
Insecure Pre-Master Secret Generation Vulnerability
5. Novell GroupWise Client Local Integer Overflow Vulnerability
6. Zone Labs ZoneAlarm Pro DDE-IPC Advanced Program Control Bypass
Weakness
7. Microsoft Internet Explorer XmlHttpRequest Parameter Validation
Weakness
8. AbiWord RTF File Processing Buffer Overflow Vulnerability 9.
NateOn Messenger Arbitrary File Download And Buffer Overflow Vulnerabilities
10. NTLM Authorization Proxy Server Insecure Configuration File
Permissions Vulnerability
11. Blender Command Line Processing Buffer Overflow Vulnerability
12. EasyGuppy Printfaq.PHP Directory Traversal Vulnerability
13. Citrix MetaFrame Presentation Server Security Policy Bypass
Vulnerability
14. Bugzilla config.cgi Information Disclosure Vulnerability
15. Bugzilla User-Matching Information Disclosure Vulnerability
16. MailEnable W3C Logging Buffer Overflow Vulnerability
17. Microsoft Windows Wireless Zero Configuration Service Information
Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Remote.exe from "Support tools" on Win 2003 CD
2. windows secure copy
3. SecurityFocus Microsoft Newsletter #258
4. Office 2003 SP2?
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Can writing software be a crime?
By Mark Rasch
Can writing software be a crime? A recent indictment in San Diego, California
indicates that the answer to that question may be yes.
http://www.securityfocus.com/columnists/360
2. Reducing browser privileges
By Mark Squire
Security companies and researchers have made careers out of identifying the
latest bugs in Internet Explorer.
http://www.securityfocus.com/infocus/1848
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Wzdftpd SITE Command Arbitrary Command Execution Vulnerability
BugTraq ID: 14935
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14935
Summary:
wzdftpd is affected by a remote arbitrary command execution vulnerability.
This issue can allow an attacker to execute commands in the context of an
affected server and potentially gain unauthorized access.
wzdftpd 0.5.4 is reported to be vulnerable. Other versions may be affected as
well.
2. RealNetworks RealPlayer And Helix Player Format String Vulnerability BugTraq
ID: 14945
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14945
Summary:
RealPlayer and Helix player are susceptible to a format string vulnerability.
This issue is due to a failure of the application to properly sanitize
user-supplied input, allowing a remote attacker to supply format specifiers
directly to a formatted printing function.
Successful exploitation of this vulnerability allows remote attackers to
execute arbitrary machine code in the context of the affected application.
RealPlayer 10.0 through 10.0.5 for Linux and Helix Player 1.0 through 1.0.5 are
prone to this issue.
3. FL Studio FLP File Processing Heap Overflow Vulnerability BugTraq ID: 14946
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14946
Summary:
FL Studio is susceptible to a remote heap overflow vulnerability. This issue is
due to a failure of the application to properly bounds check user-supplied data
prior to copying it to an insufficiently sized memory buffer.
The application fails to bounds check user-supplied data contained in FLP
files, resulting in the possibility of overflowing a destination heap buffer.
This allows attackers to control the contents of critical memory control
structures and write arbitrary data to arbitrary memory locations.
This issue likely allows attackers to execute arbitrary machine code in the
context of the user running the affected application.
This issue is reported in version 5.0.1 of FL Studio. Other versions may also
be affected.
4. SecureW2 Insecure Pre-Master Secret Generation Vulnerability
BugTraq ID: 14947
Remote: Yes
Date Published: 2005-09-26
Relevant URL: http://www.securityfocus.com/bid/14947
Summary:
SecureW2 is susceptible to an insecure pre-master secret generation
vulnerability. This issue is due to a design flaw in the application that
causes weak random numbers to be used in a cryptographic operation.
Due to the insecure use of random number generator functions, the secret used
in further client-server communications may be predicted by attackers. This may
lead to the loss of security properties associated with the EAP-TTLS protocol,
leading to a false sense of security.
By exploiting this vulnerability, attackers may gain access to the cleartext
contents of encrypted communication, aiding them in further attacks.
Man-in-the-middle, and other attacks may also be possible.
5. Novell GroupWise Client Local Integer Overflow Vulnerability
BugTraq ID: 14952
Remote: No
Date Published: 2005-09-27
Relevant URL: http://www.securityfocus.com/bid/14952
Summary:
Novell GroupWise Client is prone to a local integer overflow vulnerability.
The attacker may leverage this issue to corrupt process memory, which may lead
to a crash or arbitrary code execution. A complete compromise of the affected
system may be possible.
GroupWise 6.5.3 is reported to be vulnerable. It is possible that other
versions are affected as well.
6. Zone Labs ZoneAlarm Pro DDE-IPC Advanced Program Control Bypass Weakness
BugTraq ID: 14966
Remote: No
Date Published: 2005-09-28
Relevant URL: http://www.securityfocus.com/bid/14966
Summary:
ZoneAlarm Pro is prone to a weakness that permits the bypassing of the Advanced
Program Control feature settings.
An attacker can exploit this weakness to bypass restrictive settings and
transmit data to external sources through the use of permitted applications.
UPDATE: The vendor has investigated the vulnerability and has stated that the
attack does not bypass Advanced Program Control. Therefore, this is no longer
considered a security vulnerability and this BID has been retired.
7. Microsoft Internet Explorer XmlHttpRequest Parameter Validation Weakness
BugTraq ID: 14969
Remote: Yes
Date Published: 2005-09-24
Relevant URL: http://www.securityfocus.com/bid/14969
Summary:
Microsoft Internet Explorer is prone to a weakness that permits the injection
of arbitrary HTTP requests due to improper verification of parameters passed to
XmlHttpRequest.
An attacker may craft a Web site that instantiates the affected control and
force the browser to request a site on the same host or another host in case a
forwarding proxy is employed. The attacker would then intercept the response
and steal sensitive data to aid in attacks.
A successful attack may have various consequences facilitating HTTP request
smuggling attacks, man in the middle attacks, and information disclosure.
8. AbiWord RTF File Processing Buffer Overflow Vulnerability BugTraq ID: 14971
Remote: Yes
Date Published: 2005-09-29
Relevant URL: http://www.securityfocus.com/bid/14971
Summary:
AbiWord is susceptible to a buffer overflow vulnerability. This issue is due to
a failure of the application to properly bounds check user-supplied data prior
to copying it to an insufficiently sized memory buffer while importing RTF
files.
This issue likely allows attackers to execute arbitrary machine code in the
context of the user running the affected application.
9. NateOn Messenger Arbitrary File Download And Buffer Overflow Vulnerabilities
BugTraq ID: 14974
Remote: Yes
Date Published: 2005-09-29
Relevant URL: http://www.securityfocus.com/bid/14974
Summary:
NateOn Messenger is susceptible to an arbitrary file download vulnerability,
and a buffer overflow vulnerability. These issues are present in the
'NateonDownloadManager.ocx' ActiveX control that is installed with the
application.
An attacker would exploit these issues by creating malicious HTML containing
script code that accesses the vulnerable ActiveX controls. This issue allows
remote attackers to fetch arbitrary remote files and save them on the local
machine.
The buffer overflow vulnerability allows remote attackers to execute arbitrary
machine code in the context of the user running the affected software,
facilitating remote system compromise.
Attackers may utilize these vulnerabilities in conjunction with each other in
order to transfer malicious code to targeted users, and then execute it.
10. NTLM Authorization Proxy Server Insecure Configuration File Permissions
Vulnerability
BugTraq ID: 14979
Remote: No
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14979
Summary:
NTLM Authorization Proxy Server (ntlmaps) is prone to a vulnerability regarding
insecure permissions on the configuration file. This issue is due to a
configuration error in the post-installation script.
A local attacker can exploit this vulnerability to retrieve the username and
password to the Microsoft Windows NT system that ntlmaps connects to.
11. Blender Command Line Processing Buffer Overflow Vulnerability BugTraq ID:
14983
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14983
Summary:
Blender is susceptible to a buffer overflow vulnerability. This issue is due to
a failure of the application to properly bounds check user-supplied data prior
to copying it to an insufficiently sized memory buffer while handling command
line arguments.
This issue likely allows attackers to execute arbitrary machine code in the
context of the user running the affected application.
This issue is reported in version 2.37a of Blender; other versions may also be
affected.
12. EasyGuppy Printfaq.PHP Directory Traversal Vulnerability
BugTraq ID: 14984
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14984
Summary:
EasyGuppy is prone to a directory traversal vulnerability.
The application fails to properly sanitize input supplied through HTTP POST
requests or cookies.
Exploitation of this vulnerability could lead to a loss of confidentiality as
arbitrary files are disclosed to an attacker.
13. Citrix MetaFrame Presentation Server Security Policy Bypass Vulnerability
BugTraq ID: 14989
Remote: Yes
Date Published: 2005-09-30
Relevant URL: http://www.securityfocus.com/bid/14989
Summary:
Citrix MetaFrame Presentation Server is susceptible to a server policy bypass
vulnerability. This issue is due to the application utilizing and trusting
client-supplied data in policy decisions.
Attackers may bypass security policies by changing the contents of 'launch.ica'
files.
This allows attackers to bypass administratively defined security policies,
potentially aiding them in further attacks.
14. Bugzilla config.cgi Information Disclosure Vulnerability
BugTraq ID: 14995
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14995
Summary:
Bugzilla is prone to an information disclosure issue exposed through
config.cgi. This may allow an unauthorized user to access product names that
are supposed to be confidential.
Bugzilla versions 2.18rc1 to 2.18.3, 2.19 to 2.20rc2, and 2.21 are affected.
15. Bugzilla User-Matching Information Disclosure Vulnerability
BugTraq ID: 14996
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14996
Summary:
Bugzilla is prone to an information disclosure vulnerability when user-matching
is turned on. This could allow an attacker to enumerate usernames on the
system.
Bugzilla 2.19.1 to 2.20rc2 and 2.21 are prone to this vulnerability.
16. MailEnable W3C Logging Buffer Overflow Vulnerability
BugTraq ID: 15006
Remote: Yes
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15006
Summary:
MailEnable is prone to a buffer overflow vulnerability.
This issue arises when the application processes W3C logging and may allow an
attacker to execute arbitrary code on a vulnerable computer with SYSTEM
privileges.
MailEnable Professional version 1.6 and prior and MailEnable Enterprise version
1.1 and prior are affected.
17. Microsoft Windows Wireless Zero Configuration Service Information
Disclosure Vulnerability
BugTraq ID: 15008
Remote: Unknown
Date Published: 2005-10-04
Relevant URL: http://www.securityfocus.com/bid/15008
Summary:
WZCSVC is affected by an information disclosure vulnerability.
Reportedly, the Pairwise Master Key (PMK) of the Wi-Fi Protected Access (WPA)
preshared key authentication and the WEP keys of the interface may be obtained
by a local unauthorized attacker.
A successful attack can allow an attacker to obtain the keys and subsequently
gain unauthorized access to a device. This attack would likely present itself
in a multi-user environment with restricted or temporary wireless access such
as an Internet cafe, where an attacker could return at a later time and gain
unauthorized access.
Microsoft Windows XP SP2 was reported to be vulnerable, however, it is possible
that other versions are affected as well.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Remote.exe from "Support tools" on Win 2003 CD
http://www.securityfocus.com/archive/88/412369
2. windows secure copy
http://www.securityfocus.com/archive/88/412368
3. SecurityFocus Microsoft Newsletter #258
http://www.securityfocus.com/archive/88/412002
4. Office 2003 SP2?
http://www.securityfocus.com/archive/88/412003
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Ansgar -59cobalt- Wiechers: "Re: windows secure copy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
