SecurityFocus Microsoft Newsletter #263

From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 11/02/05

  • Next message: abhardwaj_at_in.safenet-inc.com: "Setup MD5 Checksum for FTP downloads on Win2000 Server OS"
    Date: Wed, 2 Nov 2005 08:02:36 -0700 (MST)
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #263
    ----------------------------------------

    Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
    is a free service that gives you the ability to track and manage attacks.
    Analyzer automatically correlates attacks from various Firewall and network
    based Intrusion Detection Systems, giving you a comprehensive view of your
    computer or general network. Sign up today!

    http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

    ------------------------------------------------------------------
    I. FRONT AND CENTER
           1. Balancing surveillance
    II. MICROSOFT VULNERABILITY SUMMARY
           1. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
           2. phpBB Avatar Upload HTML Injection Vulnerability
           3. Skype Technologies Skype Networking Routine Heap Overflow
    Vulnerability
           4. Belchior Foundry VCard Remote File Include Vulnerability
           5. Microsoft Internet Explorer Java Applet Denial of Service
    Vulnerability
           6. Jed Wing CHM Lib Stack Buffer Overflow Vulnerability
           7. Jed Wing CHM Lib _chm_find_in_PMGL Stack Buffer Overflow Vulnerability
           8. Invision Gallery Index.PHP SQL Injection Vulnerability
           9. PHP PHPInfo Cross-Site Scripting Vulnerability
    III. MICROSOFT FOCUS LIST SUMMARY
           1. Invitation to Join the Collaborative Endpoint Security Project,
    sponsored by Core Security Technologies
           2. New List - Beta-Announce
           3. SecurityFocus Microsoft Newsletter #262
    IV. UNSUBSCRIBE INSTRUCTIONS
    V. SPONSOR INFORMATION

    I. FRONT AND CENTER
    ---------------------
    1. Balancing surveillance
    By Scott Granneman
    With camera and network surveillance now commonplace, and database abuse
    continuing to appear, how do we balance the positive side of security along
    with its potential for abuse?
    http://www.securityfocus.com/columnists/366

    II. MICROSOFT VULNERABILITY SUMMARY
    ------------------------------------
    1. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
    BugTraq ID: 15169
    Remote: Yes
    Date Published: 2005-10-22
    Relevant URL: http://www.securityfocus.com/bid/15169
    Summary:
    phpMyAdmin is prone to a local file include vulnerability.

    An attacker may leverage this issue to execute arbitrary server-side script
    code that resides on an affected computer with the privileges of the Web server
    process. This may potentially facilitate unauthorized access.
    phpMyAdmin 2.6.4-pl2 and earlier versions are reported to be vulnerable.

    2. phpBB Avatar Upload HTML Injection Vulnerability
    BugTraq ID: 15170
    Remote: Yes
    Date Published: 2005-10-22
    Relevant URL: http://www.securityfocus.com/bid/15170
    Summary:
    phpBB is prone to an HTML injection vulnerability. This is due to a lack of
    proper sanitization of user-supplied input before using it in dynamically
    generated content.
    Attacker-supplied HTML and script code would be executed in the context of the
    affected Web site, potentially allowing for theft of cookie-based
    authentication credentials. An attacker could also exploit this issue to
    control how the site is rendered to the user; other attacks are also possible.

    This issue is only present when using the Microsoft Internet Explorer Web
    browser.

    3. Skype Technologies Skype Networking Routine Heap Overflow Vulnerability
    BugTraq ID: 15192
    Remote: Yes
    Date Published: 2005-10-25
    Relevant URL: http://www.securityfocus.com/bid/15192
    Summary:
    Skype is prone to a heap overflow vulnerability in its networking routines.
    Successful exploitation could result in a denial of service and remote machine
    code execution in the context of the affected application.

    The vendor reports that this vulnerability has not been reproduced to execute
    arbitrary code, but the reporter of this issue states that they have
    successfully created proof of concept exploits against the Microsoft Windows
    and Linux client applications.

    This issue affects Skype for Windows 1.4.*.83 and earlier, Skype for Mac OS X
    1.3.*.16 and earlier, Skype for Linux 1.2.*.17 and earlier, and Skype for
    Pocket PC 1.1.*.6 and earlier.

    4. Belchior Foundry VCard Remote File Include Vulnerability
    BugTraq ID: 15207
    Remote: Yes
    Date Published: 2005-10-26
    Relevant URL: http://www.securityfocus.com/bid/15207
    Summary:
    vCard is prone to a remote file include vulnerability. This issue is due to a
    failure in the application to properly sanitize user-supplied input.

    An attacker can exploit this issue to execute arbitrary remote PHP code on an
    affected computer with the privileges of the Web server process. This may
    facilitate unauthorized access.

    5. Microsoft Internet Explorer Java Applet Denial of Service Vulnerability
    BugTraq ID: 15208
    Remote: Yes
    Date Published: 2005-10-26
    Relevant URL: http://www.securityfocus.com/bid/15208
    Summary:
    Microsoft Internet Explorer is affected by a denial of service vulnerability.
    This issue arises because the application fails to handle exceptional
    conditions in a proper manner. This issue only presents itself when the J2SE
    Java runtime environment is installed.

    An attacker may exploit this issue by enticing a user to visit a malicious site
    resulting in a denial of service condition in the application.
    Microsoft Internet Explorer 6 SP2 is affected by this issue.

    6. Jed Wing CHM Lib Stack Buffer Overflow Vulnerability
    BugTraq ID: 15211
    Remote: Yes
    Date Published: 2005-10-26
    Relevant URL: http://www.securityfocus.com/bid/15211
    Summary:
    CHM lib is susceptible to a buffer overflow vulnerability. This issue is due to
    a failure of the library to properly bounds check input data prior to copying
    it into an insufficiently sized memory buffer.

    This issue allows attackers to execute arbitrary machine code in the context of
    the application that utilizes the CHM lib library.

    This issue is present in versions 0.36 and prior of the library.

    7. Jed Wing CHM Lib _chm_find_in_PMGL Stack Buffer Overflow Vulnerability
    BugTraq ID: 15234
    Remote: Yes
    Date Published: 2005-10-28
    Relevant URL: http://www.securityfocus.com/bid/15234
    Summary:
    CHM lib is susceptible to a buffer overflow vulnerability. This issue is due to
    a failure of the library to properly bounds check input data prior to copying
    it into an insufficiently sized memory buffer.

    This issue allows attackers to execute arbitrary machine code in the context of
    the application that utilizes the CHM lib library.

    This issue is present in versions 0.35; other versions may also be affected.

    8. Invision Gallery Index.PHP SQL Injection Vulnerability
    BugTraq ID: 15240
    Remote: Yes
    Date Published: 2005-10-31
    Relevant URL: http://www.securityfocus.com/bid/15240
    Summary:
    Invision Gallery is prone to an SQL injection vulnerability. This issue is due
    to a failure in the application to properly sanitize user-supplied input before
    using it in an SQL query.

    Successful exploitation could result in a compromise of the application,
    disclosure or modification of data, or may permit an attacker to exploit
    vulnerabilities in the underlying database implementation.

    9. PHP PHPInfo Cross-Site Scripting Vulnerability
    BugTraq ID: 15248
    Remote: Yes
    Date Published: 2005-10-31
    Relevant URL: http://www.securityfocus.com/bid/15248
    Summary:
    PHP is prone to a cross-site scripting vulnerability. This issue is due to a
    failure in the application to properly sanitize user-supplied input.

    An attacker may leverage this issue to have arbitrary script code executed in
    the browser of an unsuspecting user in the context of the affected site. This
    may facilitate the theft of cookie-based authentication credentials as well as
    other attacks.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. Invitation to Join the Collaborative Endpoint Security Project, sponsored by
    Core Security Technologies
    http://www.securityfocus.com/archive/88/415368

    2. New List - Beta-Announce
    http://www.securityfocus.com/archive/88/414948

    3. SecurityFocus Microsoft Newsletter #262
    http://www.securityfocus.com/archive/88/414828

    IV. UNSUBSCRIBE INSTRUCTIONS
    -----------------------------
    To unsubscribe send an e-mail message to
    ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
    contents of the subject or message body do not matter. You will receive a
    confirmation request message to which you will have to answer. Alternatively
    you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
    the website.

    If your email address has changed email listadmin@securityfocus.com and ask to
    be manually removed.

    V. SPONSOR INFORMATION
    ------------------------
    Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
    is a free service that gives you the ability to track and manage attacks.
    Analyzer automatically correlates attacks from various Firewall and network
    based Intrusion Detection Systems, giving you a comprehensive view of your
    computer or general network. Sign up today!

    http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: abhardwaj_at_in.safenet-inc.com: "Setup MD5 Checksum for FTP downloads on Win2000 Server OS"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #285
      ... SecurityFocus Microsoft Newsletter #285 ... Two attacks against VoIP ... MICROSOFT VULNERABILITY SUMMARY ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #147
      ... Firewalls and IDS will not stop such attacks because LDAP Injections are ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows 2000 RPC DCOM Interface Denial of Service... ... SimpNews PATH_SIMPNEWS Remote File Include Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #371
      ... MICROSOFT VULNERABILITY SUMMARY ... Home/Professional TAR File Handling Unspecified Vulnerability ... Successfully exploiting this issue will allow an attacker to obtain sensitive information that may lead to other attacks. ... Microsoft Windows Media Player is prone to a denial-of-service vulnerability when processing a malformed AIFF file. ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #93
      ... cyber attacks and bulletproof countermeasures to prevent attacks before ... MICROSOFT VULNERABILITY SUMMARY ... YaBB Invalid Topic Error Page Cross Site Scripting Vulnerability ... GameCheats Advanced Web Server Malformed HTTP Request Denial Of... ...
      (Focus-Microsoft)
    • Re: IDS is dead, etc
      ... properly planned and implemented NIDS sensors are not just helpful ... NIDS's within the internal network should be adopted to the ... So why should attacks for known vulnerabilities ... when there is a vulnerability i will know since servers will break down ...
      (Focus-IDS)