SecurityFocus Microsoft Newsletter #184
----------------------------------------
This Issue is Sponsored by: Check Point
Worm attacks got your Microsoft applications down? Download our
Technology Brief today and learn how Check Point can protect your
Microsoft environment from any threat.
CLICK HERE now to learn more:
http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_040412
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Forensic Analysis of a Live Linux System, Part Two
2. Witty Extinction
II. MICROSOFT VULNERABILITY SUMMARY
1. HAHTsite Scenario Server Project File Name Buffer Overrun Vu...
2. MondoSoft MondoSearch Multiple Vulnerabilities
3. Macromedia Dreamweaver Remote User Database Access Vulnerabi...
4. SGI IRIX ftpd Multiple Denial Of Service Vulnerabilities
5. eMule Remote Buffer Overflow Vulnerability
6. FTE Multiple Local Unspecified Buffer Overflow Vulnerabiliti...
7. Context Texutil Insecure Temporary Log File Vulnerability
8. Microsoft SharePoint Portal Server Unspecified Cross-Site Sc...
9. OpenBB MyHome.PHP SQL Injection Vulnerability
10. NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerabili...
11. ADA IMGSVR GET Request Buffer Overflow Vulnerability
12. ADA IMGSVR Directory Traversal Vulnerability
13. Pan Vision IGI-2 Covert Strike Remote Format String Vulnerab...
14. Microsoft Internet Explorer MSWebDVD Object Denial of Servic...
15. Microsoft Internet Explorer Macromedia Flash Player Plug-in ...
16. Floosietek FTGate Mail Server Multiple Input Validation Vuln...
17. Floosietek FTGate Mail Server Path Disclosure Vulnerability
18. Adobe Photoshop COM Objects Denial of Service Vulnerability
19. Symantec Security Check Virus Detection COM Object Denial Of...
20. RealNetworks RealOne Player/RealPlayer Remote R3T File Stack...
21. Microsoft Internet Explorer Remote IFRAME Denial Of Service ...
22. Kerio Personal Firewall Web Filtering Remote Denial Of Servi...
III. MICROSOFT FOCUS LIST SUMMARY
1. SNMP authentication (Thread)
2. SMTP authentication (Thread)
3. SunONE Messaging (JES) & Exchange 2003 (Thread)
4. SecurityFocus Microsoft Newsletter #183 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Norton Internet Security 2004
2. East-Tec Eraser 2004
3. Steganos Security Suite 6
4. Airscanner Mobile AntiVirus Pro
5. Symantec?s Norton Internet Security 2004 Professional
6. secure2trust
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Telconi Terminal for Cisco IOS v0.6a
2. UnlimitedFTP.Secure v2.8.1
3. PGP Java API v2.0
4. Enigmail v0.83.6
5. jayaCard v0.6a
6. WinBlox v6.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Forensic Analysis of a Live Linux System, Part Two
By Mariusz Burdach
This article is the second of a two-part series that provides step-by-step
instructions for forensics of a live Linux system that has been recently
compromised.
http://www.securityfocus.com/infocus/1773
2. Witty Extinction
By Kelly Martin
The Witty worm set a dangerous precedent on the Internet because it
introduced a number of evil new "firsts" in the ever-changing world of
modern worms and viruses.
http://www.securityfocus.com/columnists/232
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. HAHTsite Scenario Server Project File Name Buffer Overrun Vu...
BugTraq ID: 10033
Remote: Yes
Date Published: Apr 02 2004
Relevant URL: http://www.securityfocus.com/bid/10033
Summary:
HAHTsite Scenario Server is reported to be prone to a remotely exploitable buffer overrun vulnerability.
The issue may be triggered by submitting an HTTP GET request to the vulnerable server component that specifies overly long project file name parameters. hsrun.exe is name of the vulnerable component on Microsoft Windows platforms. This could be exploited to execute arbitrary code in the context of the server.
This issue is reported to affect HAHTsite Scenario Server 5.1 on Windows, Solaris and Linux platforms. The name of the vulnerable component will likely be different depending on the hosting platform.
2. MondoSoft MondoSearch Multiple Vulnerabilities
BugTraq ID: 10034
Remote: Yes
Date Published: Apr 02 2004
Relevant URL: http://www.securityfocus.com/bid/10034
Summary:
Multiple vulnerabilities have been identified in the MondoSearch application that may allow an attacker to use a vulnerable host as a proxy to access third party web sites, cause denial of service conditions and disclose sensitive information.
3. Macromedia Dreamweaver Remote User Database Access Vulnerabi...
BugTraq ID: 10036
Remote: Yes
Date Published: Apr 02 2004
Relevant URL: http://www.securityfocus.com/bid/10036
Summary:
A vulnerability that may allow remote users to gain unauthorized access to web application databases has been reported to affect Dreamweaver when configured to access a remote database. This issue is due to a configuration error that allows remote users to access web based database interface scripts.
This issue may be leveraged to allow a remote attacker to gain privileged access to the affected database through the Dreamweaver application. This may allow for the corruption or disclosure of sensitive data, other attacks may be possible as well.
4. SGI IRIX ftpd Multiple Denial Of Service Vulnerabilities
BugTraq ID: 10037
Remote: Yes
Date Published: Apr 02 2004
Relevant URL: http://www.securityfocus.com/bid/10037
Summary:
The FTP server included with SGI IRIX is vulnerable to multiple denial of service vulnerabilities.
The first issue is reported to affect the IRIX ftpd process when links between Microsoft Windows 2000 are made. The second issue affects the ftpd process with certain mode configurations.
These issues may allow a malicious user to cause the affected server process to hang or crash, effectively denying service to legitimate users.
5. eMule Remote Buffer Overflow Vulnerability
BugTraq ID: 10039
Remote: Yes
Date Published: Apr 03 2004
Relevant URL: http://www.securityfocus.com/bid/10039
Summary:
eMule is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly validate buffer boundaries during memory copy operations.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
6. FTE Multiple Local Unspecified Buffer Overflow Vulnerabiliti...
BugTraq ID: 10041
Remote: No
Date Published: Apr 04 2004
Relevant URL: http://www.securityfocus.com/bid/10041
Summary:
It has been reported that vfte is prone to multiple unspecified buffer overflow vulnerabilities. These issues are due to a failure of the application to verify buffer boundaries while processing user supplied input.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with root privileges, as this application is setuid root.
7. Context Texutil Insecure Temporary Log File Vulnerability
BugTraq ID: 10042
Remote: No
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10042
Summary:
The ConTeXt TeXUtil program creates log files in an insecure manner when invoked with the '--silent' command line option. This could allow a malicious local user to launch a symbolic link attack when such a file is created. This could cause attacker-specified files that are writeable by the user invoking the utility to be corrupted.
8. Microsoft SharePoint Portal Server Unspecified Cross-Site Sc...
BugTraq ID: 10043
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10043
Summary:
It has been reported that SharePoint Portal Server may be affected by multiple unspecified cross-site scripting vulnerabilities that could allow an attacker to execute arbitrary HTML or script code in a victim user's browser. These issues allow for theft of cookie-based authentication credentials or other attacks.
Microsoft has released SharePoint Portal Server 2001 Service Pack 3 to address these issues. All prior versions of the server are assumed to be prone to these vulnerabilities. It is not known if later releases, such as Microsoft SharePoint Portal Server 2003, are affected by these issues.
9. OpenBB MyHome.PHP SQL Injection Vulnerability
BugTraq ID: 10044
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10044
Summary:
It has been reported that OpenBB is prone to a vulnerability that may allow malicious users to influence SQL queries of the affected application. This issue is due to a failure of the application to properly sanitize user-supplied URI data.
This may allow a remote attacker to manipulate query logic, potentially leading to access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
10. NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerabili...
BugTraq ID: 10045
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10045
Summary:
It has been reported that the Winamp 'in_mod.dll' plug-in is prone to a heap overflow vulnerability that may allow a remote attacker to cause the application to crash or possibly execute arbitrary code in order to gain unuauthorized access. The issue is reported to present itself due to insufficient boundary checks performed by the affected plug-in.
Winamp versions 2.91 to 5.02 are reported to be prone to this issue. Older versions may be affected as well.
11. ADA IMGSVR GET Request Buffer Overflow Vulnerability
BugTraq ID: 10046
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10046
Summary:
A vulnerability has been reported in ImgSvr that may allow a remote attacker to corrupt local process memory, potentially leading to arbitrary code execution. This issue is due to a failure of the application to properly validate the size of user supplied HTTP requests.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
12. ADA IMGSVR Directory Traversal Vulnerability
BugTraq ID: 10048
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10048
Summary:
Reportedly ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue is due to a failure of the application to properly sanitize user-supplied URI data.
Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information that may be used to launch further attacks against a vulnerable system.
13. Pan Vision IGI-2 Covert Strike Remote Format String Vulnerab...
BugTraq ID: 10053
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10053
Summary:
Reportedly IGI-2 Covert Strike is prone to a remote format string vulnerability. This issue is due to a failure to properly implement a formatted printing function.
This issue may be leverage to cause a denial of service condition in the affected server. Furthermore, this issue may be leveraged to execute arbitrary code within the security context of the affected process, potentially leading to unauthorized access to the system.
14. Microsoft Internet Explorer MSWebDVD Object Denial of Servic...
BugTraq ID: 10056
Remote: Yes
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10056
Summary:
It has been reported that Internet Explorer may be prone to a denial of service vulnerability that may allow remote attackers to cause the browser to crash. The issue exists in the 'MSWebDVD' Object. An attacker may cause a denial of service condition in an instance of Internet Explorer by evoking the method through a malicious site and sending an excessive string value (about 255 characters) in the following manner:
object.AcceptParentalLevelChange (boolean value),UserName as string,Password
as string
Internet Explorer running in Windows XP has been reported to be affected by this issue, however, it is possible that other versions are affected as well.
Due to the nature of this issue, it has been conjectured that this vulnerability may be leveraged to execute arbitrary code. This has not been confirmed at the moment.
15. Microsoft Internet Explorer Macromedia Flash Player Plug-in ...
BugTraq ID: 10057
Remote: Yes
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10057
Summary:
It has been reported that Macromedia Flash Player for Internet Explorer may be prone to a denial of service vulnerability that may cause an instance of Internet Explorer to crash. The issue is reported to exist in the 'LoadMovie' function by calling the function and loading a flash movie into a non-zero level in the following manner:
LoadMovie 1,"c6ool.swf"
This vulnerability is reported to be tested in Flash Player 7.0 r19 running on WindowsXP Professional SP1 and SP2.
16. Floosietek FTGate Mail Server Multiple Input Validation Vuln...
BugTraq ID: 10058
Remote: Yes
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10058
Summary:
It has been reported that FTGate is prone to multiple remote input validation vulnerabilities; a cross-site scripting issue and an HTML injection vulnerability. These issues are due to a failure of the application to properly sanitize user supplied input before using it in dynamic web content.
The cross-site scripting issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
An attacker may exploit the HTML injection vulnerability to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.
17. Floosietek FTGate Mail Server Path Disclosure Vulnerability
BugTraq ID: 10059
Remote: Yes
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10059
Summary:
It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path.
These issues may be leveraged to gain sensitive information about the affected system potentially aiding an attacker in mounting further attacks.
18. Adobe Photoshop COM Objects Denial of Service Vulnerability
BugTraq ID: 10061
Remote: Yes
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10061
Summary:
It has been reported that Adobe Photoshop may be prone to a denial of service vulnerability that may crash an instance of Internet Explorer. An attacker can exploit this issue by creating a script that attempts to create a COM object and enticing a user to execute the script in their browser. When the user executes the script via Internet Explorer, the Internet Explorer window hangs leading to a denial of service in the browser.
Adobe Photoshop 8.0 is reported to be prone to this issue, however, it is possible that other versions are affected as well.
19. Symantec Security Check Virus Detection COM Object Denial Of...
BugTraq ID: 10069
Remote: Yes
Date Published: Apr 07 2004
Relevant URL: http://www.securityfocus.com/bid/10069
Summary:
Symantec Virus Detection is a web based service that detects viruses and trojan horses. It is a freely available service that can be run via Microsoft Internet Explorer, Netscape Communicator or Apple Safari web browsers. The Symantec.SymVAFileQuery.1 is a COM object used by the service that is installed on a system only when the user of that system navigates to the Symantec Virus Detection site and initiates virus detection.
It has been reported that the Symantec Virus Detection Symantec.SymVAFileQuery.1 COM object is prone to a denial of service vulnerability. When the object is invoked with excessive data, the browser will crash.
Successful exploitation would immediately produce a denial of service condition in the affected browser. Although initially reported as a buffer overflow, this issue does not appear to present any threat of remote code execution.
It should be noted that the vulnerable object may not be invoked from scripts outside of the Symantec domain, however, vulnerabilities that permit malicious content to be executed in the context of the domain (such as HTML injection or cross-site scripting vulnerabilities as well as web browser security model issues) may still permit exploitation of this issue.
20. RealNetworks RealOne Player/RealPlayer Remote R3T File Stack...
BugTraq ID: 10070
Remote: Yes
Date Published: Apr 07 2004
Relevant URL: http://www.securityfocus.com/bid/10070
Summary:
It has been reported that RealOne Player and RealPlayer are prone to a remote stack-based buffer overflow vulnerability. The issue is exposed when the software processes a malformed .R3T file. This issue is due to a failure of the application to properly validate string boundaries when copying user supplied input into finite buffers.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application.
21. Microsoft Internet Explorer Remote IFRAME Denial Of Service ...
BugTraq ID: 10073
Remote: Yes
Date Published: Apr 07 2004
Relevant URL: http://www.securityfocus.com/bid/10073
Summary:
A denial of service vulnerability has been reported to affect Internet Explorer. The issue is reported to present itself when Internet Explorer attempts to render IFRAME HTML tags that contain an invalid source argument.
A remote attacker may exploit this vulnerability to cause the running instance of Internet Explorer to crash.
22. Kerio Personal Firewall Web Filtering Remote Denial Of Servi...
BugTraq ID: 10075
Remote: Yes
Date Published: Apr 07 2004
Relevant URL: http://www.securityfocus.com/bid/10075
Summary:
Kerio Personal Firewall includes Web URI Filtering functionality. A denial of service vulnerability has been reported to affect Kerio Personal Firewall when Web Filtering functionality is enabled. The issue presents itself when Web Filtering procedures handle a URI that contains certain characters.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SNMP authentication (Thread)
Relevant URL:
4. SecurityFocus Microsoft Newsletter #183 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359655
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Norton Internet Security 2004
By: Symantec
Platforms: Windows 95/98
Relevant URL: http://www.symantec.com/sabu/nis/nis_pe/
Summary:
Symantec's Norton Internet Security 2004 provides essential protection from viruses, hackers, and privacy threats. Powerful yet easy to use, this award-winning suite now includes advanced spam-fighting software to filter unwanted mail out of your inbox. Protect yourself, your family, and your PC online with Norton Internet Security 2004.
2. East-Tec Eraser 2004
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate sensitive data from your computer and protect your computer and Internet privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now means wiping its contents beyond recovery, scrambling its name and dates and finally removing it from disk. When you want to get rid of sensitive files or folders beyond recovery, add them to the Eraser list of doomed files and ask Eraser to do the job. Eraser offers tight integration with the Windows shell, so you can drag files and folders from Explorer and drop them in Eraser, or you can erase them directly from Explorer by selecting Erase beyond recovery from the context menu.
3. Steganos Security Suite 6
By: Steganos
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.steganos.com/?product=SSS6&language=en
Summary:
With Steganos Data Safe, Internet Trace Destructor 6.5, Password Manager, steganography function, E-Mail-Encryption, Deep Cleaning Shredder and much more, The Steganos Security Suite has been one of the best-selling encryption products for years and is used by 2 million people worldwide. Only the most modern encryption algorithms, such as the Advanced Encryption Standard (AES) are used. You can now save up to 128 GB* to its four virtual drives in real time - enough space for your film archive, large graphics files and other sensitive data.
4. Airscanner Mobile AntiVirus Pro
By: Airscanner Corp.
Platforms: Windows CE
Relevant URL: http://airscanner.com/downloads/av/av.html
Summary:
Airscanner Mobile AntiVirus Pro will quarantine or eradicate embedded viruses and malware, has fast, optimized scanning speed based on patent pending technology, has automatic, online updates of virus signatures and scanning engine as well as support for PocketPC 2003/Windows Mobile 2003 and easy online updates.
In addition to an accurate virus scanner, Airscanner Mobile AntiVirus includes these powerful tools for debugging Trojan horses:
- Intercept memory resident viruses with an advanced process discovery tool.
- Debug Trojan hacks with an easy-to-use registry viewer.
- Uncover denial of service attacks with a rapid system analyzer.
- Enter your own custom virus signatures (for experts).
- Perform fast, recursive, and flexibly multithreaded filesystem scanning.
5. Symantec?s Norton Internet Security 2004 Professional
By: Symantec
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.symantec.com/smallbiz/nis_pr/
Summary:
Symantec?s Norton Internet Security 2004 Professional protects you and your business from online threats. It eliminates viruses automatically, blocks hackers, safeguards your personal information, fights spam, increases online productivity, recovers lost or damaged files, and thoroughly deletes confidential data you no longer need. Available in 5 and 10-user Small Office Packs.
6. secure2trust
By: Avoco Secure
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
Summary:
secure2trust gives you the power to create documents that remain under your corporate control throughout their entire existence. Even if you allow another party to have a copy of your original document you can be sure that the copy will always have your original controls as part of its properties. The digital rights options which will control printing, copying, viewing, etc give you persistent and secure digital asset protection and intellectual property control. Digital rights mechanisms are the only way to ensure document integrity in a persistent way for both inter and intra company communications.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Telconi Terminal for Cisco IOS v0.6a
By: Stywiz
Relevant URL: http://www.telconi.com/
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Telconi Terminal is an unique network management application with interactive full-screen configuration editing, browsing, help facility support, debugging, and more. It focuses on common Cisco IOS functionality present with any hardware or software configuration, and complements the command line interface with a rich set of features. It is intended for users with knowledge of Cisco IOS, and is designed to work with any IOS-based device, such as routers and switches.
2. UnlimitedFTP.Secure v2.8.1
By: Unlimi-Tech Software Inc.
Relevant URL: http://www.unlimitedftp.ca/uftps/webdemo/index.jsp
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
UnlimitedFTP.Secure is a secure FTP applet that runs in a Web browser. It provides the ability to connect securely to any server that supports the SFTP or FTPS protocols.
3. PGP Java API v2.0
By: CrypTom
Relevant URL: http://www.cryptography.ch/projects/pgpjava
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The PGP Java API provides access to a PGP implementation which is based on PGP 2.3a. The PGP implementation will be compiled as a shared object, which will be accessible to Java via the Java Native Interface (JNI). The PGPi class provides the methods you can use to interact with PGP. All the encrypted / signed files you generate with this API are compatible with PGP 2.6.3i and vice versa. You can use the same keyrings, too.
4. Enigmail v0.83.6
By: Patrick
Relevant URL: http://enigmail.mozdev.org/thunderbird.html
Platforms: Linux, MacOS, POSIX, UNIX, Windows 2000, Windows 3.x, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
Enigmail is a "plugin" for the mail client of Mozilla and Netscape 7.x which allows users to access the authentication and encryption features provided by the popular GnuPG software. Enigmail can encrypt/sign mail when sending, and can decrypt/authenticate received mail. It can also import/export public keys. Enigmail supports both the inline PGP format and the PGP/MIME format, which can be used to encrypt attachments. Enigmail is cross-platform, although binaries are supplied only for a limited number of platforms. Enigmail uses inter-process communication to execute GPG to carry out encryption/authentication.
5. jayaCard v0.6a
By: Gilles Dumortier
Relevant URL: http://www.jayacard.org/
Platforms: Linux, Os Independent, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
jayaCard is a clean-room Secure Contactless Smartcard Multi-Applications Operating System that includes powerful tools such as contactless reader support, a protocol analyser, and a script engine. The supported norms include 7816-3/4/8, 14443, 15693, and x509.
6. WinBlox v6.0
By: liudieyu (at) umbrella (dot) name [email concealed]
Relevant URL: http://umbrella.name/winblox/
Platforms: UNIX, Windows 2000, Windows NT, Windows XP
Summary:
WinBlox monitors file operation and commandline execution on WINNT(Windows 2000 and later) system. Pattern matching in WinBlox is done by Regular Expression to ensure flexiblity.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: Check Point
Worm attacks got your Microsoft applications down? Download our
Technology Brief today and learn how Check Point can protect your
Microsoft environment from any threat.
CLICK HERE now to learn more:
http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_040412
------------------------------------------------------------------------
SecurityFocus Microsoft Newsletter #184
----------------------------------------
This Issue is Sponsored by: Check Point
Worm attacks got your Microsoft applications down? Download our
Technology Brief today and learn how Check Point can protect your
Microsoft environment from any threat.
CLICK HERE now to learn more:
http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_040412
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Forensic Analysis of a Live Linux System, Part Two
2. Witty Extinction
II. MICROSOFT VULNERABILITY SUMMARY
1. HAHTsite Scenario Server Project File Name Buffer Overrun Vu...
2. MondoSoft MondoSearch Multiple Vulnerabilities
3. Macromedia Dreamweaver Remote User Database Access Vulnerabi...
4. SGI IRIX ftpd Multiple Denial Of Service Vulnerabilities
5. eMule Remote Buffer Overflow Vulnerability
6. FTE Multiple Local Unspecified Buffer Overflow Vulnerabiliti...
7. Context Texutil Insecure Temporary Log File Vulnerability
8. Microsoft SharePoint Portal Server Unspecified Cross-Site Sc...
9. OpenBB MyHome.PHP SQL Injection Vulnerability
10. NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerabili...
11. ADA IMGSVR GET Request Buffer Overflow Vulnerability
12. ADA IMGSVR Directory Traversal Vulnerability
13. Pan Vision IGI-2 Covert Strike Remote Format String Vulnerab...
14. Microsoft Internet Explorer MSWebDVD Object Denial of Servic...
15. Microsoft Internet Explorer Macromedia Flash Player Plug-in ...
16. Floosietek FTGate Mail Server Multiple Input Validation Vuln...
17. Floosietek FTGate Mail Server Path Disclosure Vulnerability
18. Adobe Photoshop COM Objects Denial of Service Vulnerability
19. Symantec Security Check Virus Detection COM Object Denial Of...
20. RealNetworks RealOne Player/RealPlayer Remote R3T File Stack...
21. Microsoft Internet Explorer Remote IFRAME Denial Of Service ...
22. Kerio Personal Firewall Web Filtering Remote Denial Of Servi...
III. MICROSOFT FOCUS LIST SUMMARY
1. SNMP authentication (Thread)
2. SMTP authentication (Thread)
3. SunONE Messaging (JES) & Exchange 2003 (Thread)
4. SecurityFocus Microsoft Newsletter #183 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Norton Internet Security 2004
2. East-Tec Eraser 2004
3. Steganos Security Suite 6
4. Airscanner Mobile AntiVirus Pro
5. Symantec?s Norton Internet Security 2004 Professional
6. secure2trust
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Telconi Terminal for Cisco IOS v0.6a
2. UnlimitedFTP.Secure v2.8.1
3. PGP Java API v2.0
4. Enigmail v0.83.6
5. jayaCard v0.6a
6. WinBlox v6.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Forensic Analysis of a Live Linux System, Part Two
By Mariusz Burdach
This article is the second of a two-part series that provides step-by-step
instructions for forensics of a live Linux system that has been recently
compromised.
http://www.securityfocus.com/infocus/1773
2. Witty Extinction
By Kelly Martin
The Witty worm set a dangerous precedent on the Internet because it
introduced a number of evil new "firsts" in the ever-changing world of
modern worms and viruses.
http://www.securityfocus.com/columnists/232
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. HAHTsite Scenario Server Project File Name Buffer Overrun Vu...
BugTraq ID: 10033
Remote: Yes
Date Published: Apr 02 2004
Relevant URL: http://www.securityfocus.com/bid/10033
Summary:
HAHTsite Scenario Server is reported to be prone to a remotely exploitable buffer overrun vulnerability.
The issue may be triggered by submitting an HTTP GET request to the vulnerable server component that specifies overly long project file name parameters. hsrun.exe is name of the vulnerable component on Microsoft Windows platforms. This could be exploited to execute arbitrary code in the context of the server.
This issue is reported to affect HAHTsite Scenario Server 5.1 on Windows, Solaris and Linux platforms. The name of the vulnerable component will likely be different depending on the hosting platform.
2. MondoSoft MondoSearch Multiple Vulnerabilities
BugTraq ID: 10034
Remote: Yes
Date Published: Apr 02 2004
Relevant URL: http://www.securityfocus.com/bid/10034
Summary:
Multiple vulnerabilities have been identified in the MondoSearch application that may allow an attacker to use a vulnerable host as a proxy to access third party web sites, cause denial of service conditions and disclose sensitive information.
3. Macromedia Dreamweaver Remote User Database Access Vulnerabi...
BugTraq ID: 10036
Remote: Yes
Date Published: Apr 02 2004
Relevant URL: http://www.securityfocus.com/bid/10036
Summary:
A vulnerability that may allow remote users to gain unauthorized access to web application databases has been reported to affect Dreamweaver when configured to access a remote database. This issue is due to a configuration error that allows remote users to access web based database interface scripts.
This issue may be leveraged to allow a remote attacker to gain privileged access to the affected database through the Dreamweaver application. This may allow for the corruption or disclosure of sensitive data, other attacks may be possible as well.
4. SGI IRIX ftpd Multiple Denial Of Service Vulnerabilities
BugTraq ID: 10037
Remote: Yes
Date Published: Apr 02 2004
Relevant URL: http://www.securityfocus.com/bid/10037
Summary:
The FTP server included with SGI IRIX is vulnerable to multiple denial of service vulnerabilities.
The first issue is reported to affect the IRIX ftpd process when links between Microsoft Windows 2000 are made. The second issue affects the ftpd process with certain mode configurations.
These issues may allow a malicious user to cause the affected server process to hang or crash, effectively denying service to legitimate users.
5. eMule Remote Buffer Overflow Vulnerability
BugTraq ID: 10039
Remote: Yes
Date Published: Apr 03 2004
Relevant URL: http://www.securityfocus.com/bid/10039
Summary:
eMule is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly validate buffer boundaries during memory copy operations.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
6. FTE Multiple Local Unspecified Buffer Overflow Vulnerabiliti...
BugTraq ID: 10041
Remote: No
Date Published: Apr 04 2004
Relevant URL: http://www.securityfocus.com/bid/10041
Summary:
It has been reported that vfte is prone to multiple unspecified buffer overflow vulnerabilities. These issues are due to a failure of the application to verify buffer boundaries while processing user supplied input.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with root privileges, as this application is setuid root.
7. Context Texutil Insecure Temporary Log File Vulnerability
BugTraq ID: 10042
Remote: No
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10042
Summary:
The ConTeXt TeXUtil program creates log files in an insecure manner when invoked with the '--silent' command line option. This could allow a malicious local user to launch a symbolic link attack when such a file is created. This could cause attacker-specified files that are writeable by the user invoking the utility to be corrupted.
8. Microsoft SharePoint Portal Server Unspecified Cross-Site Sc...
BugTraq ID: 10043
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10043
Summary:
It has been reported that SharePoint Portal Server may be affected by multiple unspecified cross-site scripting vulnerabilities that could allow an attacker to execute arbitrary HTML or script code in a victim user's browser. These issues allow for theft of cookie-based authentication credentials or other attacks.
Microsoft has released SharePoint Portal Server 2001 Service Pack 3 to address these issues. All prior versions of the server are assumed to be prone to these vulnerabilities. It is not known if later releases, such as Microsoft SharePoint Portal Server 2003, are affected by these issues.
9. OpenBB MyHome.PHP SQL Injection Vulnerability
BugTraq ID: 10044
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10044
Summary:
It has been reported that OpenBB is prone to a vulnerability that may allow malicious users to influence SQL queries of the affected application. This issue is due to a failure of the application to properly sanitize user-supplied URI data.
This may allow a remote attacker to manipulate query logic, potentially leading to access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
10. NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerabili...
BugTraq ID: 10045
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10045
Summary:
It has been reported that the Winamp 'in_mod.dll' plug-in is prone to a heap overflow vulnerability that may allow a remote attacker to cause the application to crash or possibly execute arbitrary code in order to gain unuauthorized access. The issue is reported to present itself due to insufficient boundary checks performed by the affected plug-in.
Winamp versions 2.91 to 5.02 are reported to be prone to this issue. Older versions may be affected as well.
11. ADA IMGSVR GET Request Buffer Overflow Vulnerability
BugTraq ID: 10046
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10046
Summary:
A vulnerability has been reported in ImgSvr that may allow a remote attacker to corrupt local process memory, potentially leading to arbitrary code execution. This issue is due to a failure of the application to properly validate the size of user supplied HTTP requests.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.
12. ADA IMGSVR Directory Traversal Vulnerability
BugTraq ID: 10048
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10048
Summary:
Reportedly ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue is due to a failure of the application to properly sanitize user-supplied URI data.
Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information that may be used to launch further attacks against a vulnerable system.
13. Pan Vision IGI-2 Covert Strike Remote Format String Vulnerab...
BugTraq ID: 10053
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10053
Summary:
Reportedly IGI-2 Covert Strike is prone to a remote format string vulnerability. This issue is due to a failure to properly implement a formatted printing function.
This issue may be leverage to cause a denial of service condition in the affected server. Furthermore, this issue may be leveraged to execute arbitrary code within the security context of the affected process, potentially leading to unauthorized access to the system.
14. Microsoft Internet Explorer MSWebDVD Object Denial of Servic...
BugTraq ID: 10056
Remote: Yes
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10056
Summary:
It has been reported that Internet Explorer may be prone to a denial of service vulnerability that may allow remote attackers to cause the browser to crash. The issue exists in the 'MSWebDVD' Object. An attacker may cause a denial of service condition in an instance of Internet Explorer by evoking the method through a malicious site and sending an excessive string value (about 255 characters) in the following manner:
object.AcceptParentalLevelChange (boolean value),UserName as string,Password
as string
Internet Explorer running in Windows XP has been reported to be affected by this issue, however, it is possible that other versions are affected as well.
Due to the nature of this issue, it has been conjectured that this vulnerability may be leveraged to execute arbitrary code. This has not been confirmed at the moment.
15. Microsoft Internet Explorer Macromedia Flash Player Plug-in ...
BugTraq ID: 10057
Remote: Yes
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10057
Summary:
It has been reported that Macromedia Flash Player for Internet Explorer may be prone to a denial of service vulnerability that may cause an instance of Internet Explorer to crash. The issue is reported to exist in the 'LoadMovie' function by calling the function and loading a flash movie into a non-zero level in the following manner:
LoadMovie 1,"c6ool.swf"
This vulnerability is reported to be tested in Flash Player 7.0 r19 running on WindowsXP Professional SP1 and SP2.
16. Floosietek FTGate Mail Server Multiple Input Validation Vuln...
BugTraq ID: 10058
Remote: Yes
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10058
Summary:
It has been reported that FTGate is prone to multiple remote input validation vulnerabilities; a cross-site scripting issue and an HTML injection vulnerability. These issues are due to a failure of the application to properly sanitize user supplied input before using it in dynamic web content.
The cross-site scripting issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
An attacker may exploit the HTML injection vulnerability to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.
17. Floosietek FTGate Mail Server Path Disclosure Vulnerability
BugTraq ID: 10059
Remote: Yes
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10059
Summary:
It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path.
These issues may be leveraged to gain sensitive information about the affected system potentially aiding an attacker in mounting further attacks.
18. Adobe Photoshop COM Objects Denial of Service Vulnerability
BugTraq ID: 10061
Remote: Yes
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10061
Summary:
It has been reported that Adobe Photoshop may be prone to a denial of service vulnerability that may crash an instance of Internet Explorer. An attacker can exploit this issue by creating a script that attempts to create a COM object and enticing a user to execute the script in their browser. When the user executes the script via Internet Explorer, the Internet Explorer window hangs leading to a denial of service in the browser.
Adobe Photoshop 8.0 is reported to be prone to this issue, however, it is possible that other versions are affected as well.
19. Symantec Security Check Virus Detection COM Object Denial Of...
BugTraq ID: 10069
Remote: Yes
Date Published: Apr 07 2004
Relevant URL: http://www.securityfocus.com/bid/10069
Summary:
Symantec Virus Detection is a web based service that detects viruses and trojan horses. It is a freely available service that can be run via Microsoft Internet Explorer, Netscape Communicator or Apple Safari web browsers. The Symantec.SymVAFileQuery.1 is a COM object used by the service that is installed on a system only when the user of that system navigates to the Symantec Virus Detection site and initiates virus detection.
It has been reported that the Symantec Virus Detection Symantec.SymVAFileQuery.1 COM object is prone to a denial of service vulnerability. When the object is invoked with excessive data, the browser will crash.
Successful exploitation would immediately produce a denial of service condition in the affected browser. Although initially reported as a buffer overflow, this issue does not appear to present any threat of remote code execution.
It should be noted that the vulnerable object may not be invoked from scripts outside of the Symantec domain, however, vulnerabilities that permit malicious content to be executed in the context of the domain (such as HTML injection or cross-site scripting vulnerabilities as well as web browser security model issues) may still permit exploitation of this issue.
20. RealNetworks RealOne Player/RealPlayer Remote R3T File Stack...
BugTraq ID: 10070
Remote: Yes
Date Published: Apr 07 2004
Relevant URL: http://www.securityfocus.com/bid/10070
Summary:
It has been reported that RealOne Player and RealPlayer are prone to a remote stack-based buffer overflow vulnerability. The issue is exposed when the software processes a malformed .R3T file. This issue is due to a failure of the application to properly validate string boundaries when copying user supplied input into finite buffers.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application.
21. Microsoft Internet Explorer Remote IFRAME Denial Of Service ...
BugTraq ID: 10073
Remote: Yes
Date Published: Apr 07 2004
Relevant URL: http://www.securityfocus.com/bid/10073
Summary:
A denial of service vulnerability has been reported to affect Internet Explorer. The issue is reported to present itself when Internet Explorer attempts to render IFRAME HTML tags that contain an invalid source argument.
A remote attacker may exploit this vulnerability to cause the running instance of Internet Explorer to crash.
22. Kerio Personal Firewall Web Filtering Remote Denial Of Servi...
BugTraq ID: 10075
Remote: Yes
Date Published: Apr 07 2004
Relevant URL: http://www.securityfocus.com/bid/10075
Summary:
Kerio Personal Firewall includes Web URI Filtering functionality. A denial of service vulnerability has been reported to affect Kerio Personal Firewall when Web Filtering functionality is enabled. The issue presents itself when Web Filtering procedures handle a URI that contains certain characters.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SNMP authentication (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/360094
2. SMTP authentication (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/360083
3. SunONE Messaging (JES) & Exchange 2003 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359820
4. SecurityFocus Microsoft Newsletter #183 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359655
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Norton Internet Security 2004
By: Symantec
Platforms: Windows 95/98
Relevant URL: http://www.symantec.com/sabu/nis/nis_pe/
Summary:
Symantec's Norton Internet Security 2004 provides essential protection from viruses, hackers, and privacy threats. Powerful yet easy to use, this award-winning suite now includes advanced spam-fighting software to filter unwanted mail out of your inbox. Protect yourself, your family, and your PC online with Norton Internet Security 2004.
2. East-Tec Eraser 2004
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate sensitive data from your computer and protect your computer and Internet privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now means wiping its contents beyond recovery, scrambling its name and dates and finally removing it from disk. When you want to get rid of sensitive files or folders beyond recovery, add them to the Eraser list of doomed files and ask Eraser to do the job. Eraser offers tight integration with the Windows shell, so you can drag files and folders from Explorer and drop them in Eraser, or you can erase them directly from Explorer by selecting Erase beyond recovery from the context menu.
3. Steganos Security Suite 6
By: Steganos
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.steganos.com/?product=SSS6&language=en
Summary:
With Steganos Data Safe, Internet Trace Destructor 6.5, Password Manager, steganography function, E-Mail-Encryption, Deep Cleaning Shredder and much more, The Steganos Security Suite has been one of the best-selling encryption products for years and is used by 2 million people worldwide. Only the most modern encryption algorithms, such as the Advanced Encryption Standard (AES) are used. You can now save up to 128 GB* to its four virtual drives in real time - enough space for your film archive, large graphics files and other sensitive data.
4. Airscanner Mobile AntiVirus Pro
By: Airscanner Corp.
Platforms: Windows CE
Relevant URL: http://airscanner.com/downloads/av/av.html
Summary:
Airscanner Mobile AntiVirus Pro will quarantine or eradicate embedded viruses and malware, has fast, optimized scanning speed based on patent pending technology, has automatic, online updates of virus signatures and scanning engine as well as support for PocketPC 2003/Windows Mobile 2003 and easy online updates.
In addition to an accurate virus scanner, Airscanner Mobile AntiVirus includes these powerful tools for debugging Trojan horses:
- Intercept memory resident viruses with an advanced process discovery tool.
- Debug Trojan hacks with an easy-to-use registry viewer.
- Uncover denial of service attacks with a rapid system analyzer.
- Enter your own custom virus signatures (for experts).
- Perform fast, recursive, and flexibly multithreaded filesystem scanning.
5. Symantec?s Norton Internet Security 2004 Professional
By: Symantec
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.symantec.com/smallbiz/nis_pr/
Summary:
Symantec?s Norton Internet Security 2004 Professional protects you and your business from online threats. It eliminates viruses automatically, blocks hackers, safeguards your personal information, fights spam, increases online productivity, recovers lost or damaged files, and thoroughly deletes confidential data you no longer need. Available in 5 and 10-user Small Office Packs.
6. secure2trust
By: Avoco Secure
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
Summary:
secure2trust gives you the power to create documents that remain under your corporate control throughout their entire existence. Even if you allow another party to have a copy of your original document you can be sure that the copy will always have your original controls as part of its properties. The digital rights options which will control printing, copying, viewing, etc give you persistent and secure digital asset protection and intellectual property control. Digital rights mechanisms are the only way to ensure document integrity in a persistent way for both inter and intra company communications.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Telconi Terminal for Cisco IOS v0.6a
By: Stywiz
Relevant URL: http://www.telconi.com/
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Telconi Terminal is an unique network management application with interactive full-screen configuration editing, browsing, help facility support, debugging, and more. It focuses on common Cisco IOS functionality present with any hardware or software configuration, and complements the command line interface with a rich set of features. It is intended for users with knowledge of Cisco IOS, and is designed to work with any IOS-based device, such as routers and switches.
2. UnlimitedFTP.Secure v2.8.1
By: Unlimi-Tech Software Inc.
Relevant URL: http://www.unlimitedftp.ca/uftps/webdemo/index.jsp
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
UnlimitedFTP.Secure is a secure FTP applet that runs in a Web browser. It provides the ability to connect securely to any server that supports the SFTP or FTPS protocols.
3. PGP Java API v2.0
By: CrypTom
Relevant URL: http://www.cryptography.ch/projects/pgpjava
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The PGP Java API provides access to a PGP implementation which is based on PGP 2.3a. The PGP implementation will be compiled as a shared object, which will be accessible to Java via the Java Native Interface (JNI). The PGPi class provides the methods you can use to interact with PGP. All the encrypted / signed files you generate with this API are compatible with PGP 2.6.3i and vice versa. You can use the same keyrings, too.
4. Enigmail v0.83.6
By: Patrick
Relevant URL: http://enigmail.mozdev.org/thunderbird.html
Platforms: Linux, MacOS, POSIX, UNIX, Windows 2000, Windows 3.x, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
Enigmail is a "plugin" for the mail client of Mozilla and Netscape 7.x which allows users to access the authentication and encryption features provided by the popular GnuPG software. Enigmail can encrypt/sign mail when sending, and can decrypt/authenticate received mail. It can also import/export public keys. Enigmail supports both the inline PGP format and the PGP/MIME format, which can be used to encrypt attachments. Enigmail is cross-platform, although binaries are supplied only for a limited number of platforms. Enigmail uses inter-process communication to execute GPG to carry out encryption/authentication.
5. jayaCard v0.6a
By: Gilles Dumortier
Relevant URL: http://www.jayacard.org/
Platforms: Linux, Os Independent, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
jayaCard is a clean-room Secure Contactless Smartcard Multi-Applications Operating System that includes powerful tools such as contactless reader support, a protocol analyser, and a script engine. The supported norms include 7816-3/4/8, 14443, 15693, and x509.
6. WinBlox v6.0
By: liudieyu (at) umbrella (dot) name [email concealed]
Relevant URL: http://umbrella.name/winblox/
Platforms: UNIX, Windows 2000, Windows NT, Windows XP
Summary:
WinBlox monitors file operation and commandline execution on WINNT(Windows 2000 and later) system. Pattern matching in WinBlox is done by Regular Expression to ensure flexiblity.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: Check Point
Worm attacks got your Microsoft applications down? Download our
Technology Brief today and learn how Check Point can protect your
Microsoft environment from any threat.
CLICK HERE now to learn more:
http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_040412
------------------------------------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]