SecurityFocus Microsoft Newsletter #144
---------------------------------------
This Issue is Sponsored by: SpiDynamics
ALERT: "Six steps for testing your applications for SQL Injection Attacks"
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems! Firewalls
and IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* test guide from SPI Dynamics to check for
SQL Injection vulnerabilities.
I. FRONT AND CENTER
1. Penetration Testing for Web Applications (Part Two)
2. IDS Correlation of VA Data and IDS Alerts
3. Antivirus Concerns in XP and .NET Environments
4. Promises, Promises
5. The SecurityFocus 4th Anniversary Contest
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft NetMeeting Directory Traversal Vulnerability
2. Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities...
3. iXmail iXmail_NetAttach.PHP File Deletion Vulnerability
4. Multiple Opera Denial Of Service Vulnerabilities
5. Verity K2 Toolkit Query Builder Search Script Cross-Site...
6. PABox Password Reset Vulnerability
7. PABox Admin Control Panel PHP Code Injection Vulnerability
8. MoreGroupWare Multiple Cross-Site Scripting Vulnerabilities
9. iXmail Arbitrary File Upload Vulnerability
10. VisNetic Website Path Disclosure Vulnerability
11. Marbry Software FTPServer/X Controls Server Response Buffer...
12. MoreGroupWare Arbitrary File Upload Vulnerability
13. iXmail Index.PHP Authentication Bypass SQL Injection...
14. WebBBS Guestbook HTML Injection Vulnerability
15. ImageMagick Temporary File Creation Vulnerability
16. CutePHP CuteNews HTML Injection Vulnerability
17. Abyss Web Server HTTP GET Heap Overrun Vulnerability
18. Microsoft Commerce Server 2002 Weak Registry Key Permissions...
19. Abyss Web Server HTTP Header Injection Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. How to block users from installing other apps (Thread)
2. SP4 installation failure (Thread)
3. Q811114 and Q815021 (Thread)
4. Managing Windows Event Logs (Thread)
5. Limiting the creation of new files to specific types. (Thread)
6. SP4 instalation failure (Thread)
7. SecurityFocus Microsoft Newsletter #143 (Thread)
8. SP4 installation (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. eTRUST Intrusion Detection
2. InterScan WebProtect
3. PestPatrol
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Secure FTP Bean v2.0.8
2. LibTomMath v0.22
3. John the Ripper v1.6.34(dev)
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Penetration Testing for Web Applications (Part Two)
By Jody Melbourne and David Jorm
The second installment in this series expands upon issues of input
validation - how developers routinely, through a lack of proper input
sanity and validity checking, expose their back-end systems to server-side
code-injection and SQL-injection attacks. It also explores the manner in
which these issues may manifest the client-side as cross-site scripting
and other content-manipulation vulnerabilities.
http://www.securityfocus.com/infocus/1709
2. IDS Correlation of VA Data and IDS Alerts
By Neil Desai
This article discusses the correlation of VA data and IDS alerts to
helpprioritize events and reduce the time it takes to sift through events.
http://www.securityfocus.com/infocus/1708
3. Antivirus Concerns in XP and .NET Environments
by Roger A. Grimes
After Windows NT was released, it took virus writers 5 years to learn how
to infect it. Windows NT 3.1 and the Win32 API were released in late 1993,
but it wasn't until August 1998 that W32.Cabanas became the first NT virus
by capturing coveted kernel mode access. .NET and some of Microsoft's
other initiatives have not been as lucky. The purpose of this article is
to discuss antivirus (AV) concerns with .NET and Microsoft Windows XP.
http://www.securityfocus.com/infocus/1707
4. Promises, Promises
By Mark Rasch
Most online businesses promise they'll protect customer data as if it were
their own. Now the government is holding them to it.
http://www.securityfocus.com/columnists/171
5. The SecurityFocus 4th Anniversary Contest
Enter before July 16th, 2003 to win two passes to the Black Hat Briefings.
Please visit the contest page here:
http://www.securityfocus.com/contest
II. BUGTRAQ SUMMARY
-------------------
1. Microsoft NetMeeting Directory Traversal Vulnerability
BugTraq ID: 7931
Remote: Yes
Date Published: Jul 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7931
Summary:
Microsoft NetMeeting is conferencing software that can be used by two or
more users to participate in audio or video conferences.
NetMeeting is reported to be prone to a directory traversal vulnerability.
This is due to a lack of proper validation of file names in the NetMeeting
File Transfer function.
Files transferred during a NetMeeting session are saved in the Program
Files\NetMeeting\Received Files directory by default. By prepending the
name of the file being transferred with directory traversal character
sequences (..\), the file could be saved in an arbitrary directory. Such
a directory could include the Windows Startup directory or the NetMeeting
installation directory.
It should be noted that an existent file can not be overwritten by
exploiting this issue. Also, a notification is sent to alert the user of
the malicious file transfer, however a choice is not given whether or not
to reject the incoming file.
This vulnerability was reported for NetMeeting 3.01, however, earlier
versions may also be vulnerable.
2. Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
BugTraq ID: 8045
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8045
Summary:
Microsoft has announced the release of Windows 2000 SP4. This service
pack contains security roll-ups for a number of previously reported and
fixed issues. The service pack also contains bugfixes and patches for a
number of new security issues.
These new security issues are both local and remote in nature and may
allow privilege escalation attacks, denial of services or various degrees
of security policy bypass. Symantec is currently undergoing analysis of
these issues and will be releasing individual BIDs describing these
issues, where it is appropriate.
Windows 2000 administrators are advised to apply SP4 as soon as possible
to prevent exploitation of any previously known or new security issues.
iXmail is a web-based e-mail system implemented in PHP. It is available
for a variety of platforms including Microsoft Windows and Linux and Unix
variant systems.
A vulnerability has been reported for iXmail that may allow for the
deletion of files. The vulnerability occurs due to insufficient
sanitization of user-supplied input for certain URI parameters.
Specifically, the ixmail_netattach.php script does not sanitize
user-supplied values for the 'file' URI parameter.
An authenticated attacker may be able to exploit this vulnerability by
specifying a filename as the value to the 'file' URI parameter. This will
result in the deletion of the specified file.
Although unconfirmed, it may be possible for an attacker to use '../'
directory traversal sequences to delete arbitrary web-server readable
files.
4. Multiple Opera Denial Of Service Vulnerabilities
BugTraq ID: 8066
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8066
Summary:
Opera has been reported to be prone to five denial of service
vulnerabilities. These issues can be triggered when the browser attempts
to interpret a document with malformed code. If a user of the web browser
visits a web page that contains malformed code designed to trigger one of
these conditions, their browser could freeze up or crash outright. It
should be noted that exploitation of these issues will generally not cause
a prolonged or persistent denial of service as the browser includes
features that allow users to gracefully recover from a crash. If the
browser freezes, this could cause CPU usage to spike to 100% for that
process, which could result in a more serious denial of service condition.
This issue was reported for Opera on Microsoft Windows platforms. It is
not known if other releases are affected.
These issues are pending further analysis and will be assigned separate
BIDs with more specific details when analysis is completed.
The K2 Toolkit is a web application infrastructure distributed by Verity.
It is available for the Unix, Linux, and Microsoft Windows platforms.
It has been reported that the K2 Toolkit does not sufficiently sanitize
input by users. Because of this, it may be possible for an attacker to
launch an attack that results in the execution of web code in the browsers
of users that have loaded a malicious link created by the attacker.
The problem is in the filtering of input from URI parameters of the search
script of the query building tool. User-supplied input will be echoed
back without being sufficiently sanitized of HTML or script code. By
passing malicious HTML or script code to the script, it is possible to
render the code in the security context of the site hosting the vulnerable
software. This could lead to the theft of authentication credentials such
as cookies, or other nefarious activities.
6. PABox Password Reset Vulnerability
BugTraq ID: 8067
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8067
Summary:
paBox is a web-application that is written in PHP. It will run on Unix
and Linux variants, as well as Microsoft Windows operating systems.
paBox is prone to an issue that may allow unauthenticated remote users to
reset administrative passwords. This issue is due to insufficient access
validation prior to allow users to perform certain actions. This could
permit unauthorized access to the administrative Control Panel, which may
aid the attacker in further attacks against the underlying system.
7. PABox Admin Control Panel PHP Code Injection Vulnerability
BugTraq ID: 8068
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8068
Summary:
paBox is a web-application that is written in PHP. It will run on Unix
and Linux variants, as well as Microsoft Windows operating systems.
Remote users with access to the administrative Control Panel may be able
to inject malicious PHP code when adding banned users. Banned user
information is stored in the 'bannedusers.php' script. This code could
then be executed, allowing for execution of arbitrary commands in the
context of the web server hosting the software.
Unauthorized remote users may exploit other latent vulnerabilities in the
software to gain access to the administrative console.
moregroupware is a tool to facilitate office communications. It includes,
among other features, webmail, calendering and project management
functionality. It is implemented in PHP and is available for a variety of
platforms including Microsoft Windows and Linux and Unix variant operating
environments.
Several cross-site scripting vulnerabilities have been reported for
moregroupware. The vulnerability exists due to insufficient sanitization
of user-supplied data.
An attacker could exploit these issues by enticing a web user to a
malicious link which contains hostile HTML or script code. The hostile
code may be rendered in the user's browser when the user follows the link.
Exploitation could permit an attacker to steal cookie-based authentication
credentials or launch other attacks.
This vulnerability was reported for moregroupware 0.6.7. Earlier versions
may be affected.
iXmail is a web-based e-mail system implemented in PHP. It is available
for a variety of platforms including Microsoft Windows and Linux and Unix
variant systems.
When an attacker makes a request to the iXmail ixmail_attach.php script
the $attach1 and $attach1_name variables define the location of data and
the name of a PHP file respectively. The PHP file is stored within the
/tmp directory of the established web root.
iXmail has been reported prone to an arbitrary file upload vulnerability.
The problem is said to occur due to insufficient sanitization of the
user-supplied $attach1 URI parameter.
An authenticated attacker could exploit this vulnerability by supplying a
remote file, containing malicious PHP commands, as the $attach1 parameter.
This will result in the PHP commands being stored within the /tmp
directory, using the naming convention of the attacker-supplied
$attach1_name parameter. By supplying a name with a PHP extension, an
attacker could effectively execute arbitrary PHP code on the remote system
by making a request for the newly created script file.
VisNetic Website is web server that supports multiple domains, and allows
TLS/SSL secured domains. It is available for the Microsoft Windows
operating system.
VisNetic Website has been reported prone to a path disclosure
vulnerability.
It has been reported that a remote attacker may make a HTTP request for a
CGI resource that does not exist and in doing so trigger an error. The
resulting error message will disclose potentially sensitive installation
path information to the remote attacker.
Information gathered in this way could be used to aid in further attacks
launched against the affected system.
It should be noted that this vulnerability has been reported to affect
VisNetic Website 3.5 Service release 17, prior versions are also likely
affected.
11. Marbry Software FTPServer/X Controls Server Response Buffer Overflow Vulnerability
BugTraq ID: 8040
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8040
Summary:
Marbry Software FTPServer/X is an ActiveX Control and COM Object, designed
to be incorporated into FTP server software for Microsoft Windows
platforms.
FTPServer/X control has been reported prone to a buffer overflow
vulnerability when processing server responses of excessive length.
The issue presents itself, likely due to a lack of sufficient bounds
checking performed by wsprintf() when copying attacker-supplied data into
an internal memory buffer. The data contained in this buffer, under normal
circumstances, is transmitted to the remote user as a part of an FTP
server status response message.
A remote attacker may supply a string of excessive length as a username
(>=1017 bytes) during the authentication process, or may simply supply a
malicious command of excessive length (>=1022 bytes) during an authorized
FTP session. When the malicious string is copied into a fixed internal
memory buffer, data that exceeds the size of the assigned buffer will
overrun its bounds and corrupt adjacent memory. It has been reported that
memory adjacent to the affected buffer contains pointers and a saved
return address, both of which are crucial to the control of program
execution flow. It is therefore likely that an attacker may exploit this
condition to seize control of the vulnerable FTP server, and have
arbitrary operation codes executed in the context of the user that is
running the server. A remote attacker may also exploit this condition to
trigger a persistent denial of service condition for legitimate FTP users;
the server would require a restart to resume normal functionality.
It should be noted that any software that implements the Marbry Software
FTPServer/X control, is likely affected by this vulnerability. It has been
confirmed that this control is in use by Mollensoft(Hyperion) FTP Server.
This issue is related to BID 7307 and possibly BID 6345.
moregroupware is a tool to facilitate office communications. It includes,
among other features, webmail, calendering and project management
functionality. It is implemented in PHP and is available for a variety of
platforms including Microsoft Windows and Linux and Unix variant operating
environments.
A vulnerability has been reported for moregroupware that may make it
possible for a remote attacker to upload files to a vulnerable system. The
vulnerability may be likely due to insufficient permissions on the
'modules/files/store/' folder of the moregroupware installation.
It is not clear where the specific vulnerable component of moregroupware
lies. However, because of the problem, it may be possible for an attacker
to upload and overwrite files with the privileges of the web server
process. This could result in data corruption, or other potentially
malicious activities.
This vulnerability was reported to affect moregroupware 0.6.7.
iXmail is a web-based e-mail system implemented in PHP. It is available
for a variety of platforms including Microsoft Windows and Linux and Unix
variant systems.
iXmail Index.PHP script has been reported prone to an SQL Injection
Vulnerability.
The issue presents itself, when some criteria are met. If
'magic_quotes_gpc' is set as 'off' in the 'php.ini' configuration file, a
remote user may inject arbitrary SQL code via the 'username' URI parameter
to bypass the iXmail authentication procedure. It has also been
demonstrated that this vulnerability may be exploited to disclose all of
the fields of the table 'db_authtable' to a remote attacker.
It may also be possible, depending on the database implementation and
other factors, to launch attacks against the underlying database. This
could result in disclosure of sensitive information or other consequences.
14. WebBBS Guestbook HTML Injection Vulnerability
BugTraq ID: 8052
Remote: Yes
Date Published: Jun 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8052
Summary:
WebBBS Pro is a web-based BBS system designed to run in Microsoft Windows
environments. WebBBS Pro is shipped with a web server component.
A HTML injection vulnerability has been reported for WebBBS. The
vulnerability exists as a result of insufficient sanitization of
user-supplied data.
An attacker may exploit this issue to inject malicious HTML code into
WebBBS guestbook entries. The hostile code may be rendered in the user's
browser when the user views the entry.
Exploitation could permit an attacker to steal cookie-based authentication
credentials or launch other attacks.
15. ImageMagick Temporary File Creation Vulnerability
BugTraq ID: 8057
Remote: No
Date Published: Jun 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8057
Summary:
ImageMagick is an image manipulation program. It is available for a
variety of platforms including Microsoft Windows and Unix and Linux
variant operating systems.
ImageMagick has been reported prone to an insecure temporary file creation
vulnerability. As a result, it may be possible for local attackers to
corrupt files owned by the user who is invoking the ImageMagick
application.
An attacker could potentially exploit this issue by creating a symbolic
link in place of the temporary file, which is created. Any actions
performed by ImageMagick when it is executed will be performed on the
linked file.
16. CutePHP CuteNews HTML Injection Vulnerability
BugTraq ID: 8060
Remote: Yes
Date Published: Jun 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8060
Summary:
CutePHP is a web-based bulletin board system. It is implemented in PHP and
is available for a variety of platforms including Microsoft Windows and
Unix and Linux variant operating environments.
CutePHP is prone to HTML injection attacks. The vulnerability exists due
to insufficient sanitization of user-supplied input. Specifically,
user-supplied input to news posts are not sufficiently sanitized of
malicious HTML code.
An attacker can exploit this vulnerability by adding HTML code within
IFRAME tags. The hostile code may be rendered in the user's browser when
the user views the entry.
Exploitation could permit an attacker to steal cookie-based authentication
credentials or launch other attacks.
17. Abyss Web Server HTTP GET Heap Overrun Vulnerability
BugTraq ID: 8062
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8062
Summary:
Abyss Web Server is a freely available personal web server. It is
maintained by Aprelium Technologies and runs on Microsoft Windows
operating systems, as well as Linux.
Abyss Web Server is prone to a remotely exploitable heap overrun. This is
due to insufficient bounds checking of data supplied via client HTTP GET
requests which is used in a strcpy() operation. By submitting an HTTP GET
request in excess of 2048 bytes, it will be possible to trigger this
condition. It should be noted that the ':\' characters must be appended
to the end of the request. This will permit remote attackers to corrupt
adjacent regions of heap memory with attacker-supplied values.
This condition could be exploited to execute arbitrary code with the
privileges of the web server.
This issue is reported to affect Abyss Web Server 1.1.2. Later versions,
such as 1.1.4 and 1.1.5 may be similarly affected, though this has not
been confirmed.
18. Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
BugTraq ID: 8063
Remote: No
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8063
Summary:
Microsoft Commerce Server 2002 is a web server product geared towards
building e-commerce websites.
Microsoft Commerce Server 2002 installs a registry key with weak default
permissions when configured to authenticate via SQL Server. The following
registry key is installed with read privileges for the users group:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce Server
Encoded database authentication credentials are stored under "ADMINDBPS".
Attackers with interactive access to a system hosting the vulnerable
software could gain access to encoded database credentials by perusing the
registry. Credentials could also be retrieved via Open Commerce Server
Manager. This information could be exploited to compromise the database.
This issue is reported to affect Microsoft Commerce Server 2002. It is
not known if Microsoft Commerce Server 2000 is similarly affected.
19. Abyss Web Server HTTP Header Injection Vulnerability
BugTraq ID: 8064
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8064
Summary:
Abyss Web Server is a freely available personal web server. It is
maintained by Aprelium Technologies and runs on Microsoft Windows
operating systems, as well as Linux.
Abyss Web Server is prone to a vulnerability that could permit attackers
to inject malicious data into server response headers. HTTP GET requests
ending with ':\' characters will cause the server to return a HTTP 302
response to the client, which includes the requested URI in the Location:
header field of the server response. User input is not sufficiently
sanitized from this header field in the response. An attacker could cause
malicious data such as HTML and script code to be included in the server
response. It will also be possible be append additional HTTP header
fields to the server response.
This could be exploited to launch cross-site scripting attacks. The
attacker can also append arbitrary HTTP header information to the server
response, which could permit cookie values to be set or spoofed header
field data.
This issue is reported to affect Abyss Web Server 1.1.2. Later versions,
such as 1.1.4 and 1.1.5 may be similarly affected, though this has not
been confirmed.
IV. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. How to block users from installing other apps (Thread)
Relevant URL:
4. Managing Windows Event Logs (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327532
5. Limiting the creation of new files to specific types. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327363
6. SP4 instalation failure (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327307
7. SecurityFocus Microsoft Newsletter #143 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327282
8. SP4 installation (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327203
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. 1. eTRUST Intrusion Detection
by Computer Associates International, Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT
Relevant URL:
http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/
Summary:
eTrust Intrusion Detection delivers network protection including
protection against the deployment and execution of Distributed Denial of
Service attacks ? an essential capability at a time when networks are
susceptible to an increasingly sophisticated array of attacks. A truly
comprehensive solution, eTrust Intrusion Detection includes an integrated
anti-virus engine with automatic signature updates. This powerful solution
takes the "detect, alert, prevent" approach to safeguarding your network ?
providing realtime, non-intrusive detection, policy-based alerts, and
automatic prevention.
2. InterScan WebProtect
by TrendMicro
Platforms: Windows NT
Relevant URL:
http://www.antivirus.com/products/iswp/index.htm
Summary:
The Proxy Server Anti-Virus Solution. Real-Time protection for Microsoft
Proxy Server Scans for viruses and malicious code Optionally blocks known
malicious code JAVA Applets and ActiveX Objects.
3. PestPatrol
by PestPatrol, Inc
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.safersite.com/pestpatrol/pestpatrol.asp
Summary:
PestPatrol detects and removes non-viral malicious code - trojans, remote
administration tools, spyware, hacker tools - that can be as damaging to
your business as a serious virus attack. PestPatrol complements
anti-virus, firewall, and IDS solutions, integrating seamlessly into
existing security infrastructures. Whether the threat comes from outside
or inside your organization, PestPatrol should be part of your security
toolkit.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
-------------------------------------
1. Secure FTP Bean v2.0.8
by glub
Relevant URL:
http://www.glub.com/products/bean/
Platforms: Os Independent
Summary:
The Secure FTP Bean allows FTP connections to be made over SSL, including
both implicit and explicit SSL connections, and passive and active data
transfers with or without encryption.
2. LibTomMath v0.22
by Tom St Denis tomstdenis (at) iahu (dot) ca [email concealed]
Relevant URL:
http://math.libtomcrypt.org/
Platforms: Linux, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows
XP
Summary:
LibTomMath provides highly optimized and portable routines for a vast
majority of integer-based number theoretic applications (including public
key cryptography).
3. John the Ripper v1.6.34(dev)
by Solar Designer
Relevant URL:
http://www.openwall.com/john/
Platforms: BeOS, DOS, MacOS, Windows 2000, Windows 95/98, Windows NT
Summary:
John the Ripper is a fast password cracker, currently available for many
flavors of Unix (11 are officially supported, not counting different
architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to
detect weak Unix passwords. It supports several crypt(3) password hash
types which are most commonly found on various Unix flavors, as well as
Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types
are added with contributed patches.
VI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: SpiDynamics
ALERT: "Six steps for testing your applications for SQL Injection Attacks"
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems! Firewalls
and IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* test guide from SPI Dynamics to check for
SQL Injection vulnerabilities.
Visit us at:
http://www.securityfocus.com/SPIDynamics-ms-secnews5
------------------------------------------------------------------------
---
---------------------------------------
This Issue is Sponsored by: SpiDynamics
ALERT: "Six steps for testing your applications for SQL Injection Attacks"
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems! Firewalls
and IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* test guide from SPI Dynamics to check for
SQL Injection vulnerabilities.
Visit us at:
http://www.securityfocus.com/SPIDynamics-ms-secnews5
------------------------------------------------------------------------
---
I. FRONT AND CENTER
1. Penetration Testing for Web Applications (Part Two)
2. IDS Correlation of VA Data and IDS Alerts
3. Antivirus Concerns in XP and .NET Environments
4. Promises, Promises
5. The SecurityFocus 4th Anniversary Contest
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft NetMeeting Directory Traversal Vulnerability
2. Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities...
3. iXmail iXmail_NetAttach.PHP File Deletion Vulnerability
4. Multiple Opera Denial Of Service Vulnerabilities
5. Verity K2 Toolkit Query Builder Search Script Cross-Site...
6. PABox Password Reset Vulnerability
7. PABox Admin Control Panel PHP Code Injection Vulnerability
8. MoreGroupWare Multiple Cross-Site Scripting Vulnerabilities
9. iXmail Arbitrary File Upload Vulnerability
10. VisNetic Website Path Disclosure Vulnerability
11. Marbry Software FTPServer/X Controls Server Response Buffer...
12. MoreGroupWare Arbitrary File Upload Vulnerability
13. iXmail Index.PHP Authentication Bypass SQL Injection...
14. WebBBS Guestbook HTML Injection Vulnerability
15. ImageMagick Temporary File Creation Vulnerability
16. CutePHP CuteNews HTML Injection Vulnerability
17. Abyss Web Server HTTP GET Heap Overrun Vulnerability
18. Microsoft Commerce Server 2002 Weak Registry Key Permissions...
19. Abyss Web Server HTTP Header Injection Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. How to block users from installing other apps (Thread)
2. SP4 installation failure (Thread)
3. Q811114 and Q815021 (Thread)
4. Managing Windows Event Logs (Thread)
5. Limiting the creation of new files to specific types. (Thread)
6. SP4 instalation failure (Thread)
7. SecurityFocus Microsoft Newsletter #143 (Thread)
8. SP4 installation (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. eTRUST Intrusion Detection
2. InterScan WebProtect
3. PestPatrol
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Secure FTP Bean v2.0.8
2. LibTomMath v0.22
3. John the Ripper v1.6.34(dev)
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Penetration Testing for Web Applications (Part Two)
By Jody Melbourne and David Jorm
The second installment in this series expands upon issues of input
validation - how developers routinely, through a lack of proper input
sanity and validity checking, expose their back-end systems to server-side
code-injection and SQL-injection attacks. It also explores the manner in
which these issues may manifest the client-side as cross-site scripting
and other content-manipulation vulnerabilities.
http://www.securityfocus.com/infocus/1709
2. IDS Correlation of VA Data and IDS Alerts
By Neil Desai
This article discusses the correlation of VA data and IDS alerts to
helpprioritize events and reduce the time it takes to sift through events.
http://www.securityfocus.com/infocus/1708
3. Antivirus Concerns in XP and .NET Environments
by Roger A. Grimes
After Windows NT was released, it took virus writers 5 years to learn how
to infect it. Windows NT 3.1 and the Win32 API were released in late 1993,
but it wasn't until August 1998 that W32.Cabanas became the first NT virus
by capturing coveted kernel mode access. .NET and some of Microsoft's
other initiatives have not been as lucky. The purpose of this article is
to discuss antivirus (AV) concerns with .NET and Microsoft Windows XP.
http://www.securityfocus.com/infocus/1707
4. Promises, Promises
By Mark Rasch
Most online businesses promise they'll protect customer data as if it were
their own. Now the government is holding them to it.
http://www.securityfocus.com/columnists/171
5. The SecurityFocus 4th Anniversary Contest
Enter before July 16th, 2003 to win two passes to the Black Hat Briefings.
Please visit the contest page here:
http://www.securityfocus.com/contest
II. BUGTRAQ SUMMARY
-------------------
1. Microsoft NetMeeting Directory Traversal Vulnerability
BugTraq ID: 7931
Remote: Yes
Date Published: Jul 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7931
Summary:
Microsoft NetMeeting is conferencing software that can be used by two or
more users to participate in audio or video conferences.
NetMeeting is reported to be prone to a directory traversal vulnerability.
This is due to a lack of proper validation of file names in the NetMeeting
File Transfer function.
Files transferred during a NetMeeting session are saved in the Program
Files\NetMeeting\Received Files directory by default. By prepending the
name of the file being transferred with directory traversal character
sequences (..\), the file could be saved in an arbitrary directory. Such
a directory could include the Windows Startup directory or the NetMeeting
installation directory.
It should be noted that an existent file can not be overwritten by
exploiting this issue. Also, a notification is sent to alert the user of
the malicious file transfer, however a choice is not given whether or not
to reject the incoming file.
This vulnerability was reported for NetMeeting 3.01, however, earlier
versions may also be vulnerable.
2. Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
BugTraq ID: 8045
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8045
Summary:
Microsoft has announced the release of Windows 2000 SP4. This service
pack contains security roll-ups for a number of previously reported and
fixed issues. The service pack also contains bugfixes and patches for a
number of new security issues.
These new security issues are both local and remote in nature and may
allow privilege escalation attacks, denial of services or various degrees
of security policy bypass. Symantec is currently undergoing analysis of
these issues and will be releasing individual BIDs describing these
issues, where it is appropriate.
Windows 2000 administrators are advised to apply SP4 as soon as possible
to prevent exploitation of any previously known or new security issues.
3. iXmail iXmail_NetAttach.PHP File Deletion Vulnerability
BugTraq ID: 8046
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8046
Summary:
iXmail is a web-based e-mail system implemented in PHP. It is available
for a variety of platforms including Microsoft Windows and Linux and Unix
variant systems.
A vulnerability has been reported for iXmail that may allow for the
deletion of files. The vulnerability occurs due to insufficient
sanitization of user-supplied input for certain URI parameters.
Specifically, the ixmail_netattach.php script does not sanitize
user-supplied values for the 'file' URI parameter.
An authenticated attacker may be able to exploit this vulnerability by
specifying a filename as the value to the 'file' URI parameter. This will
result in the deletion of the specified file.
Although unconfirmed, it may be possible for an attacker to use '../'
directory traversal sequences to delete arbitrary web-server readable
files.
4. Multiple Opera Denial Of Service Vulnerabilities
BugTraq ID: 8066
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8066
Summary:
Opera has been reported to be prone to five denial of service
vulnerabilities. These issues can be triggered when the browser attempts
to interpret a document with malformed code. If a user of the web browser
visits a web page that contains malformed code designed to trigger one of
these conditions, their browser could freeze up or crash outright. It
should be noted that exploitation of these issues will generally not cause
a prolonged or persistent denial of service as the browser includes
features that allow users to gracefully recover from a crash. If the
browser freezes, this could cause CPU usage to spike to 100% for that
process, which could result in a more serious denial of service condition.
This issue was reported for Opera on Microsoft Windows platforms. It is
not known if other releases are affected.
These issues are pending further analysis and will be assigned separate
BIDs with more specific details when analysis is completed.
5. Verity K2 Toolkit Query Builder Search Script Cross-Site Scripting Vulnerability
BugTraq ID: 8074
Remote: Yes
Date Published: Jul 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8074
Summary:
The K2 Toolkit is a web application infrastructure distributed by Verity.
It is available for the Unix, Linux, and Microsoft Windows platforms.
It has been reported that the K2 Toolkit does not sufficiently sanitize
input by users. Because of this, it may be possible for an attacker to
launch an attack that results in the execution of web code in the browsers
of users that have loaded a malicious link created by the attacker.
The problem is in the filtering of input from URI parameters of the search
script of the query building tool. User-supplied input will be echoed
back without being sufficiently sanitized of HTML or script code. By
passing malicious HTML or script code to the script, it is possible to
render the code in the security context of the site hosting the vulnerable
software. This could lead to the theft of authentication credentials such
as cookies, or other nefarious activities.
6. PABox Password Reset Vulnerability
BugTraq ID: 8067
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8067
Summary:
paBox is a web-application that is written in PHP. It will run on Unix
and Linux variants, as well as Microsoft Windows operating systems.
paBox is prone to an issue that may allow unauthenticated remote users to
reset administrative passwords. This issue is due to insufficient access
validation prior to allow users to perform certain actions. This could
permit unauthorized access to the administrative Control Panel, which may
aid the attacker in further attacks against the underlying system.
7. PABox Admin Control Panel PHP Code Injection Vulnerability
BugTraq ID: 8068
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8068
Summary:
paBox is a web-application that is written in PHP. It will run on Unix
and Linux variants, as well as Microsoft Windows operating systems.
Remote users with access to the administrative Control Panel may be able
to inject malicious PHP code when adding banned users. Banned user
information is stored in the 'bannedusers.php' script. This code could
then be executed, allowing for execution of arbitrary commands in the
context of the web server hosting the software.
Unauthorized remote users may exploit other latent vulnerabilities in the
software to gain access to the administrative console.
8. MoreGroupWare Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 8041
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8041
Summary:
moregroupware is a tool to facilitate office communications. It includes,
among other features, webmail, calendering and project management
functionality. It is implemented in PHP and is available for a variety of
platforms including Microsoft Windows and Linux and Unix variant operating
environments.
Several cross-site scripting vulnerabilities have been reported for
moregroupware. The vulnerability exists due to insufficient sanitization
of user-supplied data.
An attacker could exploit these issues by enticing a web user to a
malicious link which contains hostile HTML or script code. The hostile
code may be rendered in the user's browser when the user follows the link.
Exploitation could permit an attacker to steal cookie-based authentication
credentials or launch other attacks.
This vulnerability was reported for moregroupware 0.6.7. Earlier versions
may be affected.
9. iXmail Arbitrary File Upload Vulnerability
BugTraq ID: 8048
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8048
Summary:
iXmail is a web-based e-mail system implemented in PHP. It is available
for a variety of platforms including Microsoft Windows and Linux and Unix
variant systems.
When an attacker makes a request to the iXmail ixmail_attach.php script
the $attach1 and $attach1_name variables define the location of data and
the name of a PHP file respectively. The PHP file is stored within the
/tmp directory of the established web root.
iXmail has been reported prone to an arbitrary file upload vulnerability.
The problem is said to occur due to insufficient sanitization of the
user-supplied $attach1 URI parameter.
An authenticated attacker could exploit this vulnerability by supplying a
remote file, containing malicious PHP commands, as the $attach1 parameter.
This will result in the PHP commands being stored within the /tmp
directory, using the naming convention of the attacker-supplied
$attach1_name parameter. By supplying a name with a PHP extension, an
attacker could effectively execute arbitrary PHP code on the remote system
by making a request for the newly created script file.
10. VisNetic Website Path Disclosure Vulnerability
BugTraq ID: 8075
Remote: Yes
Date Published: Jul 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8075
Summary:
VisNetic Website is web server that supports multiple domains, and allows
TLS/SSL secured domains. It is available for the Microsoft Windows
operating system.
VisNetic Website has been reported prone to a path disclosure
vulnerability.
It has been reported that a remote attacker may make a HTTP request for a
CGI resource that does not exist and in doing so trigger an error. The
resulting error message will disclose potentially sensitive installation
path information to the remote attacker.
Information gathered in this way could be used to aid in further attacks
launched against the affected system.
It should be noted that this vulnerability has been reported to affect
VisNetic Website 3.5 Service release 17, prior versions are also likely
affected.
11. Marbry Software FTPServer/X Controls Server Response Buffer Overflow Vulnerability
BugTraq ID: 8040
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8040
Summary:
Marbry Software FTPServer/X is an ActiveX Control and COM Object, designed
to be incorporated into FTP server software for Microsoft Windows
platforms.
FTPServer/X control has been reported prone to a buffer overflow
vulnerability when processing server responses of excessive length.
The issue presents itself, likely due to a lack of sufficient bounds
checking performed by wsprintf() when copying attacker-supplied data into
an internal memory buffer. The data contained in this buffer, under normal
circumstances, is transmitted to the remote user as a part of an FTP
server status response message.
A remote attacker may supply a string of excessive length as a username
(>=1017 bytes) during the authentication process, or may simply supply a
malicious command of excessive length (>=1022 bytes) during an authorized
FTP session. When the malicious string is copied into a fixed internal
memory buffer, data that exceeds the size of the assigned buffer will
overrun its bounds and corrupt adjacent memory. It has been reported that
memory adjacent to the affected buffer contains pointers and a saved
return address, both of which are crucial to the control of program
execution flow. It is therefore likely that an attacker may exploit this
condition to seize control of the vulnerable FTP server, and have
arbitrary operation codes executed in the context of the user that is
running the server. A remote attacker may also exploit this condition to
trigger a persistent denial of service condition for legitimate FTP users;
the server would require a restart to resume normal functionality.
It should be noted that any software that implements the Marbry Software
FTPServer/X control, is likely affected by this vulnerability. It has been
confirmed that this control is in use by Mollensoft(Hyperion) FTP Server.
This issue is related to BID 7307 and possibly BID 6345.
12. MoreGroupWare Arbitrary File Upload Vulnerability
BugTraq ID: 8043
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8043
Summary:
moregroupware is a tool to facilitate office communications. It includes,
among other features, webmail, calendering and project management
functionality. It is implemented in PHP and is available for a variety of
platforms including Microsoft Windows and Linux and Unix variant operating
environments.
A vulnerability has been reported for moregroupware that may make it
possible for a remote attacker to upload files to a vulnerable system. The
vulnerability may be likely due to insufficient permissions on the
'modules/files/store/' folder of the moregroupware installation.
It is not clear where the specific vulnerable component of moregroupware
lies. However, because of the problem, it may be possible for an attacker
to upload and overwrite files with the privileges of the web server
process. This could result in data corruption, or other potentially
malicious activities.
This vulnerability was reported to affect moregroupware 0.6.7.
13. iXmail Index.PHP Authentication Bypass SQL Injection Vulnerability
BugTraq ID: 8047
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8047
Summary:
iXmail is a web-based e-mail system implemented in PHP. It is available
for a variety of platforms including Microsoft Windows and Linux and Unix
variant systems.
iXmail Index.PHP script has been reported prone to an SQL Injection
Vulnerability.
The issue presents itself, when some criteria are met. If
'magic_quotes_gpc' is set as 'off' in the 'php.ini' configuration file, a
remote user may inject arbitrary SQL code via the 'username' URI parameter
to bypass the iXmail authentication procedure. It has also been
demonstrated that this vulnerability may be exploited to disclose all of
the fields of the table 'db_authtable' to a remote attacker.
It may also be possible, depending on the database implementation and
other factors, to launch attacks against the underlying database. This
could result in disclosure of sensitive information or other consequences.
14. WebBBS Guestbook HTML Injection Vulnerability
BugTraq ID: 8052
Remote: Yes
Date Published: Jun 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8052
Summary:
WebBBS Pro is a web-based BBS system designed to run in Microsoft Windows
environments. WebBBS Pro is shipped with a web server component.
A HTML injection vulnerability has been reported for WebBBS. The
vulnerability exists as a result of insufficient sanitization of
user-supplied data.
An attacker may exploit this issue to inject malicious HTML code into
WebBBS guestbook entries. The hostile code may be rendered in the user's
browser when the user views the entry.
Exploitation could permit an attacker to steal cookie-based authentication
credentials or launch other attacks.
15. ImageMagick Temporary File Creation Vulnerability
BugTraq ID: 8057
Remote: No
Date Published: Jun 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8057
Summary:
ImageMagick is an image manipulation program. It is available for a
variety of platforms including Microsoft Windows and Unix and Linux
variant operating systems.
ImageMagick has been reported prone to an insecure temporary file creation
vulnerability. As a result, it may be possible for local attackers to
corrupt files owned by the user who is invoking the ImageMagick
application.
An attacker could potentially exploit this issue by creating a symbolic
link in place of the temporary file, which is created. Any actions
performed by ImageMagick when it is executed will be performed on the
linked file.
16. CutePHP CuteNews HTML Injection Vulnerability
BugTraq ID: 8060
Remote: Yes
Date Published: Jun 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8060
Summary:
CutePHP is a web-based bulletin board system. It is implemented in PHP and
is available for a variety of platforms including Microsoft Windows and
Unix and Linux variant operating environments.
CutePHP is prone to HTML injection attacks. The vulnerability exists due
to insufficient sanitization of user-supplied input. Specifically,
user-supplied input to news posts are not sufficiently sanitized of
malicious HTML code.
An attacker can exploit this vulnerability by adding HTML code within
IFRAME tags. The hostile code may be rendered in the user's browser when
the user views the entry.
Exploitation could permit an attacker to steal cookie-based authentication
credentials or launch other attacks.
17. Abyss Web Server HTTP GET Heap Overrun Vulnerability
BugTraq ID: 8062
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8062
Summary:
Abyss Web Server is a freely available personal web server. It is
maintained by Aprelium Technologies and runs on Microsoft Windows
operating systems, as well as Linux.
Abyss Web Server is prone to a remotely exploitable heap overrun. This is
due to insufficient bounds checking of data supplied via client HTTP GET
requests which is used in a strcpy() operation. By submitting an HTTP GET
request in excess of 2048 bytes, it will be possible to trigger this
condition. It should be noted that the ':\' characters must be appended
to the end of the request. This will permit remote attackers to corrupt
adjacent regions of heap memory with attacker-supplied values.
This condition could be exploited to execute arbitrary code with the
privileges of the web server.
This issue is reported to affect Abyss Web Server 1.1.2. Later versions,
such as 1.1.4 and 1.1.5 may be similarly affected, though this has not
been confirmed.
18. Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
BugTraq ID: 8063
Remote: No
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8063
Summary:
Microsoft Commerce Server 2002 is a web server product geared towards
building e-commerce websites.
Microsoft Commerce Server 2002 installs a registry key with weak default
permissions when configured to authenticate via SQL Server. The following
registry key is installed with read privileges for the users group:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce Server
Encoded database authentication credentials are stored under "ADMINDBPS".
Attackers with interactive access to a system hosting the vulnerable
software could gain access to encoded database credentials by perusing the
registry. Credentials could also be retrieved via Open Commerce Server
Manager. This information could be exploited to compromise the database.
This issue is reported to affect Microsoft Commerce Server 2002. It is
not known if Microsoft Commerce Server 2000 is similarly affected.
19. Abyss Web Server HTTP Header Injection Vulnerability
BugTraq ID: 8064
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8064
Summary:
Abyss Web Server is a freely available personal web server. It is
maintained by Aprelium Technologies and runs on Microsoft Windows
operating systems, as well as Linux.
Abyss Web Server is prone to a vulnerability that could permit attackers
to inject malicious data into server response headers. HTTP GET requests
ending with ':\' characters will cause the server to return a HTTP 302
response to the client, which includes the requested URI in the Location:
header field of the server response. User input is not sufficiently
sanitized from this header field in the response. An attacker could cause
malicious data such as HTML and script code to be included in the server
response. It will also be possible be append additional HTTP header
fields to the server response.
This could be exploited to launch cross-site scripting attacks. The
attacker can also append arbitrary HTTP header information to the server
response, which could permit cookie values to be set or spoofed header
field data.
This issue is reported to affect Abyss Web Server 1.1.2. Later versions,
such as 1.1.4 and 1.1.5 may be similarly affected, though this has not
been confirmed.
IV. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. How to block users from installing other apps (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327838
2. SP4 installation failure (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327805
3. Q811114 and Q815021 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327788
4. Managing Windows Event Logs (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327532
5. Limiting the creation of new files to specific types. (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327363
6. SP4 instalation failure (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327307
7. SecurityFocus Microsoft Newsletter #143 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327282
8. SP4 installation (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/327203
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. 1. eTRUST Intrusion Detection
by Computer Associates International, Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT
Relevant URL:
http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/
Summary:
eTrust Intrusion Detection delivers network protection including
protection against the deployment and execution of Distributed Denial of
Service attacks ? an essential capability at a time when networks are
susceptible to an increasingly sophisticated array of attacks. A truly
comprehensive solution, eTrust Intrusion Detection includes an integrated
anti-virus engine with automatic signature updates. This powerful solution
takes the "detect, alert, prevent" approach to safeguarding your network ?
providing realtime, non-intrusive detection, policy-based alerts, and
automatic prevention.
2. InterScan WebProtect
by TrendMicro
Platforms: Windows NT
Relevant URL:
http://www.antivirus.com/products/iswp/index.htm
Summary:
The Proxy Server Anti-Virus Solution. Real-Time protection for Microsoft
Proxy Server Scans for viruses and malicious code Optionally blocks known
malicious code JAVA Applets and ActiveX Objects.
3. PestPatrol
by PestPatrol, Inc
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.safersite.com/pestpatrol/pestpatrol.asp
Summary:
PestPatrol detects and removes non-viral malicious code - trojans, remote
administration tools, spyware, hacker tools - that can be as damaging to
your business as a serious virus attack. PestPatrol complements
anti-virus, firewall, and IDS solutions, integrating seamlessly into
existing security infrastructures. Whether the threat comes from outside
or inside your organization, PestPatrol should be part of your security
toolkit.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
-------------------------------------
1. Secure FTP Bean v2.0.8
by glub
Relevant URL:
http://www.glub.com/products/bean/
Platforms: Os Independent
Summary:
The Secure FTP Bean allows FTP connections to be made over SSL, including
both implicit and explicit SSL connections, and passive and active data
transfers with or without encryption.
2. LibTomMath v0.22
by Tom St Denis tomstdenis (at) iahu (dot) ca [email concealed]
Relevant URL:
http://math.libtomcrypt.org/
Platforms: Linux, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows
XP
Summary:
LibTomMath provides highly optimized and portable routines for a vast
majority of integer-based number theoretic applications (including public
key cryptography).
3. John the Ripper v1.6.34(dev)
by Solar Designer
Relevant URL:
http://www.openwall.com/john/
Platforms: BeOS, DOS, MacOS, Windows 2000, Windows 95/98, Windows NT
Summary:
John the Ripper is a fast password cracker, currently available for many
flavors of Unix (11 are officially supported, not counting different
architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to
detect weak Unix passwords. It supports several crypt(3) password hash
types which are most commonly found on various Unix flavors, as well as
Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types
are added with contributed patches.
VI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: SpiDynamics
ALERT: "Six steps for testing your applications for SQL Injection Attacks"
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems! Firewalls
and IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* test guide from SPI Dynamics to check for
SQL Injection vulnerabilities.
Visit us at:
http://www.securityfocus.com/SPIDynamics-ms-secnews5
------------------------------------------------------------------------
---
[ reply ]