SecurityFocus Microsoft Newsletter #189
----------------------------------------
This Issue is Sponsored By: TruSecure
FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps
organizations better protect critical information assets with unmatched
intelligence and analysis from TruSecure's ICSA Labs and other resources.
Try it today! Sign up for your FREE 14-day trial below!
I. FRONT AND CENTER
1. TCP/IP Skills Required for Security Analysts
2. Automating Windows Patch Mngt: Part III
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Unconfirmed Memory Corruption Vu...
2. Trend Micro OfficeScan Weak Default Permissions Vulnerabilit...
3. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
4. EFFingerD Remote Buffer Overflow Vulnerability
5. Qualcomm Eudora Embedded Hyperlink URI Obfuscation Weakness
6. Microsoft Outlook 2003 Predictable File Location Weakness
7. Microsoft Internet Explorer Embedded Image URI Obfuscation W...
8. Icecast Server Base64 Authorization Request Remote Buffer Ov...
9. PHPShop Remote PHP Script Execution Vulnerability
10. Tutorials Manager Multiple Remote SQL Injection Vulnerabilit...
11. EMule Web Control Panel Denial Of Service Vulnerability
12. Microsoft Internet Explorer XML Parsing Denial Of Service Vu...
13. Microsoft Windows HSC DVD Driver Upgrade Code Execution Vuln...
14. Microsoft Outlook Mail Client E-mail Address Verification We...
15. Multiple Mail Transfer Agent Embedded Hyperlink URI Obfuscat...
16. Microsoft Windows Terminal Server Patch Unspecified Denial O...
17. Sweex Wireless Broadband Router/Access Point Unauthorized Ac...
18. Opera Web Browser Telnet URI handler Arbitrary File Creation...
19. Microsoft Outlook Express URI Obfuscation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Password Management with Services (Thread)
2. Sequential/incremental IPID in Windows IP stack (Thread)
3. Relative Security Provided by Cached Domain Credenti... (Thread)
4. Virus is getting domain account listing (Thread)
5. RKDetect - behaviour based rootkit detection utility (Thread)
6. NT and 2000 account policies administrations (Thread)
7. SecurityFocus Microsoft Newsletter #188 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. SP I-NET
2. East-Tec Eraser 2004
3. secure2trust
4. N-Stealth Security Scanner
5. Softros LAN Messenger
6. Network Time System
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Syhunt TS Security Scanner 6.7 Build 96
2. yaSSL 0.1.0
3. Password Spyer 2k 2.4
4. FTimes v3.4.0
5. Socks via HTTP v1.0.1
6. OSIRIS v4.0.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. TCP/IP Skills Required for Security Analysts
By Don Parker
This article guides users new to the security field through some of the
key skills required to work as a security analyst. The focus is on core
TCP/IP competency and related technologies such as intrusion detection
systems, firewalls and routers.
http://www.securityfocus.com/infocus/1779
2. Automating Windows Patch Mngt: Part III
By Jonathan Hassell
The final installment of this series discusses two alternative, low cost
tools to manage the application of patches to Windows systems, and also
provides information on the upcoming, revised Software Update Services
(SUS) from Microsoft.
http://www.securityfocus.com/infocus/1778
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Internet Explorer Unconfirmed Memory Corruption Vu...
BugTraq ID: 10299
Remote: Yes
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10299
Summary:
It has been reported that Internet Explorer may be prone to a potential memory corruption vulnerability that could allow a remote attacker to cause a denial of service condition in the browser. The issue is reported to present itself when an attacker creates a malicious site, which employs the 'onLoad' event and the 'window.location' javascript method to access a local file.
2. Trend Micro OfficeScan Weak Default Permissions Vulnerabilit...
BugTraq ID: 10300
Remote: No
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10300
Summary:
It has been reported that OfficeScan is affected by weak default permissions vulnerabilities. This issue is due to insufficient default permissions on the application directory.
These issues would allow a local attacker or malicious software to deactivate the affected antivirus service without requiring any authorization; hosts thought to be secure might have a false sense of security.
3. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
BugTraq ID: 10301
Remote: Yes
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10301
Summary:
It has been reported that Sun's Java Runtime Environment, as well as the Java Software Development Kit are affected by an unspecified, remote denial of service vulnerability.
This issue would allow an attacker to cause the affected JRE to become unresponsive, denying service to legitimate users.
4. EFFingerD Remote Buffer Overflow Vulnerability
BugTraq ID: 10304
Remote: Yes
Date Published: May 08 2004
Relevant URL: http://www.securityfocus.com/bid/10304
Summary:
efFingerD has been reported prone to a remote buffer overflow vulnerability. The problem occurs due to insufficient bounds checking performed when handling requests.
As a result, an attacker may be capable of corrupting sensitive data such as a return address, and thereby effectively control the execution flow of the program. This would ultimately allow for the execution of arbitrary code. Immediate consequences of exploitation of this issue may result in denial of service.
5. Qualcomm Eudora Embedded Hyperlink URI Obfuscation Weakness
BugTraq ID: 10305
Remote: Yes
Date Published: May 08 2004
Relevant URL: http://www.securityfocus.com/bid/10305
Summary:
It has been reported that the Qualcomm Eudora MTA is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a "^A" control character is located after the user value. The user value may then be appended with space characters to obfuscate status bar and mouseover details. It is said that, when doing a mouseover of such a URI, it will cause the status bar to only display the contents of the user value, not the entire link.
6. Microsoft Outlook 2003 Predictable File Location Weakness
BugTraq ID: 10307
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10307
Summary:
Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations.
This may present a security risk because many known (and potential) Internet Explorer vulnerabilities depend on the attacker being able to directly reference malicious content on a victim system. Given both the ability to place such content on the file system and reference it specifically by location, exploitation of many browser-based vulnerabilities becomes possible.
7. Microsoft Internet Explorer Embedded Image URI Obfuscation W...
BugTraq ID: 10308
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10308
Summary:
It has been reported that Microsoft Internet Explorer is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a malicious link.
An attacker could exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim were to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.
8. Icecast Server Base64 Authorization Request Remote Buffer Ov...
BugTraq ID: 10311
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10311
Summary:
It has been reported that Icecast server may be prone to a remote buffer overflow vulnerability when processing an excessively long base64 authentication request. A remote attacker could execute arbitrary code in the context of the server leading to unauthorized access.
This issue is reported to exist in Icecast 2.0.0, however, it is possible that previous versions are affected as well.
9. PHPShop Remote PHP Script Execution Vulnerability
BugTraq ID: 10313
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10313
Summary:
Reportedly phpShop is affected by a remote PHP script execution vulnerability. This issue is due to improper validation of user-supplied variables passed to the application via URI, POST or COOKIE parameters.
This issue is present whether or not the PHP Apache module is configured with 'register_globals' turned off or on.
This issue would allow an attacker to execute arbitrary PHP scripts on an affected host; issuing commands to the underlying operating system with the privileges of the web server is possible.
10. Tutorials Manager Multiple Remote SQL Injection Vulnerabilit...
BugTraq ID: 10314
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10314
Summary:
Reportedly Tutorials Manager is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input.
These SQL injection issues might allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
11. EMule Web Control Panel Denial Of Service Vulnerability
BugTraq ID: 10317
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10317
Summary:
It has been reported that eMule's Web Control Panel is susceptible to a remote denial of service vulnerability.
This issue is reportedly triggered by sending malformed requests to the web interface. Upon processing malformed requests, the affected application will crash, denying service to legitimate users.
12. Microsoft Internet Explorer XML Parsing Denial Of Service Vu...
BugTraq ID: 10318
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10318
Summary:
Internet Explorer is reportedly affected by a XML parsing denial of service vulnerability. This issue is due to a failure of the application to properly handle malformed XML tags.
Successful exploitation of this issue might allow a remote attacker to crash a vulnerable web browser.
13. Microsoft Windows HSC DVD Driver Upgrade Code Execution Vuln...
BugTraq ID: 10321
Remote: Yes
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10321
Summary:
A security vulnerability has been reported in Microsoft Windows XP and Server 2003 operating systems. This issue exists in the Help and Support Center (HSC) and is due to how the feature handles HCP invocation URIs for DVD driver upgrades.
This issue could be exploited from a malicious web page or HTML e-mail to cause a malicious executable to be run on a vulnerable system. This would occur in the context of the victim user, though it has been reported that significant user interaction is required for exploitation to occur.
While this issue may be exploited through Internet Explorer, it should also be noted that third-party web client software could also invoke HSC via a HCP URI.
14. Microsoft Outlook Mail Client E-mail Address Verification We...
BugTraq ID: 10323
Remote: Yes
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10323
Summary:
It has been reported that Microsoft Outlook mail client may be prone to a weakness that could allow a remote attacker to verify the validity of a recipient's e-mail address. This issue may result in a victim receiving more junk e-mail.
Microsoft Outlook 2003 is reported to be affected by this issue.
15. Multiple Mail Transfer Agent Embedded Hyperlink URI Obfuscat...
BugTraq ID: 10324
Remote: Yes
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10324
Summary:
It has been reported that multiple Mail Transfer Agents are prone to a URI obfuscation weakness variant that may hide the true contents of a link. The problem occurs when a URI is formatted in such a way that a "*" character is located after the initial URI and a secondary URI is appended to this string. It is said that, when performing a mouseover of such a URI, it will cause the status bar to only display the contents of the first URI value, not the entire link.
This could be used to trick a user into following a malicious link.
16. Microsoft Windows Terminal Server Patch Unspecified Denial O...
BugTraq ID: 10325
Remote: Unknown
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10325
Summary:
The Terminal Server patch issued in Microsoft advisory MS01-052 has been found to be prone to an unspecified denial of service vulnerability. The affected patch was originally issued to deal with the issue outlined in the Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability (BID 3445).
This issue could be leveraged to cause the affected server to stop responding, denying service to legitimate users.
17. Sweex Wireless Broadband Router/Access Point Unauthorized Ac...
BugTraq ID: 10339
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10339
Summary:
It has been reported that Sweex Wireless Broadband Router/Access Point is prone to a vulnerability that may allow a remote attacker to gain unauthorized access to a vulnerable access point. It has been reported that the access point has a TFTP service running that is enabled by default.
Successful exploitation of this issue may allow a remote attacker to gain access to sensitive information that could eventually allow an attacker to completely compromise the access point.
Sweex Wireless Broadband Router/Access Point 11g is reported to be prone to this issue.
18. Opera Web Browser Telnet URI handler Arbitrary File Creation...
BugTraq ID: 10341
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10341
Summary:
It has been reported that Opera web browser is prone to a vulnerability that may allow a remote attacker to create and modify arbitrary files on a system. The vulnerability presents itself because the telnet URI handler in Opera fails to sanitize user-supplied input. Specifically, if a '-' character is present at the beginning of a host name, options may be passed to the telnet program to carry out an attack remotely.
Opera version 7.23 is reported to be affected by this issue. Earlier versions may also be affected.
**It has been reported that various web browsers are affected by this issue. The affected products include Apple Safari, Microsoft Internet Explorer, Mozilla Firefox, OmniWeb, iCab, TrailBlazer, and possibly others. These applications are currently undergoing further review and individual BIDs will be created when more information becomes available.
19. Microsoft Outlook Express URI Obfuscation Vulnerability
BugTraq ID: 10345
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10345
Summary:
Microsoft Outlook Express has been reported prone to a URI obfuscation vulnerability.
This issue is reported to affect version 6.0 of the affected software, other versions might also be affected.
An attacker could reportedly get a user to visit an attacker controlled site without the usual address bar feature in a web browser. This could potentially make it easier for an attacker to fool a user into trusting the site contents.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Password Management with Services (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/363298
2. Sequential/incremental IPID in Windows IP stack (Thread)
Relevant URL:
6. NT and 2000 account policies administrations (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/363012
7. SecurityFocus Microsoft Newsletter #188 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362945
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. SP I-NET
By: Unisys
Platforms: Windows 95/98, Windows NT
Relevant URL: http://www.unisys.com/sp-security
Summary:
Designed for business-to-business communications requiring trusted relationships, SP I-NET ensures confidentiality of data, authenticates the identity of the involved parties, and ensures the privacy of their communication.
2. East-Tec Eraser 2004
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate sensitive data from your computer and protect your computer and Internet privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now means wiping its contents beyond recovery, scrambling its name and dates and finally removing it from disk. When you want to get rid of sensitive files or folders beyond recovery, add them to the Eraser list of doomed files and ask Eraser to do the job. Eraser offers tight integration with the Windows shell, so you can drag files and folders from Explorer and drop them in Eraser, or you can erase them directly from Explorer by selecting Erase beyond recovery from the context menu.
3. secure2trust
By: Avoco Secure
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
Summary:
secure2trust gives you the power to create documents that remain under your corporate control throughout their entire existence. Even if you allow another party to have a copy of your original document you can be sure that the copy will always have your original controls as part of its properties. The digital rights options which will control printing, copying, viewing, etc give you persistent and secure digital asset protection and intellectual property control. Digital rights mechanisms are the only way to ensure document integrity in a persistent way for both inter and intra company communications.
4. N-Stealth Security Scanner
By: N-Stalker
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.nstalker.com/products/nstealth/
Summary:
N-Stealth is a vulnerability-assessment product that scans web servers to identify security problems and weaknesses that might allow an attacker to gain privileged access. The software comes with an extensive database of over 30,000 vulnerabilities and exploits. N-Stealth® is more actively maintained than the network security scanners and consequently has a larger database of vulnerabilities.
5. Softros LAN Messenger
By: Softros Systems Inc.
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://messenger.softros.com
Summary:
Softros Messenger is a secure network messaging software application for corporate LANs (local area networks). It does not require a server and is very easy to install and use. Softros Messenger comes with a variety of handy features, like message notification alarms, personal or group messaging, and intuitive interface. Softros Messenger offers strong encryption options for all incoming and outgoing messages, guaranteeing no unauthorized person ever reads personal correspondence. The program is very stable when running under any Windows operating system and in any TCP/IP network, regardless of its size. Also Softros Messenger correctly identifies and works under Windows NT/2000/XP limited user accounts (without administrative privileges).
6. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:
Network Time System - Secure, fast and accurate time sync software across entire network.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Syhunt TS Security Scanner 6.7 Build 96
By: Syhunt
Relevant URL: http://www.syhunt.com/section.php?id=scanner
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Syhunt TS Security Scanner is able to find the unfindable, not only known vulnerabilities, but also potential new ones. The new version can identify and exploit vulnerabilities in a matter of minutes and is a key tool for security professionals and administrators.
2. yaSSL 0.1.0
By: tao51
Relevant URL: http://freshmeat.net/projects/yassl/?branch_id=48050&release_id=160245
Platforms: Linux, POSIX, Windows 2000, Windows NT, Windows XP
Summary:
The yaSSL software package is a fast, dual-licensed implementation of SSL. It includes SSL client libraries and an SSL server implementation. It supports multiple APIs, including those defined by SSL and TLS. It also supports an OpenSSL compatibility interface.
3. Password Spyer 2k 2.4
By: Maro's Tools
Relevant URL: http://www.maros-tools.com/products/spyer/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Password Spyer 2k is a password recovery tool for windows. Password Spyer 2k reveals passwords hidden by asterkis (***) in all windows version (including 2000 and XP). You can use it to recover lost or forgotten passwords in most windows applications such as outlook, cute ftp, ws ftp, ICQ and others. You can use it to also reveal saved web passwords. Password Spyer 2k supports two methods for revealing passwords for better password retrieval.
4. FTimes v3.4.0
By: Klayton Monroe
Relevant URL: http://ftimes.sourceforge.net/FTimes/
Platforms: AIX, FreeBSD, Linux, MacOS, POSIX, Solaris, SunOS, Windows 2000, Windows NT
Summary:
FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.
5. Socks via HTTP v1.0.1
By: Florent Cueto
Relevant URL: http://cqs.dyndns.org/socks/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Socks via HTTP is a program to tunnel socks via HTTP. It is entirely written in Java.
6. OSIRIS v4.0.0
By: The Shmoo Group
Relevant URL: http://osiris.shmoo.com
Platforms: BSDI, FreeBSD, Linux, MacOS, OpenBSD, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Osiris is a host integrity management system that can be used to monitor
changes to a network of hosts over time and report those changes back to
the administrator(s). Currently, this includes monitoring any changes to
the filesystems. Osiris takes periodic snapshots of the filesystem and
stores them in a database. These databases, as well as the
configurations and logs, are all stored on a central management host.
When changes are detected, Osiris will log these events to the system
log and optionally send email to an administrator. In addition to files,
Osiris has preliminary support for the monitoring of other system
information including user lists, file system details, kernel modules,
and network interface configurations (not included with in this beta
release).
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: TruSecure
FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps
organizations better protect critical information assets with unmatched
intelligence and analysis from TruSecure's ICSA Labs and other resources.
Try it today! Sign up for your FREE 14-day trial below!
----------------------------------------
This Issue is Sponsored By: TruSecure
FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps
organizations better protect critical information assets with unmatched
intelligence and analysis from TruSecure's ICSA Labs and other resources.
Try it today! Sign up for your FREE 14-day trial below!
http://www.securityfocus.com/sponsor/TruSecure_ms-secnews_040517
------------------------------------------------------------------------
I. FRONT AND CENTER
1. TCP/IP Skills Required for Security Analysts
2. Automating Windows Patch Mngt: Part III
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Unconfirmed Memory Corruption Vu...
2. Trend Micro OfficeScan Weak Default Permissions Vulnerabilit...
3. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
4. EFFingerD Remote Buffer Overflow Vulnerability
5. Qualcomm Eudora Embedded Hyperlink URI Obfuscation Weakness
6. Microsoft Outlook 2003 Predictable File Location Weakness
7. Microsoft Internet Explorer Embedded Image URI Obfuscation W...
8. Icecast Server Base64 Authorization Request Remote Buffer Ov...
9. PHPShop Remote PHP Script Execution Vulnerability
10. Tutorials Manager Multiple Remote SQL Injection Vulnerabilit...
11. EMule Web Control Panel Denial Of Service Vulnerability
12. Microsoft Internet Explorer XML Parsing Denial Of Service Vu...
13. Microsoft Windows HSC DVD Driver Upgrade Code Execution Vuln...
14. Microsoft Outlook Mail Client E-mail Address Verification We...
15. Multiple Mail Transfer Agent Embedded Hyperlink URI Obfuscat...
16. Microsoft Windows Terminal Server Patch Unspecified Denial O...
17. Sweex Wireless Broadband Router/Access Point Unauthorized Ac...
18. Opera Web Browser Telnet URI handler Arbitrary File Creation...
19. Microsoft Outlook Express URI Obfuscation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Password Management with Services (Thread)
2. Sequential/incremental IPID in Windows IP stack (Thread)
3. Relative Security Provided by Cached Domain Credenti... (Thread)
4. Virus is getting domain account listing (Thread)
5. RKDetect - behaviour based rootkit detection utility (Thread)
6. NT and 2000 account policies administrations (Thread)
7. SecurityFocus Microsoft Newsletter #188 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. SP I-NET
2. East-Tec Eraser 2004
3. secure2trust
4. N-Stealth Security Scanner
5. Softros LAN Messenger
6. Network Time System
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Syhunt TS Security Scanner 6.7 Build 96
2. yaSSL 0.1.0
3. Password Spyer 2k 2.4
4. FTimes v3.4.0
5. Socks via HTTP v1.0.1
6. OSIRIS v4.0.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. TCP/IP Skills Required for Security Analysts
By Don Parker
This article guides users new to the security field through some of the
key skills required to work as a security analyst. The focus is on core
TCP/IP competency and related technologies such as intrusion detection
systems, firewalls and routers.
http://www.securityfocus.com/infocus/1779
2. Automating Windows Patch Mngt: Part III
By Jonathan Hassell
The final installment of this series discusses two alternative, low cost
tools to manage the application of patches to Windows systems, and also
provides information on the upcoming, revised Software Update Services
(SUS) from Microsoft.
http://www.securityfocus.com/infocus/1778
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Internet Explorer Unconfirmed Memory Corruption Vu...
BugTraq ID: 10299
Remote: Yes
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10299
Summary:
It has been reported that Internet Explorer may be prone to a potential memory corruption vulnerability that could allow a remote attacker to cause a denial of service condition in the browser. The issue is reported to present itself when an attacker creates a malicious site, which employs the 'onLoad' event and the 'window.location' javascript method to access a local file.
2. Trend Micro OfficeScan Weak Default Permissions Vulnerabilit...
BugTraq ID: 10300
Remote: No
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10300
Summary:
It has been reported that OfficeScan is affected by weak default permissions vulnerabilities. This issue is due to insufficient default permissions on the application directory.
These issues would allow a local attacker or malicious software to deactivate the affected antivirus service without requiring any authorization; hosts thought to be secure might have a false sense of security.
3. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
BugTraq ID: 10301
Remote: Yes
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10301
Summary:
It has been reported that Sun's Java Runtime Environment, as well as the Java Software Development Kit are affected by an unspecified, remote denial of service vulnerability.
This issue would allow an attacker to cause the affected JRE to become unresponsive, denying service to legitimate users.
4. EFFingerD Remote Buffer Overflow Vulnerability
BugTraq ID: 10304
Remote: Yes
Date Published: May 08 2004
Relevant URL: http://www.securityfocus.com/bid/10304
Summary:
efFingerD has been reported prone to a remote buffer overflow vulnerability. The problem occurs due to insufficient bounds checking performed when handling requests.
As a result, an attacker may be capable of corrupting sensitive data such as a return address, and thereby effectively control the execution flow of the program. This would ultimately allow for the execution of arbitrary code. Immediate consequences of exploitation of this issue may result in denial of service.
5. Qualcomm Eudora Embedded Hyperlink URI Obfuscation Weakness
BugTraq ID: 10305
Remote: Yes
Date Published: May 08 2004
Relevant URL: http://www.securityfocus.com/bid/10305
Summary:
It has been reported that the Qualcomm Eudora MTA is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a "^A" control character is located after the user value. The user value may then be appended with space characters to obfuscate status bar and mouseover details. It is said that, when doing a mouseover of such a URI, it will cause the status bar to only display the contents of the user value, not the entire link.
6. Microsoft Outlook 2003 Predictable File Location Weakness
BugTraq ID: 10307
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10307
Summary:
Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations.
This may present a security risk because many known (and potential) Internet Explorer vulnerabilities depend on the attacker being able to directly reference malicious content on a victim system. Given both the ability to place such content on the file system and reference it specifically by location, exploitation of many browser-based vulnerabilities becomes possible.
7. Microsoft Internet Explorer Embedded Image URI Obfuscation W...
BugTraq ID: 10308
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10308
Summary:
It has been reported that Microsoft Internet Explorer is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a malicious link.
An attacker could exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim were to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.
8. Icecast Server Base64 Authorization Request Remote Buffer Ov...
BugTraq ID: 10311
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10311
Summary:
It has been reported that Icecast server may be prone to a remote buffer overflow vulnerability when processing an excessively long base64 authentication request. A remote attacker could execute arbitrary code in the context of the server leading to unauthorized access.
This issue is reported to exist in Icecast 2.0.0, however, it is possible that previous versions are affected as well.
9. PHPShop Remote PHP Script Execution Vulnerability
BugTraq ID: 10313
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10313
Summary:
Reportedly phpShop is affected by a remote PHP script execution vulnerability. This issue is due to improper validation of user-supplied variables passed to the application via URI, POST or COOKIE parameters.
This issue is present whether or not the PHP Apache module is configured with 'register_globals' turned off or on.
This issue would allow an attacker to execute arbitrary PHP scripts on an affected host; issuing commands to the underlying operating system with the privileges of the web server is possible.
10. Tutorials Manager Multiple Remote SQL Injection Vulnerabilit...
BugTraq ID: 10314
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10314
Summary:
Reportedly Tutorials Manager is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input.
These SQL injection issues might allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
11. EMule Web Control Panel Denial Of Service Vulnerability
BugTraq ID: 10317
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10317
Summary:
It has been reported that eMule's Web Control Panel is susceptible to a remote denial of service vulnerability.
This issue is reportedly triggered by sending malformed requests to the web interface. Upon processing malformed requests, the affected application will crash, denying service to legitimate users.
12. Microsoft Internet Explorer XML Parsing Denial Of Service Vu...
BugTraq ID: 10318
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10318
Summary:
Internet Explorer is reportedly affected by a XML parsing denial of service vulnerability. This issue is due to a failure of the application to properly handle malformed XML tags.
Successful exploitation of this issue might allow a remote attacker to crash a vulnerable web browser.
13. Microsoft Windows HSC DVD Driver Upgrade Code Execution Vuln...
BugTraq ID: 10321
Remote: Yes
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10321
Summary:
A security vulnerability has been reported in Microsoft Windows XP and Server 2003 operating systems. This issue exists in the Help and Support Center (HSC) and is due to how the feature handles HCP invocation URIs for DVD driver upgrades.
This issue could be exploited from a malicious web page or HTML e-mail to cause a malicious executable to be run on a vulnerable system. This would occur in the context of the victim user, though it has been reported that significant user interaction is required for exploitation to occur.
While this issue may be exploited through Internet Explorer, it should also be noted that third-party web client software could also invoke HSC via a HCP URI.
14. Microsoft Outlook Mail Client E-mail Address Verification We...
BugTraq ID: 10323
Remote: Yes
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10323
Summary:
It has been reported that Microsoft Outlook mail client may be prone to a weakness that could allow a remote attacker to verify the validity of a recipient's e-mail address. This issue may result in a victim receiving more junk e-mail.
Microsoft Outlook 2003 is reported to be affected by this issue.
15. Multiple Mail Transfer Agent Embedded Hyperlink URI Obfuscat...
BugTraq ID: 10324
Remote: Yes
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10324
Summary:
It has been reported that multiple Mail Transfer Agents are prone to a URI obfuscation weakness variant that may hide the true contents of a link. The problem occurs when a URI is formatted in such a way that a "*" character is located after the initial URI and a secondary URI is appended to this string. It is said that, when performing a mouseover of such a URI, it will cause the status bar to only display the contents of the first URI value, not the entire link.
This could be used to trick a user into following a malicious link.
16. Microsoft Windows Terminal Server Patch Unspecified Denial O...
BugTraq ID: 10325
Remote: Unknown
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10325
Summary:
The Terminal Server patch issued in Microsoft advisory MS01-052 has been found to be prone to an unspecified denial of service vulnerability. The affected patch was originally issued to deal with the issue outlined in the Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability (BID 3445).
This issue could be leveraged to cause the affected server to stop responding, denying service to legitimate users.
17. Sweex Wireless Broadband Router/Access Point Unauthorized Ac...
BugTraq ID: 10339
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10339
Summary:
It has been reported that Sweex Wireless Broadband Router/Access Point is prone to a vulnerability that may allow a remote attacker to gain unauthorized access to a vulnerable access point. It has been reported that the access point has a TFTP service running that is enabled by default.
Successful exploitation of this issue may allow a remote attacker to gain access to sensitive information that could eventually allow an attacker to completely compromise the access point.
Sweex Wireless Broadband Router/Access Point 11g is reported to be prone to this issue.
18. Opera Web Browser Telnet URI handler Arbitrary File Creation...
BugTraq ID: 10341
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10341
Summary:
It has been reported that Opera web browser is prone to a vulnerability that may allow a remote attacker to create and modify arbitrary files on a system. The vulnerability presents itself because the telnet URI handler in Opera fails to sanitize user-supplied input. Specifically, if a '-' character is present at the beginning of a host name, options may be passed to the telnet program to carry out an attack remotely.
Opera version 7.23 is reported to be affected by this issue. Earlier versions may also be affected.
**It has been reported that various web browsers are affected by this issue. The affected products include Apple Safari, Microsoft Internet Explorer, Mozilla Firefox, OmniWeb, iCab, TrailBlazer, and possibly others. These applications are currently undergoing further review and individual BIDs will be created when more information becomes available.
19. Microsoft Outlook Express URI Obfuscation Vulnerability
BugTraq ID: 10345
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10345
Summary:
Microsoft Outlook Express has been reported prone to a URI obfuscation vulnerability.
This issue is reported to affect version 6.0 of the affected software, other versions might also be affected.
An attacker could reportedly get a user to visit an attacker controlled site without the usual address bar feature in a web browser. This could potentially make it easier for an attacker to fool a user into trusting the site contents.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Password Management with Services (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/363298
2. Sequential/incremental IPID in Windows IP stack (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/363295
3. Relative Security Provided by Cached Domain Credenti... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/363140
4. Virus is getting domain account listing (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/363018
5. RKDetect - behaviour based rootkit detection utility (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/363015
6. NT and 2000 account policies administrations (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/363012
7. SecurityFocus Microsoft Newsletter #188 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362945
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. SP I-NET
By: Unisys
Platforms: Windows 95/98, Windows NT
Relevant URL: http://www.unisys.com/sp-security
Summary:
Designed for business-to-business communications requiring trusted relationships, SP I-NET ensures confidentiality of data, authenticates the identity of the involved parties, and ensures the privacy of their communication.
2. East-Tec Eraser 2004
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate sensitive data from your computer and protect your computer and Internet privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now means wiping its contents beyond recovery, scrambling its name and dates and finally removing it from disk. When you want to get rid of sensitive files or folders beyond recovery, add them to the Eraser list of doomed files and ask Eraser to do the job. Eraser offers tight integration with the Windows shell, so you can drag files and folders from Explorer and drop them in Eraser, or you can erase them directly from Explorer by selecting Erase beyond recovery from the context menu.
3. secure2trust
By: Avoco Secure
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
Summary:
secure2trust gives you the power to create documents that remain under your corporate control throughout their entire existence. Even if you allow another party to have a copy of your original document you can be sure that the copy will always have your original controls as part of its properties. The digital rights options which will control printing, copying, viewing, etc give you persistent and secure digital asset protection and intellectual property control. Digital rights mechanisms are the only way to ensure document integrity in a persistent way for both inter and intra company communications.
4. N-Stealth Security Scanner
By: N-Stalker
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.nstalker.com/products/nstealth/
Summary:
N-Stealth is a vulnerability-assessment product that scans web servers to identify security problems and weaknesses that might allow an attacker to gain privileged access. The software comes with an extensive database of over 30,000 vulnerabilities and exploits. N-Stealth® is more actively maintained than the network security scanners and consequently has a larger database of vulnerabilities.
5. Softros LAN Messenger
By: Softros Systems Inc.
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://messenger.softros.com
Summary:
Softros Messenger is a secure network messaging software application for corporate LANs (local area networks). It does not require a server and is very easy to install and use. Softros Messenger comes with a variety of handy features, like message notification alarms, personal or group messaging, and intuitive interface. Softros Messenger offers strong encryption options for all incoming and outgoing messages, guaranteeing no unauthorized person ever reads personal correspondence. The program is very stable when running under any Windows operating system and in any TCP/IP network, regardless of its size. Also Softros Messenger correctly identifies and works under Windows NT/2000/XP limited user accounts (without administrative privileges).
6. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:
Network Time System - Secure, fast and accurate time sync software across entire network.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Syhunt TS Security Scanner 6.7 Build 96
By: Syhunt
Relevant URL: http://www.syhunt.com/section.php?id=scanner
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Syhunt TS Security Scanner is able to find the unfindable, not only known vulnerabilities, but also potential new ones. The new version can identify and exploit vulnerabilities in a matter of minutes and is a key tool for security professionals and administrators.
2. yaSSL 0.1.0
By: tao51
Relevant URL: http://freshmeat.net/projects/yassl/?branch_id=48050&release_id=160245
Platforms: Linux, POSIX, Windows 2000, Windows NT, Windows XP
Summary:
The yaSSL software package is a fast, dual-licensed implementation of SSL. It includes SSL client libraries and an SSL server implementation. It supports multiple APIs, including those defined by SSL and TLS. It also supports an OpenSSL compatibility interface.
3. Password Spyer 2k 2.4
By: Maro's Tools
Relevant URL: http://www.maros-tools.com/products/spyer/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Password Spyer 2k is a password recovery tool for windows. Password Spyer 2k reveals passwords hidden by asterkis (***) in all windows version (including 2000 and XP). You can use it to recover lost or forgotten passwords in most windows applications such as outlook, cute ftp, ws ftp, ICQ and others. You can use it to also reveal saved web passwords. Password Spyer 2k supports two methods for revealing passwords for better password retrieval.
4. FTimes v3.4.0
By: Klayton Monroe
Relevant URL: http://ftimes.sourceforge.net/FTimes/
Platforms: AIX, FreeBSD, Linux, MacOS, POSIX, Solaris, SunOS, Windows 2000, Windows NT
Summary:
FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.
5. Socks via HTTP v1.0.1
By: Florent Cueto
Relevant URL: http://cqs.dyndns.org/socks/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Socks via HTTP is a program to tunnel socks via HTTP. It is entirely written in Java.
6. OSIRIS v4.0.0
By: The Shmoo Group
Relevant URL: http://osiris.shmoo.com
Platforms: BSDI, FreeBSD, Linux, MacOS, OpenBSD, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Osiris is a host integrity management system that can be used to monitor
changes to a network of hosts over time and report those changes back to
the administrator(s). Currently, this includes monitoring any changes to
the filesystems. Osiris takes periodic snapshots of the filesystem and
stores them in a database. These databases, as well as the
configurations and logs, are all stored on a central management host.
When changes are detected, Osiris will log these events to the system
log and optionally send email to an administrator. In addition to files,
Osiris has preliminary support for the monitoring of other system
information including user lists, file system details, kernel modules,
and network interface configurations (not included with in this beta
release).
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: TruSecure
FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps
organizations better protect critical information assets with unmatched
intelligence and analysis from TruSecure's ICSA Labs and other resources.
Try it today! Sign up for your FREE 14-day trial below!
http://www.securityfocus.com/sponsor/TruSecure_ms-secnews_040517
------------------------------------------------------------------------
[ reply ]