SecurityFocus Microsoft Newsletter #435




SecurityFocus Microsoft Newsletter #435
----------------------------------------

This issue is sponsored by Sophos

Laws, regulations and compliance: Top tips for keeping your data under your control

http://dinclinx.com/Redirect.aspx?36;4035;35;189;0;5;259;787c0986ab9c445a


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest
for our community. We are proud to offer content from Matasano at this time and will be adding more
in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Contracting For Secure Code
2. Free Market Filtering
II. MICROSOFT VULNERABILITY SUMMARY
1. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
2. RainbowPlayer '.rpl' File Remote Buffer Overflow Vulnerability
3. PostgreSQL Low Cost Function Information Disclosure Vulnerability
4. MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability
5. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
6. RadASM '.rap' Project File Stack-Based Buffer Overflow Vulnerability
7. Nokia Multimedia Player '.npl' File Heap Buffer Overflow Vulnerability
8. mks_vir 'mksmonen.sys' IOCTL Request Local Privilege Escalation Vulnerability
9. Microsoft Windows Kernel Handle Local Privilege Escalation Vulnerability
10. Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability
11. Microsoft Windows SChannel Authentication Spoofing Vulnerability
12. Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability
13. Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability
14. Nullsoft Winamp 'skin.xml' Skin File Buffer Overflow Vulnerability
15. Multiple Vendor libc 'fts.c' Denial of Service Vulnerability
16. FileZilla Server SSL/TLS Unspecified Buffer Overflow Denial Of Service Vulnerability
17. Microsoft March 2009 Advance Notification Multiple Vulnerabilities
18. Microsoft Windows DNS Server WPAD Access Validation Vulnerability
19. Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability
20. Microsoft Windows DNS Server Response Caching DNS Spoofing Vulnerability
21. Easy File Sharing Web Server 'thumbnail.php' File Disclosure Vulnerability
22. EFS Software Easy Chat Server 'registresult.htm' Authentication Bypass Vulnerability
23. VUPlayer '.CUE' File Buffer Overflow Vulnerability
24. Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. SQL Server stored procedure encryption
2. SecurityFocus Microsoft Newsletter #434
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Contracting For Secure Code
By Chris Wysopal
Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask
Kaspersky Lab.
http://www.securityfocus.com/columnists/494

2. Free Market Filtering
By Mark Rasch
The Australian government is considering requiring that Internet service providers in that country
install filters which would prevent citizens from accessing tens of thousands of sites that contain
"objectionable" material.
http://www.securityfocus.com/columnists/493


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
BugTraq ID: 34090
Remote: Yes
Date Published: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34090
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to terminate connections to the PostgreSQL server, denying
service to legitimate users.

2. RainbowPlayer '.rpl' File Remote Buffer Overflow Vulnerability
BugTraq ID: 34072
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34072
Summary:
RainbowPlayer is prone to a remote buffer-overflow vulnerability because the application fails to
perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

RainbowPlayer 0.91 is vulnerable; other versions may also be affected.

3. PostgreSQL Low Cost Function Information Disclosure Vulnerability
BugTraq ID: 34069
Remote: No
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34069
Summary:
PostgreSQL is prone to an information-disclosure vulnerability.

Local attackers can exploit this issue to gain access to sensitive information. Information obtained
may lead to further attacks.

PostgreSQL 8.3.6 is vulnerable; other versions may also be affected.

4. MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34051
Remote: Yes
Date Published: 2009-03-09
Relevant URL: http://www.securityfocus.com/bid/34051
Summary:
MediaCoder is prone to a remote stack-based buffer-overflow vulnerability because the application
fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

MediaCoder 6.2.4275 is vulnerable; other versions may also be affected.

5. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
BugTraq ID: 34044
Remote: Yes
Date Published: 2009-03-09
Relevant URL: http://www.securityfocus.com/bid/34044
Summary:
eZip Wizard is prone to a remote stack-based buffer-overflow vulnerability because the application
fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running
the affected application. Failed exploit attempts will result in a denial-of-service condition.

eZip Wizard 3.0 is vulnerable; other versions may also be affected.

6. RadASM '.rap' Project File Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 34042
Remote: Yes
Date Published: 2009-03-09
Relevant URL: http://www.securityfocus.com/bid/34042
Summary:
RadASM is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate
checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

RadASM 2.2.1.5 is vulnerable; other versions may also be affected.

7. Nokia Multimedia Player '.npl' File Heap Buffer Overflow Vulnerability
BugTraq ID: 34041
Remote: Yes
Date Published: 2009-03-09
Relevant URL: http://www.securityfocus.com/bid/34041
Summary:
Nokia Multimedia Player is prone to a heap-based buffer-overflow vulnerability because it fails to
perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the
context of the application. Failed exploit attempts will cause denial-of-service conditions.

Nokia Multimedia Player 1.0 is vulnerable; other versions may also be affected.

8. mks_vir 'mksmonen.sys' IOCTL Request Local Privilege Escalation Vulnerability
BugTraq ID: 34039
Remote: No
Date Published: 2009-03-09
Relevant URL: http://www.securityfocus.com/bid/34039
Summary:
The 'mks_vir' program is prone a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with elevated privileges; this may aid
in further attacks.

Versions prior to mks_vir 9 Beta 1.2.0.0 build 297 are vulnerable.

9. Microsoft Windows Kernel Handle Local Privilege Escalation Vulnerability
BugTraq ID: 34027
Remote: No
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34027
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.

10. Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability
BugTraq ID: 34025
Remote: No
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34025
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.

11. Microsoft Windows SChannel Authentication Spoofing Vulnerability
BugTraq ID: 34015
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34015
Summary:
Microsoft Windows SChannel is prone to an authentication-spoofing vulnerability because it fails to
properly validate certain client-server certificate exchanges.

Successful exploits will allow attackers to authenticate to trusted servers by spoofing a legitimate
user's credentials. This may aid in further attacks.

12. Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability
BugTraq ID: 34013
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34013
Summary:
The Microsoft Windows WINS Server is prone to an access-validation vulnerability because the
software fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) and
ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) entries.

An authenticated attacker may exploit this issue to create a WPAD or ISATAP WINS entry. This may aid
in man-in-the-middle and spoofing attacks. Other attacks are also possible.

13. Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability
BugTraq ID: 34012
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34012
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious EMF or WMF
image file.

Successfully exploiting this issue will allow attackers to execute arbitrary code with kernel-level
privileges, completely compromising affected computers. Failed exploit attempts will result in a
denial-of-service condition.

14. Nullsoft Winamp 'skin.xml' Skin File Buffer Overflow Vulnerability
BugTraq ID: 34009
Remote: Yes
Date Published: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/34009
Summary:
Nullsoft Winamp is prone to a buffer-overflow vulnerability because the application fails to perform
adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Note that this issue may be related to BID 5832 (Nullsoft Winamp 3 Skin File Buffer Overflow
Vulnerability).

Versions prior to Winamp 5.55 are vulnerable.

15. Multiple Vendor libc 'fts.c' Denial of Service Vulnerability
BugTraq ID: 34008
Remote: No
Date Published: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/34008
Summary:
Multiple libc libraries are prone to a denial-of-service vulnerability caused by an error when
handling deeply nested directory structures.

An attacker can exploit this issue to cause applications using vulnerable libraries to crash with a
segmentation fault, denying service to legitimate users.

The following are reported vulnerable:

OpenBSD 4.4
Microsoft Interix 6.0 10.0.6030.0
Microsoft Vista Enterprise

Other libraries may also be affected.

16. FileZilla Server SSL/TLS Unspecified Buffer Overflow Denial Of Service Vulnerability
BugTraq ID: 34006
Remote: Yes
Date Published: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/34006
Summary:
FileZilla Server is prone to a denial-of-service vulnerability because it fails to adequately
validate data before copying it into an insufficiently sized buffer.

Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this
issue, remote code execution may also be possible, but this has not been confirmed.

Versions prior to FileZilla Server 0.9.31 are vulnerable.

17. Microsoft March 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 34005
Remote: Yes
Date Published: 2009-03-05
Relevant URL: http://www.securityfocus.com/bid/34005
Summary:
Microsoft has released advance notification that the vendor will be releasing three security
bulletins on March 10, 2009. The highest severity rating for these issues is 'Critical'.

These issues affect Windows.

Successfully exploiting these issues may allow remote or local attackers to compromise affected
computers.

Individual records will be created to better document these issues when the bulletins are released.

18. Microsoft Windows DNS Server WPAD Access Validation Vulnerability
BugTraq ID: 33989
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33989
Summary:
The Microsoft Windows DNS Server is prone to an access-validation vulnerability because the software
fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) entries.

An authenticated attacker may exploit this issue to create a WPAD DNS entry. This may aid in
man-in-the-middle and spoofing attacks. Other attacks are also possible.

19. Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability
BugTraq ID: 33988
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33988
Summary:
The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails
to cache responses to specially crafted DNS queries.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to
redirect network traffic and to launch man-in-the-middle attacks.

20. Microsoft Windows DNS Server Response Caching DNS Spoofing Vulnerability
BugTraq ID: 33982
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33982
Summary:
The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails
to properly reuse cached responses.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to
redirect network traffic and to launch man-in-the-middle attacks.

21. Easy File Sharing Web Server 'thumbnail.php' File Disclosure Vulnerability
BugTraq ID: 33973
Remote: Yes
Date Published: 2009-03-04
Relevant URL: http://www.securityfocus.com/bid/33973
Summary:
Easy File Sharing Web Server is prone to a vulnerability that lets attackers obtain potentially
sensitive information because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files with the privileges of the webserver
process. Information obtained may aid in further attacks.

Easy File Sharing Web Server 4.8 is vulnerable; other versions may also be affected.

22. EFS Software Easy Chat Server 'registresult.htm' Authentication Bypass Vulnerability
BugTraq ID: 33967
Remote: Yes
Date Published: 2009-03-03
Relevant URL: http://www.securityfocus.com/bid/33967
Summary:
EFS Software Easy Chat Server is prone to an authentication-bypass vulnerability because it fails to
perform adequate authentication checks.

Attackers can exploit this vulnerability to gain unauthorized access to the affected application,
which may aid in further attacks.

Easy Chat Server 2.2 is vulnerable; other versions may also be affected.

23. VUPlayer '.CUE' File Buffer Overflow Vulnerability
BugTraq ID: 33960
Remote: Yes
Date Published: 2009-03-02
Relevant URL: http://www.securityfocus.com/bid/33960
Summary:
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to perform
adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

VUPlayer 2.49 is vulnerable; other versions may also be affected.

24. Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities
BugTraq ID: 33958
Remote: Yes
Date Published: 2009-03-02
Relevant URL: http://www.securityfocus.com/bid/33958
Summary:
Media Commands is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to
perform adequate boundary checks on user-supplied input.

Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the
context of the application. Failed exploit attempts will cause denial-of-service conditions.

Media Commands 1.0 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SQL Server stored procedure encryption
http://www.securityfocus.com/archive/88/501582

2. SecurityFocus Microsoft Newsletter #434
http://www.securityfocus.com/archive/88/501511

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sophos

Laws, regulations and compliance: Top tips for keeping your data under your control

http://dinclinx.com/Redirect.aspx?36;4035;35;189;0;5;259;787c0986ab9c445a