Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines
six applications in one software solution for ease of use and lower total
cost of ownership.
Download your free trial at:
http://www.securityfocus.com/sponsor/Astaro_sf-news_040615
I. FRONT AND CENTER
1. TCP/IP Skills for Security Analysts (Part 2)
2. The Trouble with Gmail
3. Wireless Attacks and Penetration Testing (part 2 of 3)
II. MICROSOFT VULNERABILITY SUMMARY
1. RealNetworks RealPlayer Unspecified Remote Code Execution Vu...
2. PostgreSQL ODBC Driver Unspecified Remote Buffer Overflow Vu...
3. PHP Microsoft Windows Shell Escape Functions Command Executi...
4. Microsoft Internet Explorer URL Local Resource Access Weakne...
5. Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnera...
6. NetWin SurgeMail/WebMail Multiple Input Validation Vulnerabi...
7. Microsoft DirectX DirectPlay Remote Malformed Packet Denial ...
8. PHP-Nuke Reviews Module Cross-Site Scripting Vulnerability
9. Horde IMP Unspecified Input Validation Vulnerability
10. Trend Micro OfficeScan Local Privilege Escalation Vulnerabil...
11. Invision Power Board SSI.PHP SQL Injection Vulnerability
12. Microsoft Internet Explorer URI Obfuscation Weakness
13. Subversion SVN Protocol Parser Remote Integer Overflow Vulne...
14. RealNetwork RealPlayer Media File Heap Overflow Vulnerabilit...
15. PHP-Nuke Multiple Input Validation Vulnerabilities
16. ignitionServer Server Link Service Authentication Bypass Vul...
17. RealNetworks RealPlayer URI Processing Buffer Overrun Vulner...
18. RealNetwork RealPlayer EMBD3260.DLL Error Response Heap Over...
III. MICROSOFT FOCUS LIST SUMMARY
1. Doubleclick programs entry on start menu (Thread)
2. SV: Doubleclick programs entry on start menu (Thread)
3. Use of L2TP in isolated W2K3 AD (Thread)
4. SecurityFocus Microsoft Newsletter #192 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. SP I-NET
2. Softros LAN Messenger
3. Network Time System
4. Anon-Encrypt
5. RSI
6. WiSSH
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. CryptoHeaven v2.4.0
2. XArp 0.1
3. Honeynet Security Console 1.0
4. LogMonitor 1.0
5. Ettercap v0.7.0 pre2
6. Syhunt TS Security Scanner 6.7 Build 96
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. TCP/IP Skills for Security Analysts (Part 2)
By Don Parker
This article series guides users new to the security field through some
of the key skills required to work as a security analyst. Part two puts
the skills into context by simulating a "day in the life" of a network
security analyst, using an example of what steps to take when new exploit
code appears.
http://www.securityfocus.com/infocus/1784
2. The Trouble with Gmail
By Mark Rasch
Mass acceptance of the keyword scanning in Google's new e-mail service
could leave government spooks feeling lucky.
http://www.securityfocus.com/columnists/248
3. Wireless Attacks and Penetration Testing (part 2 of 3)
By Jonathan Hassell
This is the second of a three part series on penetration testing for
wireless networks. This installment looks at how a nefarious user cracks
the WEP key, scans for servers and services, and then exploits
vulnerabilities to gain system access.
http://www.securityfocus.com/infocus/1785
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. RealNetworks RealPlayer Unspecified Remote Code Execution Vu...
BugTraq ID: 10469
Remote: Yes
Date Published: Jun 05 2004
Relevant URL: http://www.securityfocus.com/bid/10469
Summary:
RealPlayer may be prone to a remote code execution vulnerability. eEye Digital Security reported this vulnerability. The issue exists in default installations of RealPlayer and may lead to remote code execution with minimal user interaction.
All versions of RealPlayer are considered vulnerable at this point.
Due to a lack of details further information is not available at the moment. This BID will be updated as more information becomes available.
2. PostgreSQL ODBC Driver Unspecified Remote Buffer Overflow Vu...
BugTraq ID: 10470
Remote: Yes
Date Published: Jun 07 2004
Relevant URL: http://www.securityfocus.com/bid/10470
Summary:
PostgreSQL ODBC driver is reportedly prone to a remote buffer overflow vulnerability. This vulnerability was reported in a Debian advisory and may allow a remote attacker to crash a Web server used with the application. It is reported that this issue can be exploited by using a malicious script in order to cause a denial of service condition in the Web server.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
PostgreSQL version 7.2.1 is confirmed to be vulnerable at the moment, however, it is likely that other versions are affected as well.
3. PHP Microsoft Windows Shell Escape Functions Command Executi...
BugTraq ID: 10471
Remote: Yes
Date Published: Jun 07 2004
Relevant URL: http://www.securityfocus.com/bid/10471
Summary:
PHP is reportedly prone to a command execution vulnerability in its shell escape functions. This issue is due to a failure of PHP to properly sanitize function arguments.
This issue might allow an attacker to execute arbitrary shell commands on a computer running the vulnerable software within the security context of the web server; potentially leading to unauthorized access. Other attacks are also possible.
This issue is reported to affect PHP under Microsoft Windows version 4.3.3 and 4.3.5, it is likely that other Microsoft Windows versions are affected as well.
4. Microsoft Internet Explorer URL Local Resource Access Weakne...
BugTraq ID: 10472
Remote: Yes
Date Published: Jun 06 2004
Relevant URL: http://www.securityfocus.com/bid/10472
Summary:
Microsoft Internet Explorer is prone to a security weakness that may permit unauthorized access to local resources on a client computer. This will effectively bypass security restrictions implemented in Internet Explorer 6 SP1. Specifically, a malicious Web page may access a file on a vulnerable client computer by pre-pending "URL:" to a request for a specific resource.
This weakness is useful when exploiting other vulnerabilities, such as vulnerabilities that allow cross-zone access.
Exploits are known to be circulating in the wild that abuse this issue in combination with BID 10473 and one of the issues described in BID 8577.
5. Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnera...
BugTraq ID: 10473
Remote: Yes
Date Published: Jun 06 2004
Relevant URL: http://www.securityfocus.com/bid/10473
Summary:
Microsoft Internet Explorer is prone to a vulnerability that may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone. It is possible to exploit this issue by passing a dynamically created IFrame to a modal dialog.
This vulnerability could be exploited in combination with a number of other security issues, such as the weakness described in BID 10472. The end result of successful exploitation is execution of arbitrary code in the context of the client user.
It may also be possible to exploit this vulnerability to access properties of a foreign domain, allowing for other types of attacks that compromise sensitive or private information associated with a domain of the attacker's choosing.
6. NetWin SurgeMail/WebMail Multiple Input Validation Vulnerabi...
BugTraq ID: 10483
Remote: Yes
Date Published: Jun 07 2004
Relevant URL: http://www.securityfocus.com/bid/10483
Summary:
SurgeMail/WebMail is prone to multiple vulnerabilities. These issue result from insufficient sanitization of user-supplied data. The issues can allow an attacker to carry out path disclosure and cross-site scripting attacks.
SurgeMail versions 1.9 and prior and WebMail 3.1d are affected by these issues.
7. Microsoft DirectX DirectPlay Remote Malformed Packet Denial ...
BugTraq ID: 10487
Remote: Yes
Date Published: Jun 08 2004
Relevant URL: http://www.securityfocus.com/bid/10487
Summary:
Microsoft DirectX DirectPlay is affected by a remote denial of service vulnerability. This issue is due to a failure of the affected library to properly handle malformed network data.
An attacker can exploit this vulnerability to cause an application using the affected DirectPlay library to crash, denying service to legitimate users.
8. PHP-Nuke Reviews Module Cross-Site Scripting Vulnerability
BugTraq ID: 10493
Remote: Yes
Date Published: Jun 08 2004
Relevant URL: http://www.securityfocus.com/bid/10493
Summary:
PHP-Nuke 'reviews' module is prone to a cross-site scripting vulnerability. These issue could allow an attacker to steal cookie-based authentication credentials. It is reported that the application does not sanitize user-supplied data through the 'id' parameter.
This vulnerability is likely to be fixed in the current versions of PHP-Nuke. This issue may have surfaced earlier, however, this has not been confirmed. This BID will be updated or retired as more information becomes available.
9. Horde IMP Unspecified Input Validation Vulnerability
BugTraq ID: 10501
Remote: Yes
Date Published: Jun 09 2004
Relevant URL: http://www.securityfocus.com/bid/10501
Summary:
Horde IMP is reportedly affected by an unspecified input validation vulnerability. This issue is due to input validation errors that arise when the application processes user-supplied input.
This issue might be leveraged by an attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user, facilitating session hijacking and theft of cookie-based authentication credentials.
10. Trend Micro OfficeScan Local Privilege Escalation Vulnerabil...
BugTraq ID: 10503
Remote: No
Date Published: Jun 09 2004
Relevant URL: http://www.securityfocus.com/bid/10503
Summary:
OfficeScan is prone to a local privilege escalation vulnerability. This issue can allow a local attacker to execute arbitrary applications and escalate privileges.
Trend Micro OfficeScan versions 5.58 and prior are affected by this issue.
11. Invision Power Board SSI.PHP SQL Injection Vulnerability
BugTraq ID: 10511
Remote: Yes
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10511
Summary:
Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script.
Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQL statements to the underlying database.
The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition.
Version 1.3.1 Final of Invision Power Board is reported vulnerable. Other versions may also be affected as well.
*** There have been conflicting reports stating the the vulnerable variable only accepts integer values and not arbitrary strings.
12. Microsoft Internet Explorer URI Obfuscation Weakness
BugTraq ID: 10517
Remote: Yes
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10517
Summary:
A weakness is reported in Microsoft Internet Explorer allowing an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users.
An attacker may exploit this weakness to make a user think they are visiting a legitimate site, when in reality they are being redirected to an attacker controlled site.
Update: an attacker may be able to use this issue to bypass zone restrictions in Internet Explorer.
Opera 7.51 may also be affected.
13. Subversion SVN Protocol Parser Remote Integer Overflow Vulne...
BugTraq ID: 10519
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10519
Summary:
It is reported that Subversion is prone to a remote integer overrun vulnerability. The issue exists in the svn protocol parser and is due to a lack of sufficient bounds checking performed on svn URI strings that are transmitted by the client.
If the URI string recieved is long enough an integer overrun may occur where the size value of the URI string will wrap and be misrepresented. This may potentially result in corruption of heap memory management structures.
14. RealNetwork RealPlayer Media File Heap Overflow Vulnerabilit...
BugTraq ID: 10520
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10520
Summary:
NGSSoftware has reported that heap overflow vulnerabilities exist in RealNetworks RealPlayer releases. These issues may be triggered by a malformed .RA, .RM, .RV, or .RMJ file. If successfully exploited, it is possible to execute arbitrary code in the context of the user running the player.
15. PHP-Nuke Multiple Input Validation Vulnerabilities
BugTraq ID: 10524
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10524
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:
PHP-Nuke is prone to multiple cross-site scripting vulnerabilities. These issues affect the 'Faq', 'Encyclopedia' and 'Reviews' modules.
These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer.
PHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is due to a failure of the application to properly sanitize user-supplied input. The problem presents itself when SQL syntax is passed through the a parameter of the 'Reviews' module.
As a result of this issue an attacker could modify the logic and structure of database queries.
Finally a remote denial of service vulnerability is reported to exist in the score subsystem of the 'Review' module of PHP-Nuke, it is reported that a large number supplied as a value for a parameter passed to the 'Reviews' module will deny service to legitimate PHP-Nuke users.
16. ignitionServer Server Link Service Authentication Bypass Vul...
BugTraq ID: 10525
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10525
Summary:
ignitionServer is reported prone to an authentication bypass vulnerability. IRC servers can be linked together to form IRC networks. ignitionServer server linking functionality is not reported to be fully functional and so is not enabled by default. However, it is reported that if the ignitionServer linking service is enabled, a remote ignitionServer server may link to the vulnerable ignitionServer without requiring any authentication at all.
17. RealNetworks RealPlayer URI Processing Buffer Overrun Vulner...
BugTraq ID: 10527
Remote: Yes
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10527
Summary:
A remote buffer overflow vulnerability is reported to affect RealPlayer 10; previous versions may also be prone to this issue. It is reported that the vulnerability presents itself when RealPlayer processes a URI that contains a large number of period characters. A remote attacker may potentially exploit this vulnerability in order to execute arbitrary supplied code in the context of the user who is running the affected software.
RealNetworks has released updates to the products affected by these issues, and users are urged to upgrade immediately.
18. RealNetwork RealPlayer EMBD3260.DLL Error Response Heap Over...
BugTraq ID: 10528
Remote: Yes
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10528
Summary:
eEye has reported that heap overflow vulnerabilities exist in RealNetworks RealPlayer releases. These issues may be triggered by a malformed movie file embedded in an HTML page. If successfully exploited, it is possible to execute arbitrary code in the context of the user running the player.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Doubleclick programs entry on start menu (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/366041
2. SV: Doubleclick programs entry on start menu (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/366003
3. Use of L2TP in isolated W2K3 AD (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/365624
4. SecurityFocus Microsoft Newsletter #192 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/365619
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. SP I-NET
By: Unisys
Platforms: Windows 95/98, Windows NT
Relevant URL: http://www.unisys.com/sp-security
Summary:
Designed for business-to-business communications requiring trusted relationships, SP I-NET ensures confidentiality of data, authenticates the identity of the involved parties, and ensures the privacy of their communication.
2. Softros LAN Messenger
By: Softros Systems Inc.
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://messenger.softros.com
Summary:
Softros Messenger is a secure network messaging software application for corporate LANs (local area networks). It does not require a server and is very easy to install and use. Softros Messenger comes with a variety of handy features, like message notification alarms, personal or group messaging, and intuitive interface. Softros Messenger offers strong encryption options for all incoming and outgoing messages, guaranteeing no unauthorized person ever reads personal correspondence. The program is very stable when running under any Windows operating system and in any TCP/IP network, regardless of its size. Also Softros Messenger correctly identifies and works under Windows NT/2000/XP limited user accounts (without administrative privileges).
3. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:
Network Time System - Secure, fast and accurate time sync software across entire network.
4. Anon-Encrypt
By: RiserSoft Corporation
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://risersoft.com/anon-encrypt.php
Summary:
Surf the Internet Totally Anonymous, and Fully Encrypted with our Internet Explorer Pluging!
5. RSI
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.digitallabs.net/rsi/
Summary:
Remote System Information audits your network for critical hardware and software information and displays the results in a clear, exportable spreadsheet view.
Remote Registry technology provides the ability to dynamically scan your network without the need to install client software.
6. WiSSH
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.wissh.com
Summary:
WiSSH (Windows over SSH) utilizes SSH tunneling technology to secure Microsoft's RDP protocol. Allows access to multiple hosts behind your network perimeter with only a single host's SSH port open to the Internet
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. CryptoHeaven v2.4.0
By: Marcin Kurzawa <marcin (at) cryptoheaven (dot) com [email concealed]>
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.
2. XArp 0.1
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:
XArp is a graphical tool to monitor the ARP cache. It periodically requests the local ARP cache and reports changes in the IP to MAC mapping. Thus it can be used to recognize ARP poisoning which is used to prepare 'man in the middle' attacks on switched networks.
3. Honeynet Security Console 1.0
By: Activeworx, Inc.
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows XP
Summary:
Honeynet Security Console is an analysis tool to view events on your personal honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. It also allows you to correlate events from each of these data types to have a full grasp of the attackers' actions.
4. LogMonitor 1.0
By: Adam Richard/SécurIT Informatique Inc.
Relevant URL: ftp://ftp.digitalvoodoo.org/pub/mirrors/securit/Logmon10free.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for the GUI which is a complete makeover. Instead of focusing on network location, LogMonitor presents the data in a set of floating windows grouped by application, which may be a more intuitive interface to some people. The analysis is performed by defining the fields of each log we are monitoring, and then by using these fields to define rules as to what is important data or not.
5. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
6. Syhunt TS Security Scanner 6.7 Build 96
By: Syhunt
Relevant URL: http://www.syhunt.com/section.php?id=scanner
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Syhunt TS Security Scanner is able to find the unfindable, not only known vulnerabilities, but also potential new ones. The new version can identify and exploit vulnerabilities in a matter of minutes and is a key tool for security professionals and administrators.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines
six applications in one software solution for ease of use and lower total
cost of ownership.
Download your free trial at:
http://www.securityfocus.com/sponsor/Astaro_sf-news_040615
----------------------------------------
This issue sponsored by: Astaro
Free 30-day trial: firewall with virus/spam protection, URL filtering,
VPN, wireless security
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines
six applications in one software solution for ease of use and lower total
cost of ownership.
Download your free trial at:
http://www.securityfocus.com/sponsor/Astaro_sf-news_040615
------------------------------------------------------------------------
I. FRONT AND CENTER
1. TCP/IP Skills for Security Analysts (Part 2)
2. The Trouble with Gmail
3. Wireless Attacks and Penetration Testing (part 2 of 3)
II. MICROSOFT VULNERABILITY SUMMARY
1. RealNetworks RealPlayer Unspecified Remote Code Execution Vu...
2. PostgreSQL ODBC Driver Unspecified Remote Buffer Overflow Vu...
3. PHP Microsoft Windows Shell Escape Functions Command Executi...
4. Microsoft Internet Explorer URL Local Resource Access Weakne...
5. Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnera...
6. NetWin SurgeMail/WebMail Multiple Input Validation Vulnerabi...
7. Microsoft DirectX DirectPlay Remote Malformed Packet Denial ...
8. PHP-Nuke Reviews Module Cross-Site Scripting Vulnerability
9. Horde IMP Unspecified Input Validation Vulnerability
10. Trend Micro OfficeScan Local Privilege Escalation Vulnerabil...
11. Invision Power Board SSI.PHP SQL Injection Vulnerability
12. Microsoft Internet Explorer URI Obfuscation Weakness
13. Subversion SVN Protocol Parser Remote Integer Overflow Vulne...
14. RealNetwork RealPlayer Media File Heap Overflow Vulnerabilit...
15. PHP-Nuke Multiple Input Validation Vulnerabilities
16. ignitionServer Server Link Service Authentication Bypass Vul...
17. RealNetworks RealPlayer URI Processing Buffer Overrun Vulner...
18. RealNetwork RealPlayer EMBD3260.DLL Error Response Heap Over...
III. MICROSOFT FOCUS LIST SUMMARY
1. Doubleclick programs entry on start menu (Thread)
2. SV: Doubleclick programs entry on start menu (Thread)
3. Use of L2TP in isolated W2K3 AD (Thread)
4. SecurityFocus Microsoft Newsletter #192 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. SP I-NET
2. Softros LAN Messenger
3. Network Time System
4. Anon-Encrypt
5. RSI
6. WiSSH
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. CryptoHeaven v2.4.0
2. XArp 0.1
3. Honeynet Security Console 1.0
4. LogMonitor 1.0
5. Ettercap v0.7.0 pre2
6. Syhunt TS Security Scanner 6.7 Build 96
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. TCP/IP Skills for Security Analysts (Part 2)
By Don Parker
This article series guides users new to the security field through some
of the key skills required to work as a security analyst. Part two puts
the skills into context by simulating a "day in the life" of a network
security analyst, using an example of what steps to take when new exploit
code appears.
http://www.securityfocus.com/infocus/1784
2. The Trouble with Gmail
By Mark Rasch
Mass acceptance of the keyword scanning in Google's new e-mail service
could leave government spooks feeling lucky.
http://www.securityfocus.com/columnists/248
3. Wireless Attacks and Penetration Testing (part 2 of 3)
By Jonathan Hassell
This is the second of a three part series on penetration testing for
wireless networks. This installment looks at how a nefarious user cracks
the WEP key, scans for servers and services, and then exploits
vulnerabilities to gain system access.
http://www.securityfocus.com/infocus/1785
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. RealNetworks RealPlayer Unspecified Remote Code Execution Vu...
BugTraq ID: 10469
Remote: Yes
Date Published: Jun 05 2004
Relevant URL: http://www.securityfocus.com/bid/10469
Summary:
RealPlayer may be prone to a remote code execution vulnerability. eEye Digital Security reported this vulnerability. The issue exists in default installations of RealPlayer and may lead to remote code execution with minimal user interaction.
All versions of RealPlayer are considered vulnerable at this point.
Due to a lack of details further information is not available at the moment. This BID will be updated as more information becomes available.
2. PostgreSQL ODBC Driver Unspecified Remote Buffer Overflow Vu...
BugTraq ID: 10470
Remote: Yes
Date Published: Jun 07 2004
Relevant URL: http://www.securityfocus.com/bid/10470
Summary:
PostgreSQL ODBC driver is reportedly prone to a remote buffer overflow vulnerability. This vulnerability was reported in a Debian advisory and may allow a remote attacker to crash a Web server used with the application. It is reported that this issue can be exploited by using a malicious script in order to cause a denial of service condition in the Web server.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
PostgreSQL version 7.2.1 is confirmed to be vulnerable at the moment, however, it is likely that other versions are affected as well.
3. PHP Microsoft Windows Shell Escape Functions Command Executi...
BugTraq ID: 10471
Remote: Yes
Date Published: Jun 07 2004
Relevant URL: http://www.securityfocus.com/bid/10471
Summary:
PHP is reportedly prone to a command execution vulnerability in its shell escape functions. This issue is due to a failure of PHP to properly sanitize function arguments.
This issue might allow an attacker to execute arbitrary shell commands on a computer running the vulnerable software within the security context of the web server; potentially leading to unauthorized access. Other attacks are also possible.
This issue is reported to affect PHP under Microsoft Windows version 4.3.3 and 4.3.5, it is likely that other Microsoft Windows versions are affected as well.
4. Microsoft Internet Explorer URL Local Resource Access Weakne...
BugTraq ID: 10472
Remote: Yes
Date Published: Jun 06 2004
Relevant URL: http://www.securityfocus.com/bid/10472
Summary:
Microsoft Internet Explorer is prone to a security weakness that may permit unauthorized access to local resources on a client computer. This will effectively bypass security restrictions implemented in Internet Explorer 6 SP1. Specifically, a malicious Web page may access a file on a vulnerable client computer by pre-pending "URL:" to a request for a specific resource.
This weakness is useful when exploiting other vulnerabilities, such as vulnerabilities that allow cross-zone access.
Exploits are known to be circulating in the wild that abuse this issue in combination with BID 10473 and one of the issues described in BID 8577.
5. Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnera...
BugTraq ID: 10473
Remote: Yes
Date Published: Jun 06 2004
Relevant URL: http://www.securityfocus.com/bid/10473
Summary:
Microsoft Internet Explorer is prone to a vulnerability that may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone. It is possible to exploit this issue by passing a dynamically created IFrame to a modal dialog.
This vulnerability could be exploited in combination with a number of other security issues, such as the weakness described in BID 10472. The end result of successful exploitation is execution of arbitrary code in the context of the client user.
It may also be possible to exploit this vulnerability to access properties of a foreign domain, allowing for other types of attacks that compromise sensitive or private information associated with a domain of the attacker's choosing.
6. NetWin SurgeMail/WebMail Multiple Input Validation Vulnerabi...
BugTraq ID: 10483
Remote: Yes
Date Published: Jun 07 2004
Relevant URL: http://www.securityfocus.com/bid/10483
Summary:
SurgeMail/WebMail is prone to multiple vulnerabilities. These issue result from insufficient sanitization of user-supplied data. The issues can allow an attacker to carry out path disclosure and cross-site scripting attacks.
SurgeMail versions 1.9 and prior and WebMail 3.1d are affected by these issues.
7. Microsoft DirectX DirectPlay Remote Malformed Packet Denial ...
BugTraq ID: 10487
Remote: Yes
Date Published: Jun 08 2004
Relevant URL: http://www.securityfocus.com/bid/10487
Summary:
Microsoft DirectX DirectPlay is affected by a remote denial of service vulnerability. This issue is due to a failure of the affected library to properly handle malformed network data.
An attacker can exploit this vulnerability to cause an application using the affected DirectPlay library to crash, denying service to legitimate users.
8. PHP-Nuke Reviews Module Cross-Site Scripting Vulnerability
BugTraq ID: 10493
Remote: Yes
Date Published: Jun 08 2004
Relevant URL: http://www.securityfocus.com/bid/10493
Summary:
PHP-Nuke 'reviews' module is prone to a cross-site scripting vulnerability. These issue could allow an attacker to steal cookie-based authentication credentials. It is reported that the application does not sanitize user-supplied data through the 'id' parameter.
This vulnerability is likely to be fixed in the current versions of PHP-Nuke. This issue may have surfaced earlier, however, this has not been confirmed. This BID will be updated or retired as more information becomes available.
9. Horde IMP Unspecified Input Validation Vulnerability
BugTraq ID: 10501
Remote: Yes
Date Published: Jun 09 2004
Relevant URL: http://www.securityfocus.com/bid/10501
Summary:
Horde IMP is reportedly affected by an unspecified input validation vulnerability. This issue is due to input validation errors that arise when the application processes user-supplied input.
This issue might be leveraged by an attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user, facilitating session hijacking and theft of cookie-based authentication credentials.
10. Trend Micro OfficeScan Local Privilege Escalation Vulnerabil...
BugTraq ID: 10503
Remote: No
Date Published: Jun 09 2004
Relevant URL: http://www.securityfocus.com/bid/10503
Summary:
OfficeScan is prone to a local privilege escalation vulnerability. This issue can allow a local attacker to execute arbitrary applications and escalate privileges.
Trend Micro OfficeScan versions 5.58 and prior are affected by this issue.
11. Invision Power Board SSI.PHP SQL Injection Vulnerability
BugTraq ID: 10511
Remote: Yes
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10511
Summary:
Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script.
Due to improper filtering of user supplied data, 'ssi.php' is exploitable by attackers to pass SQL statements to the underlying database.
The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition.
Version 1.3.1 Final of Invision Power Board is reported vulnerable. Other versions may also be affected as well.
*** There have been conflicting reports stating the the vulnerable variable only accepts integer values and not arbitrary strings.
12. Microsoft Internet Explorer URI Obfuscation Weakness
BugTraq ID: 10517
Remote: Yes
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10517
Summary:
A weakness is reported in Microsoft Internet Explorer allowing an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users.
An attacker may exploit this weakness to make a user think they are visiting a legitimate site, when in reality they are being redirected to an attacker controlled site.
Update: an attacker may be able to use this issue to bypass zone restrictions in Internet Explorer.
Opera 7.51 may also be affected.
13. Subversion SVN Protocol Parser Remote Integer Overflow Vulne...
BugTraq ID: 10519
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10519
Summary:
It is reported that Subversion is prone to a remote integer overrun vulnerability. The issue exists in the svn protocol parser and is due to a lack of sufficient bounds checking performed on svn URI strings that are transmitted by the client.
If the URI string recieved is long enough an integer overrun may occur where the size value of the URI string will wrap and be misrepresented. This may potentially result in corruption of heap memory management structures.
14. RealNetwork RealPlayer Media File Heap Overflow Vulnerabilit...
BugTraq ID: 10520
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10520
Summary:
NGSSoftware has reported that heap overflow vulnerabilities exist in RealNetworks RealPlayer releases. These issues may be triggered by a malformed .RA, .RM, .RV, or .RMJ file. If successfully exploited, it is possible to execute arbitrary code in the context of the user running the player.
15. PHP-Nuke Multiple Input Validation Vulnerabilities
BugTraq ID: 10524
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10524
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:
PHP-Nuke is prone to multiple cross-site scripting vulnerabilities. These issues affect the 'Faq', 'Encyclopedia' and 'Reviews' modules.
These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer.
PHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is due to a failure of the application to properly sanitize user-supplied input. The problem presents itself when SQL syntax is passed through the a parameter of the 'Reviews' module.
As a result of this issue an attacker could modify the logic and structure of database queries.
Finally a remote denial of service vulnerability is reported to exist in the score subsystem of the 'Review' module of PHP-Nuke, it is reported that a large number supplied as a value for a parameter passed to the 'Reviews' module will deny service to legitimate PHP-Nuke users.
16. ignitionServer Server Link Service Authentication Bypass Vul...
BugTraq ID: 10525
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10525
Summary:
ignitionServer is reported prone to an authentication bypass vulnerability. IRC servers can be linked together to form IRC networks. ignitionServer server linking functionality is not reported to be fully functional and so is not enabled by default. However, it is reported that if the ignitionServer linking service is enabled, a remote ignitionServer server may link to the vulnerable ignitionServer without requiring any authentication at all.
17. RealNetworks RealPlayer URI Processing Buffer Overrun Vulner...
BugTraq ID: 10527
Remote: Yes
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10527
Summary:
A remote buffer overflow vulnerability is reported to affect RealPlayer 10; previous versions may also be prone to this issue. It is reported that the vulnerability presents itself when RealPlayer processes a URI that contains a large number of period characters. A remote attacker may potentially exploit this vulnerability in order to execute arbitrary supplied code in the context of the user who is running the affected software.
RealNetworks has released updates to the products affected by these issues, and users are urged to upgrade immediately.
18. RealNetwork RealPlayer EMBD3260.DLL Error Response Heap Over...
BugTraq ID: 10528
Remote: Yes
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10528
Summary:
eEye has reported that heap overflow vulnerabilities exist in RealNetworks RealPlayer releases. These issues may be triggered by a malformed movie file embedded in an HTML page. If successfully exploited, it is possible to execute arbitrary code in the context of the user running the player.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Doubleclick programs entry on start menu (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/366041
2. SV: Doubleclick programs entry on start menu (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/366003
3. Use of L2TP in isolated W2K3 AD (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/365624
4. SecurityFocus Microsoft Newsletter #192 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/365619
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. SP I-NET
By: Unisys
Platforms: Windows 95/98, Windows NT
Relevant URL: http://www.unisys.com/sp-security
Summary:
Designed for business-to-business communications requiring trusted relationships, SP I-NET ensures confidentiality of data, authenticates the identity of the involved parties, and ensures the privacy of their communication.
2. Softros LAN Messenger
By: Softros Systems Inc.
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://messenger.softros.com
Summary:
Softros Messenger is a secure network messaging software application for corporate LANs (local area networks). It does not require a server and is very easy to install and use. Softros Messenger comes with a variety of handy features, like message notification alarms, personal or group messaging, and intuitive interface. Softros Messenger offers strong encryption options for all incoming and outgoing messages, guaranteeing no unauthorized person ever reads personal correspondence. The program is very stable when running under any Windows operating system and in any TCP/IP network, regardless of its size. Also Softros Messenger correctly identifies and works under Windows NT/2000/XP limited user accounts (without administrative privileges).
3. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:
Network Time System - Secure, fast and accurate time sync software across entire network.
4. Anon-Encrypt
By: RiserSoft Corporation
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://risersoft.com/anon-encrypt.php
Summary:
Surf the Internet Totally Anonymous, and Fully Encrypted with our Internet Explorer Pluging!
5. RSI
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.digitallabs.net/rsi/
Summary:
Remote System Information audits your network for critical hardware and software information and displays the results in a clear, exportable spreadsheet view.
Remote Registry technology provides the ability to dynamically scan your network without the need to install client software.
6. WiSSH
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.wissh.com
Summary:
WiSSH (Windows over SSH) utilizes SSH tunneling technology to secure Microsoft's RDP protocol. Allows access to multiple hosts behind your network perimeter with only a single host's SSH port open to the Internet
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. CryptoHeaven v2.4.0
By: Marcin Kurzawa <marcin (at) cryptoheaven (dot) com [email concealed]>
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.
2. XArp 0.1
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:
XArp is a graphical tool to monitor the ARP cache. It periodically requests the local ARP cache and reports changes in the IP to MAC mapping. Thus it can be used to recognize ARP poisoning which is used to prepare 'man in the middle' attacks on switched networks.
3. Honeynet Security Console 1.0
By: Activeworx, Inc.
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows XP
Summary:
Honeynet Security Console is an analysis tool to view events on your personal honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. It also allows you to correlate events from each of these data types to have a full grasp of the attackers' actions.
4. LogMonitor 1.0
By: Adam Richard/SécurIT Informatique Inc.
Relevant URL: ftp://ftp.digitalvoodoo.org/pub/mirrors/securit/Logmon10free.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for the GUI which is a complete makeover. Instead of focusing on network location, LogMonitor presents the data in a set of floating windows grouped by application, which may be a more intuitive interface to some people. The analysis is performed by defining the fields of each log we are monitoring, and then by using these fields to define rules as to what is important data or not.
5. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
6. Syhunt TS Security Scanner 6.7 Build 96
By: Syhunt
Relevant URL: http://www.syhunt.com/section.php?id=scanner
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Syhunt TS Security Scanner is able to find the unfindable, not only known vulnerabilities, but also potential new ones. The new version can identify and exploit vulnerabilities in a matter of minutes and is a key tool for security professionals and administrators.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: Astaro
Free 30-day trial: firewall with virus/spam protection, URL filtering,
VPN, wireless security
Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines
six applications in one software solution for ease of use and lower total
cost of ownership.
Download your free trial at:
http://www.securityfocus.com/sponsor/Astaro_sf-news_040615
------------------------------------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]