SecurityFocus Microsoft Newsletter #415




SecurityFocus Microsoft Newsletter #415
----------------------------------------

This issue is Sponsored by IBM® Rational® AppScan

Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities. Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Vice of Vice Presidential E-Mail
2.Blaming the Good Samaritan
II. MICROSOFT VULNERABILITY SUMMARY
1. Drupal Multiple Modules Security Bypass Vulnerabilities
2. Cisco Unity 7.0 Multiple Remote Vulnerabilities
3. Cisco Unity Remote Administration Authentication Bypass Vulnerability
4. Avaya one-X Desktop Edition SIP Remote Denial Of Service Vulnerability
5. Microsoft PicturePusher 'PipPPush.dll' ActiveX Control Arbitrary File Download Vulnerability
6. Mozilla Firefox Internet Shortcut Same Origin Policy Violation Vulnerability
7. Internet Download Manager File Parsing Buffer Overflow Vulnerability
8. MetaGauge Web Server Directory Traversal Vulnerability
9. AyeView GIF Image Handling Denial of Service Vulnerability
10. Microsoft Windows Vista Local Denial Of Service Vulnerability
11. Serv-U FTP Server 'rnto' Command Directory Traversal Vulnerability
12. Vba32 Personal Antivirus Archive Parsing Denial of Service Vulnerability
13. RhinoSoft Serv-U FTP Server 'sto con:1' Denial of Service Vulnerability
14. mIRC 'PRIVMSG' Buffer Overflow Vulnerability
15. ESET SysInspector 'esiadrv.sys' Local Privilege Escalation Vulnerability
16. Wireshark Packet Capture File Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #414
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Vice of Vice Presidential E-Mail
By Mark Rasch
Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
http://www.securityfocus.com/columnists/482

2.Blaming the Good Samaritan
By Houston Carr
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/481


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Drupal Multiple Modules Security Bypass Vulnerabilities
BugTraq ID: 31660
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31660
Summary:
Multiple Drupal Modules are prone to security-bypass vulnerabilities that may allow attackers to gain access to administrative or sensitive areas of the application without the appropriate privileges

This issue affects version prior to the following packages:

- Live module 6.x before version 6.x-1.0
- AJAX Picture Preview module 6.x before version 6.x-1.2
- Admin:hover module 6.x-1.x-dev before 2008-Oct-08
- Banner Rotor Module before version 6.x-1.3
- Creative Commons Lite module 6.x before version 6.x-1.1
- Keyboard shortcut utilty module 6.x before version 6.x-1.1
- LiveJournal CrossPoster module 6.x before version 6.x-1.4
- Taxonomy import/export via XML module 6.x before version 6.x-1.2
- User Referral module 6.x-1.x-dev before 2008-Oct-08

2. Cisco Unity 7.0 Multiple Remote Vulnerabilities
BugTraq ID: 31642
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31642
Summary:
Cisco Unity is prone to multiple remote vulnerabilities, including:

- An information-disclosure vulnerability in the web interface
- A denial-of-service vulnerability in the administration interface
- A script-injection vulnerability in the web interface
- Multiple denial-of-service vulnerabilities in unspecified services

These issues are reported in Cisco Unity 7.0; other versions may also be affected.

3. Cisco Unity Remote Administration Authentication Bypass Vulnerability
BugTraq ID: 31638
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31638
Summary:
Cisco Unity is prone to an authentication-bypass vulnerability.

Exploiting this issue can allow remote attackers to gain unauthorized administrative privileges. This issue is being tracked by Cisco Bug ID CSCsr86943.

Versions prior to the following are vulnerable:

Cisco Unity 4.0 ES161 for the 4.x release
Cisco Unity 5.0 ES53 for the 5.x release
Cisco Unity 7.0 ES8 for the 7.x release

4. Avaya one-X Desktop Edition SIP Remote Denial Of Service Vulnerability
BugTraq ID: 31636
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31636
Summary:
Avaya one-X Desktop Edition phone is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Avaya one-X Desktop Edition 2.1 is vulnerable; other versions may also be affected.

5. Microsoft PicturePusher 'PipPPush.dll' ActiveX Control Arbitrary File Download Vulnerability
BugTraq ID: 31632
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31632
Summary:
Microsoft PicturePusher ActiveX control in 'PipPPush.dll' is prone to a vulnerability that lets attackers download arbitrary files.

Attackers may exploit this issue by enticing victims into visiting a maliciously crafted webpage.

Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer.

The affected ActiveX control may be a component of Microsoft Digital Image 2006 Starter Edition.

'PipPPush.dll' 7.00.0709 is vulnerable; other versions may also be affected.

6. Mozilla Firefox Internet Shortcut Same Origin Policy Violation Vulnerability
BugTraq ID: 31611
Remote: Yes
Date Published: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31611
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling internet shortcut files.

An attacker may create a malicious webpage that can access the properties of another domain. This may allow the attacker to obtain sensitive information or launch other attacks against a user of the browser.

Firefox 3.0.1 through 3.0.3 for Microsoft Windows are vulnerable; other versions may also be affected.

7. Internet Download Manager File Parsing Buffer Overflow Vulnerability
BugTraq ID: 31603
Remote: Yes
Date Published: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31603
Summary:
Internet Download Manager (IDM) is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This vulnerability may be related to the issue described in BID 14159 (Internet Download Manager Buffer Overflow Vulnerability), but this has not been confirmed.

We don't know which versions of IDM are affected. We will update this BID when more information emerges.

8. MetaGauge Web Server Directory Traversal Vulnerability
BugTraq ID: 31596
Remote: Yes
Date Published: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31596
Summary:
MetaGauge is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Versions prior to MetaGauge 1.0.3.38 are vulnerable.

9. AyeView GIF Image Handling Denial of Service Vulnerability
BugTraq ID: 31572
Remote: Yes
Date Published: 2008-10-04
Relevant URL: http://www.securityfocus.com/bid/31572
Summary:
AyeView is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected application, resulting in denial-of-service conditions.

AyeView 2.20 is vulnerable; other versions may also be affected.

10. Microsoft Windows Vista Local Denial Of Service Vulnerability
BugTraq ID: 31570
Remote: No
Date Published: 2008-10-05
Relevant URL: http://www.securityfocus.com/bid/31570
Summary:
Microsoft Windows Vista is prone to a local denial-of-service vulnerability.

Attackers may exploit this issue to deny further service to legitimate users.

This issue affects Windows Vista Home Premium and Ultimate editions; other versions may be affected as well.

11. Serv-U FTP Server 'rnto' Command Directory Traversal Vulnerability
BugTraq ID: 31563
Remote: Yes
Date Published: 2008-10-03
Relevant URL: http://www.securityfocus.com/bid/31563
Summary:
Serv-U FTP server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

Serv-U FTP server 7.2.0.1 is vulnerable; other versions may also be affected.

12. Vba32 Personal Antivirus Archive Parsing Denial of Service Vulnerability
BugTraq ID: 31560
Remote: Yes
Date Published: 2008-10-03
Relevant URL: http://www.securityfocus.com/bid/31560
Summary:
Vba32 Personal Antivirus is prone to a denial-of-service vulnerability caused by an unspecified memory-corruption error.

Attackers can exploit this issue to cause the application to crash, denying service to legitimate users. This may aid attackers in launching further attacks while the security application is not running.

Versions of Vba32 Personal Antivirus in the 3.12.8 branch are vulnerable; other versions may also be affected.

13. RhinoSoft Serv-U FTP Server 'sto con:1' Denial of Service Vulnerability
BugTraq ID: 31556
Remote: Yes
Date Published: 2008-10-03
Relevant URL: http://www.securityfocus.com/bid/31556
Summary:
Serv-U FTP server is prone to a denial of service vulnerability.

An attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users.

Serv-U FTP server 7.2.0.1 is vulnerable; other versions may also be affected.

14. mIRC 'PRIVMSG' Buffer Overflow Vulnerability
BugTraq ID: 31552
Remote: Yes
Date Published: 2008-10-02
Relevant URL: http://www.securityfocus.com/bid/31552
Summary:
mIRC is prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

mIRC 6.34 is vulnerable; other versions may be affected as well.

15. ESET SysInspector 'esiadrv.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 31521
Remote: No
Date Published: 2008-10-01
Relevant URL: http://www.securityfocus.com/bid/31521
Summary:
ESET SysInspector is prone to a local privilege-escalation vulnerability that occurs in the 'esiadrv.sys' driver.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

ESET SysInspector 1.1.1.0 is vulnerable; other versions may also be affected.

16. Wireshark Packet Capture File Denial of Service Vulnerability
BugTraq ID: 31468
Remote: Yes
Date Published: 2008-09-29
Relevant URL: http://www.securityfocus.com/bid/31468
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause crashes and deny service to legitimate users of the application.

Wireshark 1.0.3 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #414
http://www.securityfocus.com/archive/88/496934

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by IBM® Rational® AppScan

Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities. Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r



Relevant Pages

  • SecurityFocus Microsoft Newsletter #355
    ... MICROSOFT VULNERABILITY SUMMARY ... EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability ... EFS Software Easy Chat Server Authentication Request Handling Remote Denial Of Service Vulnerability ... Successfully exploiting these issues allows attackers with local, interactive access to affected computers to gain SYSTEM-level privileges. ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #441
    ... MICROSOFT VULNERABILITY SUMMARY ... Popcorn POP3 Response Remote Heap Buffer Overflow Vulnerability ... Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability ... Attackers can exploit this issue to cause the graphical interface of the server to stop responding, ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #363
    ... MICROSOFT VULNERABILITY SUMMARY ... EMC RepliStor Server Service recvBuffer Overflow Vulnerability ... World in Conflict GetMagicNumberString Function Remote Denial of Service Vulnerability ... Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the database server, ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #291
    ... MICROSOFT VULNERABILITY SUMMARY ... Caucho Resin Viewfile Information Disclosure Vulnerability ... Raydium Multiple Remote Buffer Overflow and Denial Of Service Vulnerabilities ... Attackers exploiting latent vulnerabilities in services running with these low-privilege accounts may take advantage of this weakness to gain elevated privileges. ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #368
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Office Web Component Memory Access Violation Denial of Service Vulnerability ... Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities ... Attackers can exploit these issues to crash applications that use the ActiveX control, ...
    (Focus-Microsoft)