SecurityFocus Microsoft Newsletter #262

• Previous message: Derick Anderson: "RE: security policy 'not specified' option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 Oct 2005 07:44:42 -0600 (MDT)
To: Focus-MS <focus-ms@securityfocus.com>

SecurityFocus Microsoft Newsletter #262
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I. FRONT AND CENTER
       1. Collaborative endpoint security, part one
       2. Evolution of Web-based worms
       3. The click-wrap conundrum
II. MICROSOFT VULNERABILITY SUMMARY
       1. RARLAB WinRAR Command Line Processing Buffer Overflow Vulnerability
       2. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service
Vulnerabilities
       3. IBM DB2 Universal Database Multiple Vulnerabilities
       4. Microsoft Windows Unspecified Remote Code Execution Vulnerability
       5. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow
Vulnerability
       6. Symantec Norton Antivirus For Macintosh DiskMountNotify Local
Privilege Escalation Vulnerability
       7. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
       8. phpBB Avatar Upload HTML Injection Vulnerability
       9. Skype Technologies Skype Networking Routine Heap Overflow
Vulnerability
       10. Belchior Foundry VCard Remote File Include Vulnerability
       11. Microsoft Internet Explorer Java Applet Denial of Service
Vulnerability
       12. Jed Wing CHM Lib Stack Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. CFP: The First International Conference on Availability, Reliability
and Security (AReS 2006), 20-22 April, 2006, Vienna, Austria
       2. Change Password
       3. Account Lockout Policy
       4. security policy 'not specified' option
       5. FW: Account Lockout Policy
       6. Account Lockout Policy
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Collaborative endpoint security, part one
By Ivan Arce, Eduardo Arias
Part one of this article introduces endpoint security solution technologies and
proposes a collaborative approach to solving technical challenges that are
commonly faced by the community.
http://www.securityfocus.com/infocus/1849

2. Evolution of Web-based worms
By Daniel Hanson
The Myspace Web worm used a simple vulnerability and XSS to propagate, and it
might be a sign of things to come.
http://www.securityfocus.com/columnists/362

3. The click-wrap conundrum
By Mark Rasch
With the rise of spyware, the fact that you didn't understand what you were
doing by downloading and installing the software doesn't mean you weren't bound
by the End User License Agreement (EULA). However, the FTC argues otherwise.
http://www.securityfocus.com/columnists/365

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. RARLAB WinRAR Command Line Processing Buffer Overflow Vulnerability
BugTraq ID: 15123
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15123
Summary:
A remote, client-side buffer overflow vulnerability has been reported in the
command line processing of RARLAB WinRAR. This issue is due to a failure of the
application to properly validate the length of user-supplied strings prior to
copying them into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.

2. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service
Vulnerabilities
BugTraq ID: 15124
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15124
Summary:
The Opera Web browser is prone to multiple vulnerabilities that may result in a
browser crash. These issues are exposed when the browser attempts to parse
certain malformed HTML content. It is conjectured that this will only result in
a denial of service and is not further exploitable to execute arbitrary code,
though this has not been confirmed.

3. IBM DB2 Universal Database Multiple Vulnerabilities
BugTraq ID: 15126
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15126
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities.

These issues may allow attackers to carry out denial of service attacks and
other unauthorized actions.

These issues affect DB2 versions prior to 8 FixPak 10 also known as version 8.2
FixPak 3.

4. Microsoft Windows Unspecified Remote Code Execution Vulnerability
BugTraq ID: 15130
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15130
Summary:
Microsoft Windows is prone to an unspecified remote code execution
vulnerability.

Reportedly, this vulnerability affects Windows Media Player and Internet
Explorer, allowing a remote attacker to execute arbitrary code and potentially
gain unauthorized access in the context of the user running an affected client.
Due to a lack of information, further details cannot be described at the
moment. This BID will be updated when more information becomes available.

5. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 15131
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15131
Summary:
Snort is susceptible to a remote buffer overflow vulnerability. This issue is
due to a failure of the application to securely copy network-derived data into
sensitive process buffers. The specific issue exists in the Back Orifice
preprocessor.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.

Due to the nature of this issue, attackers may exploit it by sending a single
UDP packet with a potentially spoofed source address to an arbitrary
destination address and port. As long as the application can sniff the packet,
it may be exploited. These aspects of this issue may aid attackers in bypassing
firewalls in order to compromise a wider number of computers.

Reportedly, this issue is difficult to reliably exploit across differing
operating systems and compiler versions. Failed exploit attempts likely result
in crashing the application, thereby disabling detection of other attacks.

Snort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions
may also be affected, but this has not been confirmed.

6. Symantec Norton Antivirus For Macintosh DiskMountNotify Local Privilege
Escalation Vulnerability
BugTraq ID: 15143
Remote: No
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15143
Summary:
Symantec Norton Antivirus for Macintosh is susceptible to a local privilege
escalation vulnerability. This issue is due to a failure of the application to
properly utilize the PATH environment variable in a setuid-superuser binary.

This vulnerability allows local attackers to gain superuser privileges, leading
to complete compromise of the affected computer.

7. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
BugTraq ID: 15169
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15169
Summary:
phpMyAdmin is prone to a local file include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script
code that resides on an affected computer with the privileges of the Web server
process. This may potentially facilitate unauthorized access.
phpMyAdmin 2.6.4-pl2 and earlier versions are reported to be vulnerable.

8. phpBB Avatar Upload HTML Injection Vulnerability
BugTraq ID: 15170
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15170
Summary:
phpBB is prone to an HTML injection vulnerability. This is due to a lack of
proper sanitization of user-supplied input before using it in dynamically
generated content.
Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based
authentication credentials. An attacker could also exploit this issue to
control how the site is rendered to the user; other attacks are also possible.

This issue is only present when using the Microsoft Internet Explorer Web
browser.

9. Skype Technologies Skype Networking Routine Heap Overflow Vulnerability
BugTraq ID: 15192
Remote: Yes
Date Published: 2005-10-25
Relevant URL: http://www.securityfocus.com/bid/15192
Summary:
Skype is prone to a heap overflow vulnerability in its networking routines.
Successful exploitation could result in a denial of service and remote machine
code execution in the context of the affected application.

The vendor reports that this vulnerability has not been reproduced to execute
arbitrary code, but the reporter of this issue states that they have
successfully created proof of concept exploits against the Microsoft Windows
and Linux client applications.

This issue affects Skype for Windows 1.4.*.83 and earlier, Skype for Mac OS X
1.3.*.16 and earlier, Skype for Linux 1.2.*.17 and earlier, and Skype for
Pocket PC 1.1.*.6 and earlier.

10. Belchior Foundry VCard Remote File Include Vulnerability
BugTraq ID: 15207
Remote: Yes
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15207
Summary:
vCard is prone to a remote file include vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary remote PHP code on an
affected computer with the privileges of the Web server process. This may
facilitate unauthorized access.

11. Microsoft Internet Explorer Java Applet Denial of Service Vulnerability
BugTraq ID: 15208
Remote: Yes
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15208
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability.
This issue arises because the application fails to handle exceptional
conditions in a proper manner. This issue only presents itself when the J2SE
Java runtime environment is installed.

An attacker may exploit this issue by enticing a user to visit a malicious site
resulting in a denial of service condition in the application.
Microsoft Internet Explorer 6 SP2 is affected by this issue.

12. Jed Wing CHM Lib Stack Buffer Overflow Vulnerability
BugTraq ID: 15211
Remote: Yes
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15211
Summary:
CHM lib is susceptible to a buffer overflow vulnerability. This issue is due to
a failure of the library to properly bounds check input data prior to copying
it into an insufficiently sized memory buffer.

This issue allows attackers to execute arbitrary machine code in the context of
the application that utilizes the CHM lib library.

This issue is present in versions 0.36 and prior of the library.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. CFP: The First International Conference on Availability, Reliability and
Security (AReS 2006), 20-22 April, 2006, Vienna, Austria
http://www.securityfocus.com/archive/88/414510

2. Change Password
http://www.securityfocus.com/archive/88/414507

3. Account Lockout Policy
http://www.securityfocus.com/archive/88/414529

4. security policy 'not specified' option
http://www.securityfocus.com/archive/88/413995

5. FW: Account Lockout Policy
http://www.securityfocus.com/archive/88/413993

6. Account Lockout Policy
http://www.securityfocus.com/archive/88/413952

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.

If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.

V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Derick Anderson: "RE: security policy 'not specified' option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]