SecurityFocus Microsoft Newsletter #188
----------------------------------------
This Issue is Sponsored By: Qualys
ELIMINATE SASSER & OTHER THREATS - Free Network Security Audit
Detect & fix network weaknesses, including critical vulnerabilities that
can be exploited by worms like Sasser. QualysGuard requires no software,
deploys immediately, and accurately identifies security risks.
Try QualysGuard today and see if your network is at risk.
I. FRONT AND CENTER
1. Automating Windows Patch Mngt: Part III
II. MICROSOFT VULNERABILITY SUMMARY
1. JForum Unauthorized Forum Access Vulnerability
2. Microsoft Internet Explorer Meta Data Foreign Domain Spoofin...
3. Web Wiz Forum Multiple Vulnerabilities
4. Apple QuickTime Sample-to-Chunk Integer Overflow Vulnerabili...
5. Aldo's Web Server Multiple Input Validation Vulnerabilities
6. Titan FTP Server LIST Denial Of Service Vulnerability
7. E-Zone Media FuzeTalk AddUser.CFM Administrator Command Exec...
8. E-Zone Media FuzeTalk Banning.CFM Authentication Bypass Vuln...
9. JelSoft VBulletin Forum Creation HTML Injection Vulnerabilit...
10. Simple Machines Forum Size Tag HTML Injection Vulnerability
11. PHPNuke Modules.php Multiple SQL Injection Vulnerabilities
12. PHPX Multiple Cross-Site Scripting Vulnerabilities
13. PHPX Multiple Administrator Command Execution Vulnerability
14. Microsoft ASP.NET Malformed HTTP Request Information Disclos...
15. SurgeLDAP Web Administration Authentication Bypass Vulnerabi...
III. MICROSOFT FOCUS LIST SUMMARY
1. Relative Security Provided by Cached Domain Credenti... (Thread)
2. RE: Restricting the change of the local administrato... (Thread)
3. Restricting the change of the local administrator ac... (Thread)
4. Restricting the change of the local administrator ac... (Thread)
5. IE questions (Thread)
6. Restricting the change of the local administrator ac... (Thread)
7. SecurityFocus Microsoft Newsletter #187 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. SP I-NET
2. East-Tec Eraser 2004
3. Steganos Security Suite 6
4. Symantec?s Norton Internet Security 2004 Professional
5. secure2trust
6. N-Stealth Security Scanner
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Password Spyer 2k 2.4
2. FTimes v3.4.0
3. Socks via HTTP v1.0.1
4. OSIRIS v4.0.0
5. Chwinpw v1.0
6. N-Stealth HTTP Security Scanner v5.2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Automating Windows Patch Mngt: Part III
By Jonathan Hassell
The final installment of this series discusses two alternative, low cost
tools to manage the application of patches to Windows systems, and also
provides information on the upcoming, revised Software Update Services
(SUS) from Microsoft.
http://www.securityfocus.com/infocus/1778
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. JForum Unauthorized Forum Access Vulnerability
BugTraq ID: 10241
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10241
Summary:
Reportedly JForum is prone to an unauthorized forum access vulnerability. This issue is due to an input validation error that allows an unauthorized individual to access a restricted forum.
This issue may allow an attacker to gain unauthorized access to a restricted forum.
2. Microsoft Internet Explorer Meta Data Foreign Domain Spoofin...
BugTraq ID: 10248
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10248
Summary:
A vulnerability has been reported in Microsoft Internet Explorer that may facilitate certificate spoofing. This issue could aid in attacks which falsify web content to victim users.
The cause of the vulnerability is that it is possible to embed a certificate and content from a foreign domain (via SSL) into a web page. When the web page is visited by the client user, the user will be prompted to authorize the certificate from the foreign domain. This will make it appear as though the web page they are visiting is in the foreign domain.
It should be noted that while the connection will appear to be secure, as denoted by the closed lock icon in the right bottom corner of the browser window, the spoofed certicate may not be manually inspected (by clicking the lock icon). The browser will return a message stating that the document does not have a certificate associated with it when the lock is clicked by the user. This may give an indication that the certificate has been spoofed.
This vulnerability may be exploited to entice a user to trust a hostile web page.
This issue has been reported in Microsoft Internet Explorer 6. Earlier versions may also be affected.
3. Web Wiz Forum Multiple Vulnerabilities
BugTraq ID: 10255
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10255
Summary:
It has been reported that Web Wiz Forum is affected by multiple vulnerabilities. These issues are due to failure to properly sanitize user-supplied input facilitating SQL injection attacks, and design errors that allow unauthorized access to certain web forum functionality.
As a result of the SQL injection issue an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information.
A design error allows any user to access the topic modification and IP address blocking scripts, permitting unauthorized users to change forum topics and block arbitrary IP addresses.
4. Apple QuickTime Sample-to-Chunk Integer Overflow Vulnerabili...
BugTraq ID: 10257
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10257
Summary:
Apple QuickTime Player is vulnerable to an integer overflow vulnerability.
This issue can be triggered by a malformed .mov file and is reported to be exploitable to execute arbitrary code on Microsoft Windows platforms. This issue could also cause the player to crash on other platforms. Conflicting information has been released by the vendor that suggests that this issue will only result in a denial of service on Mac OS X.
5. Aldo's Web Server Multiple Input Validation Vulnerabilities
BugTraq ID: 10262
Remote: Yes
Date Published: May 03 2004
Relevant URL: http://www.securityfocus.com/bid/10262
Summary:
Two vulnerabilities have been reported in the Aldo's Web Server product.
A remote attacker could possibly learn information about the running web server process, and a directory traversal vulnerability is also reported, allowing an attacker to access information outside of the web server's document root.
These vulnerabilities could be used to access sensitive information that could aid an attacker in further compromises of the affected server.
6. Titan FTP Server LIST Denial Of Service Vulnerability
BugTraq ID: 10272
Remote: Yes
Date Published: May 04 2004
Relevant URL: http://www.securityfocus.com/bid/10272
Summary:
Titan FTP is prone to a remote denial of service vulnerability when handling the 'LIST' command.
A remote attacker can cause the FTP server to crash by improperly handling a non-existent socket.
7. E-Zone Media FuzeTalk AddUser.CFM Administrator Command Exec...
BugTraq ID: 10276
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10276
Summary:
It has been reported that FuseTalk is affected by an administrator command execution vulnerability in the adduser.cfm script. This issue is due to a failure of the application to properly validate the origin of user supplied data.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed by a forum administrator, the attacker supplied command would be carried out with the viewer's privileges. This would occur in the security context of the affected web site and may allow creation of arbitrary users, and other attacks.
8. E-Zone Media FuzeTalk Banning.CFM Authentication Bypass Vuln...
BugTraq ID: 10278
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10278
Summary:
It has been reported that FuseTalk is affected by an authentication bypass vulnerability allowing access to the 'banning.cfm' script. This issue is due to a failure of the application to properly validate authentication credentials.
This issue may be leveraged by an attacker ban arbitrary hosts from accessing the affected forum by flagging their IP address.
9. JelSoft VBulletin Forum Creation HTML Injection Vulnerabilit...
BugTraq ID: 10280
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10280
Summary:
Reportedly Jelsoft vBulletin is affected by an HTML injection vulnerability when creating a new forum. This issue is due to a failure of the application to properly sanitize user-supplied input.
It is reported that an attacker must have administrator privileges to carry out an attack.
An attacker may exploit this issue to have arbitrary HTML and script code rendered in the browser of an unsuspecting user. It may be possible to steal cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.
10. Simple Machines Forum Size Tag HTML Injection Vulnerability
BugTraq ID: 10281
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10281
Summary:
It has been reported that Simple Machines Forum (SMF) may be prone to an HTML injection vulnerability that may allow an attacker to execute arbitrary HTML or script code in a user's browser. The issue exists due to insufficient sanitization of user-supplied input via the font size attribute.
Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
11. PHPNuke Modules.php Multiple SQL Injection Vulnerabilities
BugTraq ID: 10282
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10282
Summary:
Multiple SQL vulnerabilities have been identified in the 'modules.php' module of the application. These vulnerabilities may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information.
PHPNuke 7.2 and prior are reported to be prone to these issues.
12. PHPX Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 10283
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10283
Summary:
It has been reported that PHPX is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
13. PHPX Multiple Administrator Command Execution Vulnerability
BugTraq ID: 10284
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10284
Summary:
It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands.
This issue could permit a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activated this URI, the attacker-supplied command would be carried out with the administrator's privileges. This would occur in the security context of the affected web site and would cause various administrator actions to be taken.
14. Microsoft ASP.NET Malformed HTTP Request Information Disclos...
BugTraq ID: 10292
Remote: Yes
Date Published: May 06 2004
Relevant URL: http://www.securityfocus.com/bid/10292
Summary:
It has been reported that ASP.NET may be prone to a remote information disclosure vulnerability that could allow an attacker to disclose sensitive information. This issue occurs when a malformed cookie header is sent to a server via a HTTP GET request.
Successful exploitation of this issue may allow a remote attacker to disclose sensitive information, which could be used to launch further attacks against a vulnerable system.
15. SurgeLDAP Web Administration Authentication Bypass Vulnerabi...
BugTraq ID: 10294
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10294
Summary:
SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP.
It has been reported that the SurgeLDAP web administration application is prone to an authentication bypass vulnerability, possibly allowing remote attackers manager access.
Once administration access is granted, it may be possible for an attacker to modify records in the LDAP database, destroy data, crash the server, or possibly further attacks on other services utilizing SurgeLDAP for it's authentication data.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Relative Security Provided by Cached Domain Credenti... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362656
2. RE: Restricting the change of the local administrato... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362542
3. Restricting the change of the local administrator ac... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362540
4. Restricting the change of the local administrator ac... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362533
5. IE questions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362529
6. Restricting the change of the local administrator ac... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362528
7. SecurityFocus Microsoft Newsletter #187 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362009
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. SP I-NET
By: Unisys
Platforms: Windows 95/98, Windows NT
Relevant URL: http://www.unisys.com/sp-security
Summary:
Designed for business-to-business communications requiring trusted relationships, SP I-NET ensures confidentiality of data, authenticates the identity of the involved parties, and ensures the privacy of their communication.
2. East-Tec Eraser 2004
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate sensitive data from your computer and protect your computer and Internet privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now means wiping its contents beyond recovery, scrambling its name and dates and finally removing it from disk. When you want to get rid of sensitive files or folders beyond recovery, add them to the Eraser list of doomed files and ask Eraser to do the job. Eraser offers tight integration with the Windows shell, so you can drag files and folders from Explorer and drop them in Eraser, or you can erase them directly from Explorer by selecting Erase beyond recovery from the context menu.
3. Steganos Security Suite 6
By: Steganos
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.steganos.com/?product=SSS6&language=en
Summary:
With Steganos Data Safe, Internet Trace Destructor 6.5, Password Manager, steganography function, E-Mail-Encryption, Deep Cleaning Shredder and much more, The Steganos Security Suite has been one of the best-selling encryption products for years and is used by 2 million people worldwide. Only the most modern encryption algorithms, such as the Advanced Encryption Standard (AES) are used. You can now save up to 128 GB* to its four virtual drives in real time - enough space for your film archive, large graphics files and other sensitive data.
4. Symantec?s Norton Internet Security 2004 Professional
By: Symantec
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.symantec.com/smallbiz/nis_pr/
Summary:
Symantec?s Norton Internet Security 2004 Professional protects you and your business from online threats. It eliminates viruses automatically, blocks hackers, safeguards your personal information, fights spam, increases online productivity, recovers lost or damaged files, and thoroughly deletes confidential data you no longer need. Available in 5 and 10-user Small Office Packs.
5. secure2trust
By: Avoco Secure
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
Summary:
secure2trust gives you the power to create documents that remain under your corporate control throughout their entire existence. Even if you allow another party to have a copy of your original document you can be sure that the copy will always have your original controls as part of its properties. The digital rights options which will control printing, copying, viewing, etc give you persistent and secure digital asset protection and intellectual property control. Digital rights mechanisms are the only way to ensure document integrity in a persistent way for both inter and intra company communications.
6. N-Stealth Security Scanner
By: N-Stalker
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.nstalker.com/products/nstealth/
Summary:
N-Stealth is a vulnerability-assessment product that scans web servers to identify security problems and weaknesses that might allow an attacker to gain privileged access. The software comes with an extensive database of over 30,000 vulnerabilities and exploits. N-Stealth® is more actively maintained than the network security scanners and consequently has a larger database of vulnerabilities.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Password Spyer 2k 2.4
By: Maro's Tools
Relevant URL: http://www.maros-tools.com/products/spyer/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Password Spyer 2k is a password recovery tool for windows. Password Spyer 2k reveals passwords hidden by asterkis (***) in all windows version (including 2000 and XP). You can use it to recover lost or forgotten passwords in most windows applications such as outlook, cute ftp, ws ftp, ICQ and others. You can use it to also reveal saved web passwords. Password Spyer 2k supports two methods for revealing passwords for better password retrieval.
2. FTimes v3.4.0
By: Klayton Monroe
Relevant URL: http://ftimes.sourceforge.net/FTimes/
Platforms: AIX, FreeBSD, Linux, MacOS, POSIX, Solaris, SunOS, Windows 2000, Windows NT
Summary:
FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.
3. Socks via HTTP v1.0.1
By: Florent Cueto
Relevant URL: http://cqs.dyndns.org/socks/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Socks via HTTP is a program to tunnel socks via HTTP. It is entirely written in Java.
4. OSIRIS v4.0.0
By: The Shmoo Group
Relevant URL: http://osiris.shmoo.com
Platforms: BSDI, FreeBSD, Linux, MacOS, OpenBSD, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Osiris is a host integrity management system that can be used to monitor
changes to a network of hosts over time and report those changes back to
the administrator(s). Currently, this includes monitoring any changes to
the filesystems. Osiris takes periodic snapshots of the filesystem and
stores them in a database. These databases, as well as the
configurations and logs, are all stored on a central management host.
When changes are detected, Osiris will log these events to the system
log and optionally send email to an administrator. In addition to files,
Osiris has preliminary support for the monitoring of other system
information including user lists, file system details, kernel modules,
and network interface configurations (not included with in this beta
release).
5. Chwinpw v1.0
By: <tevfik (at) itefix (dot) no [email concealed]>
Relevant URL: http://www.itefix.no/chwinpw/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Chwinpw is a small command line utility that can securely change passwords on remote windows machines. It can help to enforce a higher degree of security, by periodic password maintenance of vital accounts. Chwinpw can be run from a logon script or from a central location. It is also possible to instruct chwinpw to make bulk changes.
6. N-Stealth HTTP Security Scanner v5.2
By: qw erty <qw (at) erty (dot) net [email concealed] >
Relevant URL: http://www.nstalker.com/products/nstealth/download.php
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
N-Stealth is a comprehensive web server security-auditing tool that scans for over 30,000 vulnerabilities. It is ideal for system administrators, security consultant and IT professionals.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Qualys
ELIMINATE SASSER & OTHER THREATS - Free Network Security Audit
Detect & fix network weaknesses, including critical vulnerabilities that
can be exploited by worms like Sasser. QualysGuard requires no software,
deploys immediately, and accurately identifies security risks.
Try QualysGuard today and see if your network is at risk.
----------------------------------------
This Issue is Sponsored By: Qualys
ELIMINATE SASSER & OTHER THREATS - Free Network Security Audit
Detect & fix network weaknesses, including critical vulnerabilities that
can be exploited by worms like Sasser. QualysGuard requires no software,
deploys immediately, and accurately identifies security risks.
Try QualysGuard today and see if your network is at risk.
http://www.securityfocus.com/sponsor/Qualys_ms-secnews_040510
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Automating Windows Patch Mngt: Part III
II. MICROSOFT VULNERABILITY SUMMARY
1. JForum Unauthorized Forum Access Vulnerability
2. Microsoft Internet Explorer Meta Data Foreign Domain Spoofin...
3. Web Wiz Forum Multiple Vulnerabilities
4. Apple QuickTime Sample-to-Chunk Integer Overflow Vulnerabili...
5. Aldo's Web Server Multiple Input Validation Vulnerabilities
6. Titan FTP Server LIST Denial Of Service Vulnerability
7. E-Zone Media FuzeTalk AddUser.CFM Administrator Command Exec...
8. E-Zone Media FuzeTalk Banning.CFM Authentication Bypass Vuln...
9. JelSoft VBulletin Forum Creation HTML Injection Vulnerabilit...
10. Simple Machines Forum Size Tag HTML Injection Vulnerability
11. PHPNuke Modules.php Multiple SQL Injection Vulnerabilities
12. PHPX Multiple Cross-Site Scripting Vulnerabilities
13. PHPX Multiple Administrator Command Execution Vulnerability
14. Microsoft ASP.NET Malformed HTTP Request Information Disclos...
15. SurgeLDAP Web Administration Authentication Bypass Vulnerabi...
III. MICROSOFT FOCUS LIST SUMMARY
1. Relative Security Provided by Cached Domain Credenti... (Thread)
2. RE: Restricting the change of the local administrato... (Thread)
3. Restricting the change of the local administrator ac... (Thread)
4. Restricting the change of the local administrator ac... (Thread)
5. IE questions (Thread)
6. Restricting the change of the local administrator ac... (Thread)
7. SecurityFocus Microsoft Newsletter #187 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. SP I-NET
2. East-Tec Eraser 2004
3. Steganos Security Suite 6
4. Symantec?s Norton Internet Security 2004 Professional
5. secure2trust
6. N-Stealth Security Scanner
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Password Spyer 2k 2.4
2. FTimes v3.4.0
3. Socks via HTTP v1.0.1
4. OSIRIS v4.0.0
5. Chwinpw v1.0
6. N-Stealth HTTP Security Scanner v5.2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Automating Windows Patch Mngt: Part III
By Jonathan Hassell
The final installment of this series discusses two alternative, low cost
tools to manage the application of patches to Windows systems, and also
provides information on the upcoming, revised Software Update Services
(SUS) from Microsoft.
http://www.securityfocus.com/infocus/1778
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. JForum Unauthorized Forum Access Vulnerability
BugTraq ID: 10241
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10241
Summary:
Reportedly JForum is prone to an unauthorized forum access vulnerability. This issue is due to an input validation error that allows an unauthorized individual to access a restricted forum.
This issue may allow an attacker to gain unauthorized access to a restricted forum.
2. Microsoft Internet Explorer Meta Data Foreign Domain Spoofin...
BugTraq ID: 10248
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10248
Summary:
A vulnerability has been reported in Microsoft Internet Explorer that may facilitate certificate spoofing. This issue could aid in attacks which falsify web content to victim users.
The cause of the vulnerability is that it is possible to embed a certificate and content from a foreign domain (via SSL) into a web page. When the web page is visited by the client user, the user will be prompted to authorize the certificate from the foreign domain. This will make it appear as though the web page they are visiting is in the foreign domain.
It should be noted that while the connection will appear to be secure, as denoted by the closed lock icon in the right bottom corner of the browser window, the spoofed certicate may not be manually inspected (by clicking the lock icon). The browser will return a message stating that the document does not have a certificate associated with it when the lock is clicked by the user. This may give an indication that the certificate has been spoofed.
This vulnerability may be exploited to entice a user to trust a hostile web page.
This issue has been reported in Microsoft Internet Explorer 6. Earlier versions may also be affected.
3. Web Wiz Forum Multiple Vulnerabilities
BugTraq ID: 10255
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10255
Summary:
It has been reported that Web Wiz Forum is affected by multiple vulnerabilities. These issues are due to failure to properly sanitize user-supplied input facilitating SQL injection attacks, and design errors that allow unauthorized access to certain web forum functionality.
As a result of the SQL injection issue an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information.
A design error allows any user to access the topic modification and IP address blocking scripts, permitting unauthorized users to change forum topics and block arbitrary IP addresses.
4. Apple QuickTime Sample-to-Chunk Integer Overflow Vulnerabili...
BugTraq ID: 10257
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10257
Summary:
Apple QuickTime Player is vulnerable to an integer overflow vulnerability.
This issue can be triggered by a malformed .mov file and is reported to be exploitable to execute arbitrary code on Microsoft Windows platforms. This issue could also cause the player to crash on other platforms. Conflicting information has been released by the vendor that suggests that this issue will only result in a denial of service on Mac OS X.
5. Aldo's Web Server Multiple Input Validation Vulnerabilities
BugTraq ID: 10262
Remote: Yes
Date Published: May 03 2004
Relevant URL: http://www.securityfocus.com/bid/10262
Summary:
Two vulnerabilities have been reported in the Aldo's Web Server product.
A remote attacker could possibly learn information about the running web server process, and a directory traversal vulnerability is also reported, allowing an attacker to access information outside of the web server's document root.
These vulnerabilities could be used to access sensitive information that could aid an attacker in further compromises of the affected server.
6. Titan FTP Server LIST Denial Of Service Vulnerability
BugTraq ID: 10272
Remote: Yes
Date Published: May 04 2004
Relevant URL: http://www.securityfocus.com/bid/10272
Summary:
Titan FTP is prone to a remote denial of service vulnerability when handling the 'LIST' command.
A remote attacker can cause the FTP server to crash by improperly handling a non-existent socket.
7. E-Zone Media FuzeTalk AddUser.CFM Administrator Command Exec...
BugTraq ID: 10276
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10276
Summary:
It has been reported that FuseTalk is affected by an administrator command execution vulnerability in the adduser.cfm script. This issue is due to a failure of the application to properly validate the origin of user supplied data.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed by a forum administrator, the attacker supplied command would be carried out with the viewer's privileges. This would occur in the security context of the affected web site and may allow creation of arbitrary users, and other attacks.
8. E-Zone Media FuzeTalk Banning.CFM Authentication Bypass Vuln...
BugTraq ID: 10278
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10278
Summary:
It has been reported that FuseTalk is affected by an authentication bypass vulnerability allowing access to the 'banning.cfm' script. This issue is due to a failure of the application to properly validate authentication credentials.
This issue may be leveraged by an attacker ban arbitrary hosts from accessing the affected forum by flagging their IP address.
9. JelSoft VBulletin Forum Creation HTML Injection Vulnerabilit...
BugTraq ID: 10280
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10280
Summary:
Reportedly Jelsoft vBulletin is affected by an HTML injection vulnerability when creating a new forum. This issue is due to a failure of the application to properly sanitize user-supplied input.
It is reported that an attacker must have administrator privileges to carry out an attack.
An attacker may exploit this issue to have arbitrary HTML and script code rendered in the browser of an unsuspecting user. It may be possible to steal cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.
10. Simple Machines Forum Size Tag HTML Injection Vulnerability
BugTraq ID: 10281
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10281
Summary:
It has been reported that Simple Machines Forum (SMF) may be prone to an HTML injection vulnerability that may allow an attacker to execute arbitrary HTML or script code in a user's browser. The issue exists due to insufficient sanitization of user-supplied input via the font size attribute.
Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
11. PHPNuke Modules.php Multiple SQL Injection Vulnerabilities
BugTraq ID: 10282
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10282
Summary:
Multiple SQL vulnerabilities have been identified in the 'modules.php' module of the application. These vulnerabilities may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information.
PHPNuke 7.2 and prior are reported to be prone to these issues.
12. PHPX Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 10283
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10283
Summary:
It has been reported that PHPX is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
13. PHPX Multiple Administrator Command Execution Vulnerability
BugTraq ID: 10284
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10284
Summary:
It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands.
This issue could permit a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activated this URI, the attacker-supplied command would be carried out with the administrator's privileges. This would occur in the security context of the affected web site and would cause various administrator actions to be taken.
14. Microsoft ASP.NET Malformed HTTP Request Information Disclos...
BugTraq ID: 10292
Remote: Yes
Date Published: May 06 2004
Relevant URL: http://www.securityfocus.com/bid/10292
Summary:
It has been reported that ASP.NET may be prone to a remote information disclosure vulnerability that could allow an attacker to disclose sensitive information. This issue occurs when a malformed cookie header is sent to a server via a HTTP GET request.
Successful exploitation of this issue may allow a remote attacker to disclose sensitive information, which could be used to launch further attacks against a vulnerable system.
15. SurgeLDAP Web Administration Authentication Bypass Vulnerabi...
BugTraq ID: 10294
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10294
Summary:
SurgeLDAP is an LDAP server implementation for Microsoft Windows and various Unix operating systems. It includes a built-in web server to permit remote user access via HTTP.
It has been reported that the SurgeLDAP web administration application is prone to an authentication bypass vulnerability, possibly allowing remote attackers manager access.
Once administration access is granted, it may be possible for an attacker to modify records in the LDAP database, destroy data, crash the server, or possibly further attacks on other services utilizing SurgeLDAP for it's authentication data.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Relative Security Provided by Cached Domain Credenti... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362656
2. RE: Restricting the change of the local administrato... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362542
3. Restricting the change of the local administrator ac... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362540
4. Restricting the change of the local administrator ac... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362533
5. IE questions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362529
6. Restricting the change of the local administrator ac... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362528
7. SecurityFocus Microsoft Newsletter #187 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/362009
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. SP I-NET
By: Unisys
Platforms: Windows 95/98, Windows NT
Relevant URL: http://www.unisys.com/sp-security
Summary:
Designed for business-to-business communications requiring trusted relationships, SP I-NET ensures confidentiality of data, authenticates the identity of the involved parties, and ensures the privacy of their communication.
2. East-Tec Eraser 2004
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate sensitive data from your computer and protect your computer and Internet privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now means wiping its contents beyond recovery, scrambling its name and dates and finally removing it from disk. When you want to get rid of sensitive files or folders beyond recovery, add them to the Eraser list of doomed files and ask Eraser to do the job. Eraser offers tight integration with the Windows shell, so you can drag files and folders from Explorer and drop them in Eraser, or you can erase them directly from Explorer by selecting Erase beyond recovery from the context menu.
3. Steganos Security Suite 6
By: Steganos
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.steganos.com/?product=SSS6&language=en
Summary:
With Steganos Data Safe, Internet Trace Destructor 6.5, Password Manager, steganography function, E-Mail-Encryption, Deep Cleaning Shredder and much more, The Steganos Security Suite has been one of the best-selling encryption products for years and is used by 2 million people worldwide. Only the most modern encryption algorithms, such as the Advanced Encryption Standard (AES) are used. You can now save up to 128 GB* to its four virtual drives in real time - enough space for your film archive, large graphics files and other sensitive data.
4. Symantec?s Norton Internet Security 2004 Professional
By: Symantec
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.symantec.com/smallbiz/nis_pr/
Summary:
Symantec?s Norton Internet Security 2004 Professional protects you and your business from online threats. It eliminates viruses automatically, blocks hackers, safeguards your personal information, fights spam, increases online productivity, recovers lost or damaged files, and thoroughly deletes confidential data you no longer need. Available in 5 and 10-user Small Office Packs.
5. secure2trust
By: Avoco Secure
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
Summary:
secure2trust gives you the power to create documents that remain under your corporate control throughout their entire existence. Even if you allow another party to have a copy of your original document you can be sure that the copy will always have your original controls as part of its properties. The digital rights options which will control printing, copying, viewing, etc give you persistent and secure digital asset protection and intellectual property control. Digital rights mechanisms are the only way to ensure document integrity in a persistent way for both inter and intra company communications.
6. N-Stealth Security Scanner
By: N-Stalker
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.nstalker.com/products/nstealth/
Summary:
N-Stealth is a vulnerability-assessment product that scans web servers to identify security problems and weaknesses that might allow an attacker to gain privileged access. The software comes with an extensive database of over 30,000 vulnerabilities and exploits. N-Stealth® is more actively maintained than the network security scanners and consequently has a larger database of vulnerabilities.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Password Spyer 2k 2.4
By: Maro's Tools
Relevant URL: http://www.maros-tools.com/products/spyer/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Password Spyer 2k is a password recovery tool for windows. Password Spyer 2k reveals passwords hidden by asterkis (***) in all windows version (including 2000 and XP). You can use it to recover lost or forgotten passwords in most windows applications such as outlook, cute ftp, ws ftp, ICQ and others. You can use it to also reveal saved web passwords. Password Spyer 2k supports two methods for revealing passwords for better password retrieval.
2. FTimes v3.4.0
By: Klayton Monroe
Relevant URL: http://ftimes.sourceforge.net/FTimes/
Platforms: AIX, FreeBSD, Linux, MacOS, POSIX, Solaris, SunOS, Windows 2000, Windows NT
Summary:
FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.
3. Socks via HTTP v1.0.1
By: Florent Cueto
Relevant URL: http://cqs.dyndns.org/socks/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Socks via HTTP is a program to tunnel socks via HTTP. It is entirely written in Java.
4. OSIRIS v4.0.0
By: The Shmoo Group
Relevant URL: http://osiris.shmoo.com
Platforms: BSDI, FreeBSD, Linux, MacOS, OpenBSD, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Osiris is a host integrity management system that can be used to monitor
changes to a network of hosts over time and report those changes back to
the administrator(s). Currently, this includes monitoring any changes to
the filesystems. Osiris takes periodic snapshots of the filesystem and
stores them in a database. These databases, as well as the
configurations and logs, are all stored on a central management host.
When changes are detected, Osiris will log these events to the system
log and optionally send email to an administrator. In addition to files,
Osiris has preliminary support for the monitoring of other system
information including user lists, file system details, kernel modules,
and network interface configurations (not included with in this beta
release).
5. Chwinpw v1.0
By: <tevfik (at) itefix (dot) no [email concealed]>
Relevant URL: http://www.itefix.no/chwinpw/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Chwinpw is a small command line utility that can securely change passwords on remote windows machines. It can help to enforce a higher degree of security, by periodic password maintenance of vital accounts. Chwinpw can be run from a logon script or from a central location. It is also possible to instruct chwinpw to make bulk changes.
6. N-Stealth HTTP Security Scanner v5.2
By: qw erty <qw (at) erty (dot) net [email concealed] >
Relevant URL: http://www.nstalker.com/products/nstealth/download.php
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
N-Stealth is a comprehensive web server security-auditing tool that scans for over 30,000 vulnerabilities. It is ideal for system administrators, security consultant and IT professionals.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Qualys
ELIMINATE SASSER & OTHER THREATS - Free Network Security Audit
Detect & fix network weaknesses, including critical vulnerabilities that
can be exploited by worms like Sasser. QualysGuard requires no software,
deploys immediately, and accurately identifies security risks.
Try QualysGuard today and see if your network is at risk.
http://www.securityfocus.com/sponsor/Qualys_ms-secnews_040510
------------------------------------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]