SecurityFocus Microsoft Newsletter #310



SecurityFocus Microsoft Newsletter #310
----------------------------------------

This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000CbYU

------------------------------------------------------------------
I. FRONT AND CENTER
1. Liar, Liar, and pretexting
2. Beginner's guide to wireless auditing
II. MICROSOFT VULNERABILITY SUMMARY
1. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
2. CPanel Unspecified Remote Privilege Escalation Vulnerability
3. Apple QuickTime Plug-In Arbitrary Script Execution Weakness
4. ProSysInfo TFTPDWIN Remote Buffer Overflow Vulnerability
5. RSSReader RSS Feeds Atom Feed Multiple HTML Injection Vulnerabilities
6. SharpReader Atom Feed Script HTML Injection Vulnerability
7. Ipswitch WS_FTP PASV Response Remote Buffer Overflow Vulnerability
8. NewsGator FeedDemon Active Script Code-Execution Vulnerability
9. Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability
10. MailEnable SMTP SPF Remote Denial of Service Vulnerability
11. Retired: Microsoft PowerPoint Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #309
2. Microsoft Security Clamp
3. Storing Images in SQL Server (2005)
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Liar, Liar, and pretexting
By Mark Rasch
Mark Rasch details the legality of pretexting by putting it in context with how it used, comparing it with legal forms of lying, and by looking at previous court cases involving pretexting in the United States. Hewlett Packard's use of pretexting also brings up potential charges of criminal fraud, violations of consumer protection laws, issues of deception, and the use of spyware. Together these issues make for a very interesting legal situation at HP.
http://www.securityfocus.com/columnists/417

2. Beginner's guide to wireless auditing
By David Maynor
This article is designed as a beginner's guide to fuzzing wireless device drivers, starting with how to build an auditing environment, how to construct fuzzing tools and finally, how to interpret the results. This auditing environment can be used for WiFi as well as Bluetooth and infrared devices.
http://www.securityfocus.com/infocus/1877


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Date Published: 2006-09-26
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is susceptible to a remote denial-of-service vulnerability. This issue is due to a failure of the application to properly handle incoming duplicate blocks.

This issue may be exploited by remote attackers to consume excessive CPU resources, potentially denying service to legitimate users.

This issue only occurs when OpenSSH is configured to accept SSH version one traffic.

2. CPanel Unspecified Remote Privilege Escalation Vulnerability
BugTraq ID: 20163
Remote: Yes
Date Published: 2006-09-24
Relevant URL: http://www.securityfocus.com/bid/20163
Summary:
cPanel is prone to an unspecified remote privilege-escalation vulnerability.

A remote attacker can exploit this issue to gain administrative access to the affected application. This may lead to other attacks.

3. Apple QuickTime Plug-In Arbitrary Script Execution Weakness
BugTraq ID: 20138
Remote: Yes
Date Published: 2006-09-21
Relevant URL: http://www.securityfocus.com/bid/20138
Summary:
Apple QuickTime Plug-In is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (.qtl).

An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Although this weakness doesn't pose any direct security threat by itself, an attacker may use it to aid in further attacks.

Version 7.1.3 is vulnerable; other versions may also be affected.

4. ProSysInfo TFTPDWIN Remote Buffer Overflow Vulnerability
BugTraq ID: 20131
Remote: Yes
Date Published: 2006-09-21
Relevant URL: http://www.securityfocus.com/bid/20131
Summary:
TFTPDWIN server is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary code in the context of the TFTP server process.

Version 0.4.2 of the affected software is vulnerable; other versions may be affected as well.

5. RSSReader RSS Feeds Atom Feed Multiple HTML Injection Vulnerabilities
BugTraq ID: 20129
Remote: Yes
Date Published: 2006-09-20
Relevant URL: http://www.securityfocus.com/bid/20129
Summary:
RSSReader is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

6. SharpReader Atom Feed Script HTML Injection Vulnerability
BugTraq ID: 20128
Remote: Yes
Date Published: 2006-09-20
Relevant URL: http://www.securityfocus.com/bid/20128
Summary:
SharpReader is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the My Computer folder, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

7. Ipswitch WS_FTP PASV Response Remote Buffer Overflow Vulnerability
BugTraq ID: 20121
Remote: Yes
Date Published: 2006-09-20
Relevant URL: http://www.securityfocus.com/bid/20121
Summary:
A remote buffer-overflow vulnerability is reported in the Ipswitch WS_FTP client. This issue occurs because the application fails to properly validate the length of user-supplied strings prior to copying them into finite process buffers. An attacker may exploit this issue to cause the affected client to crash. Execution of arbitrary code in the context of the FTP client process may also be possible.

Version 5.08 of the affected software is vulnerable; other versions may be affected as well.

8. NewsGator FeedDemon Active Script Code-Execution Vulnerability
BugTraq ID: 20114
Remote: Yes
Date Published: 2006-09-19
Relevant URL: http://www.securityfocus.com/bid/20114
Summary:
NewsGator FeedDemon is prone to an active script code-execution vulnerability because it fails to sufficiently sanitize Atom feed data prior to rendering the feed.

Successful exploits may result in active scripting content being executed in the context of the application. Note that the application uses the 'Internet Zone' to render the remote HTML content, lessening the impact of this issue.

9. Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability
BugTraq ID: 20096
Remote: Yes
Date Published: 2006-09-19
Relevant URL: http://www.securityfocus.com/bid/20096
Summary:
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability. The vulnerability arises because of an error in the processing of Vector Markup Language documents.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. The method currently used to exploit this issue will typically terminate Internet Explorer.

This vulnerability is currently being exploited in the wild as 'Trojan.Vimalov'.

This vulnerability affects Internet Explorer version 6.0 on a fully patched system. Previous versions may also be affected.

Update: Microsoft Outlook 2003 is also an attack vector for this issue, since it uses Internet Explorer to render HTML email. Reportedly, attacks are possible even when active scripting has been disabled for email viewing.

10. MailEnable SMTP SPF Remote Denial of Service Vulnerability
BugTraq ID: 20091
Remote: Yes
Date Published: 2006-09-18
Relevant URL: http://www.securityfocus.com/bid/20091
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.

This issue allows remote attackers to crash the application, denying further service to legitimate users.

11. Retired: Microsoft PowerPoint Remote Code Execution Vulnerability
BugTraq ID: 20059
Remote: Yes
Date Published: 2006-09-16
Relevant URL: http://www.securityfocus.com/bid/20059
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.

This issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint document to a user. This issue is being actively exploited in the wild as Trojan.PPDropper.E.

This issue is a duplicate of that discussed in BID 17000 (Microsoft Office Routing Slip Processing Remote Buffer Overflow Vulnerability) and is therefore being retired.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #309
http://www.securityfocus.com/archive/88/446468

2. Microsoft Security Clamp
http://www.securityfocus.com/archive/88/446467

3. Storing Images in SQL Server (2005)
http://www.securityfocus.com/archive/88/446413

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000CbYU



---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • SecurityFocus Microsoft Newsletter #131
    ... MICROSOFT VULNERABILITY SUMMARY ... Advanced Poll Remote Information Disclosure Vulnerability ... PHPNuke News Module Article.PHP SQL Injection Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter
    ... MICROSOFT VULNERABILITY SUMMARY ... EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities ... SmarterTools SmarterMail Subject Field HTML Injection Vulnerability ... An attacker can exploit these issues to crash the affected application, ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #211
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Kernel Local Denial of Service Vulnerabili... ... OCPortal Content Management System Remote File Include Vulne... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #229
    ... Windows NTFS Alternate Data Streams ... MICROSOFT VULNERABILITY SUMMARY ... VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab... ... AWStats Debug Remote Information Disclosure Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #237
    ... MICROSOFT VULNERABILITY SUMMARY ... JPortal Banner.PHP SQL Injection Vulnerability ... Microsoft Windows Kernel Object Management Denial Of Service... ... Microsoft Windows Message Queuing Remote Buffer Overflow Vul... ...
    (Focus-Microsoft)