SecurityFocus Microsoft Newsletter #197
----------------------------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040713
I. FRONT AND CENTER
1. Metasploit Framework (Part One)
2. Service Pack Deux?
II. MICROSOFT VULNERABILITY SUMMARY
1. Easy Chat Server Multiple Denial Of Service Vulnerabilities
2. IBM Websphere Edge Server Denial Of Service Vulnerability
3. Microsoft Internet Explorer Shell.Application Object Script ...
4. Fastream NetFile FTP/Web Server Directory Traversal Vulnerab...
5. Multiple Vendor Internet Browser User Action Prediction/Inte...
6. Qualcomm Eudora MIME Attachment Spoofing Vulnerability
7. DiamondCS Process Guard Service Description Table Restoratio...
8. Microsoft Windows Program Group Converter Filename Local Buf...
9. Mozilla External Protocol Handler Weakness
10. Microsoft Word/Outlook Object Tag Security Setting Compromis...
11. Sun Java Virtual Machine Font.createFont Method Insecure Tem...
12. Symantec Norton Antivirus Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #196 (Thread)
2. supressing IE (Thread)
3. Betr.: supressing IE (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Network Time System
2. Anon-Encrypt
3. RSI
4. WiSSH
5. Firewall RuleMaker
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Ettercap v0.7.0 pre2
2. Athena 1.0
3. CryptoHeaven v2.4.0
4. XArp 0.1
5. Honeynet Security Console 1.0
6. LogMonitor 1.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Metasploit Framework (Part One)
By Pukhraj Singh and K.K. Mookhey
This article provides an elaborate insight into the Open Source exploit
framework, the Metasploit Framework, which is meant to change the future of
penetration testing once and for all. Part one of three.
http://www.securityfocus.com/infocus/1789
2. Service Pack Deux?
By Scott Granneman
Microsoft should make SP2 available to all users and backport the changes
to older operating systems, or they risk putting profits ahead of security
yet again.
http://www.securityfocus.com/columnists/254
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Easy Chat Server Multiple Denial Of Service Vulnerabilities
BugTraq ID: 10649
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10649
Summary:
It is reported that Easy Chat Server is susceptible to multiple denial of service vulnerabilities.
The chat software is implemented as a web server serving a chat web application to clients. The software is reported to contain two denial of service vulnerabilities. The application improperly sanitizes user supplied URI data, and cannot handle large numbers of anonymous users created in chat rooms.
An attacker with remote access to an affected instance of this application could use these vulnerabilities to crash the service, denying service to legitimate users.
2. IBM Websphere Edge Server Denial Of Service Vulnerability
BugTraq ID: 10651
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10651
Summary:
A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server.
It is reported that if the proxy is configured with the JunctionRewrite directive in conjunction with the UseCookie option, an attacker may be able to crash the application.
A remote attacker reportedly is able to cause a denial of service condition with one request.
IBM has released a patch dealing with this issue. This patch is available only to customers with support levels 2 or 3.
3. Microsoft Internet Explorer Shell.Application Object Script ...
BugTraq ID: 10652
Remote: Yes
Date Published: Jul 03 2004
Relevant URL: http://www.securityfocus.com/bid/10652
Summary:
Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the ability to alter registry settings that may allow for further attacks. In conjunction with other vulnerabilities, execution of attacker-supplied binaries may also be possible.
In particular, it is reported possible to alter the registry to allow for previously patched vulnerabilities to be exploitable again.
Exploitation of this weakness typically requires other vulnerabilities to redirect the browser into the Local Zone (or other appropriate Security Zone). Other attack vectors also exist, such as enticing a user to download an HTML document to their system then opening it with the Web browser. HTML email may also provide an attack vector for this weakness (in combination with other vulnerabilities). Cross-site scripting and HTML injection vulnerabilities in Web applications may also provide a surreptitious attack vector in unsuspecting clients.
4. Fastream NetFile FTP/Web Server Directory Traversal Vulnerab...
BugTraq ID: 10658
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10658
Summary:
The NetFile FTP/Web Server is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. This can allow an attacker to create, view, and delete arbitrary files outside the web root.
Fastream NetFILE FTP/Web Server versions 6.7.2.1085 and prior are reported prone to this issue.
5. Multiple Vendor Internet Browser User Action Prediction/Inte...
BugTraq ID: 10661
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10661
Summary:
Multiple vendor Internet Browsers are reported prone to a weakness where user actions may be used to commit unintentional actions. It is reported that if a malicious website can control or predict a user action, then a malicious site may popup a dialog and have the user unintentionally commit an action to that dialog.
The issue is reported to be exploitable through the XPInstall dialog feature of Mozilla and Mozilla Firefox. Other browsers are also vulnerable.
6. Qualcomm Eudora MIME Attachment Spoofing Vulnerability
BugTraq ID: 10671
Remote: Yes
Date Published: Jul 06 2004
Relevant URL: http://www.securityfocus.com/bid/10671
Summary:
It is reported that Eudora is susceptible to a MIME attachment spoofing vulnerability.
A user of Eudora could potentially be tricked into unknowingly sending sensitive files as attachments to forwarded email containing malicious MIME attachments.
Eudora version 6.1.2 for Windows was reported by the vendor to be fixed, but Paul Szabo disclosed an untested proof-of-concept exploit to demonstrate that the vulnerability still reportedly exists.
7. DiamondCS Process Guard Service Description Table Restoratio...
BugTraq ID: 10675
Remote: No
Date Published: Jul 07 2004
Relevant URL: http://www.securityfocus.com/bid/10675
Summary:
A vulnerability is reported to affect Process Guard that could permit an executable that is run by an administrator to disable Process Guard protection. It is reported that it is possible to restore the Service Description Table (SDT) to its original state. This can be accomplished because direct writes to certain devices are not controlled by the Process Guard driver-blocking feature. A malicious application that is run by an administrator can read an intact SDT table from kernel memory and restore the SDT table in the running kernel by writing to kernel memory space.
8. Microsoft Windows Program Group Converter Filename Local Buf...
BugTraq ID: 10677
Remote: Yes
Date Published: Jul 07 2004
Relevant URL: http://www.securityfocus.com/bid/10677
Summary:
Microsoft Windows Program Group Converter (grpconv.exe) is reported prone to a buffer overrun vulnerability. The issue is reported to exist due to a lack of sufficient validation performed on filename data.
An attacker may craft a malicious file and present it to a victim in order to exploit this vulnerability. Additionally, it is demonstrated that this vulnerability may also be exploited using a series of seperate vulnerabilities in Internet Explorer in order to exploit this vulnerability when a malicious website is viewed.
It is reported that exploitation may be hindered because parameter data is stored in Unicode format.
9. Mozilla External Protocol Handler Weakness
BugTraq ID: 10681
Remote: Yes
Date Published: Jul 08 2004
Relevant URL: http://www.securityfocus.com/bid/10681
Summary:
Mozilla Internet Browser is reported prone to a weakness that may permit an external protocol to be called without any user interaction. This may expose Mozilla users to vulnerabilities that exist in the underlying operating system or in the software that is the default handler for a registered protocol.
Vulnerabilities in the applications that are invoked by a protocol, and vulnerabilities in the way a called protocol is handled by the host operating system may be exploited using this weakness in the Mozilla browser.
10. Microsoft Word/Outlook Object Tag Security Setting Compromis...
BugTraq ID: 10683
Remote: Yes
Date Published: Jul 08 2004
Relevant URL: http://www.securityfocus.com/bid/10683
Summary:
Microsoft Outlook when configured to employ Microsoft Word as an email editor, is reported prone to a security setting compromise vulnerability. It is reported that under certain circumstances, when an HTML email is received and said email message contains an OBJECT tag that is not closed, the URI that the OBJECT tag points to will be rendered in the Microsoft Outlook window when the email message is forwarded.
11. Sun Java Virtual Machine Font.createFont Method Insecure Tem...
BugTraq ID: 10685
Remote: Yes
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10685
Summary:
Sun Java Virtual Machine is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Unix, Linux, and Microsoft platforms.
Sun Java Virtual Machine is prone to an insecure temporary file creation weakness. It is reported that this file is created by the 'Font.createFont' method with the following name:
+~JFxxxxx.tmp
where xxxxx is a random number.
This issue can be combined with various other vulnerabilities in Internet Explorer to ultimately allow for code execution on a vulnerable computer.
12. Symantec Norton Antivirus Denial Of Service Vulnerability
BugTraq ID: 10686
Remote: Yes
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10686
Summary:
It is reported that Symantec Norton AntiVirus is prone to a denial of service vulnerability. The issue is reported to present itself if the vulnerable software scans a compressed archive that contains a malicious executable contained in over 49647 directories. When an archive of this type is scanned, the affected software will reportedly consume system resources. This may impact performance, ultimately denying service to legitimate users.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #196 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/368178
2. supressing IE (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/368133
3. Betr.: supressing IE (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/368103
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:
Network Time System - Secure, fast and accurate time sync software across entire network.
2. Anon-Encrypt
By: RiserSoft Corporation
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://risersoft.com/anon-encrypt.php
Summary:
Surf the Internet Totally Anonymous, and Fully Encrypted with our Internet Explorer Pluging!
3. RSI
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.digitallabs.net/rsi/
Summary:
Remote System Information audits your network for critical hardware and software information and displays the results in a clear, exportable spreadsheet view.
Remote Registry technology provides the ability to dynamically scan your network without the need to install client software.
4. WiSSH
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.wissh.com
Summary:
WiSSH (Windows over SSH) utilizes SSH tunneling technology to secure Microsoft's RDP protocol. Allows access to multiple hosts behind your network perimeter with only a single host's SSH port open to the Internet
5. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control software product for managers of Cisco PIX and Netscreen firewalls.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
2. Athena 1.0
By: Steve Lord
Relevant URL: http://www.buyukada.co.uk/projects/athena/
Platforms: Windows 2000, Windows XP
Summary:
Athena is a search engine query tool designed to help find information leakage vulnerabilties using 'googledork' strings. Athena uses an extensible configuration format that supports multiple search engines (Yahoo and Google included). Athena is designed with ease of use in mind and a full illustrated manual is included featuring a full walkthrough.
3. CryptoHeaven v2.4.0
By: Marcin Kurzawa <marcin (at) cryptoheaven (dot) com [email concealed]>
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.
4. XArp 0.1
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:
XArp is a graphical tool to monitor the ARP cache. It periodically requests the local ARP cache and reports changes in the IP to MAC mapping. Thus it can be used to recognize ARP poisoning which is used to prepare 'man in the middle' attacks on switched networks.
5. Honeynet Security Console 1.0
By: Activeworx, Inc.
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows XP
Summary:
Honeynet Security Console is an analysis tool to view events on your personal honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. It also allows you to correlate events from each of these data types to have a full grasp of the attackers' actions.
6. LogMonitor 1.0
By: Adam Richard/SécurIT Informatique Inc.
Relevant URL: ftp://ftp.digitalvoodoo.org/pub/mirrors/securit/Logmon10free.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for the GUI which is a complete makeover. Instead of focusing on network location, LogMonitor presents the data in a set of floating windows grouped by application, which may be a more intuitive interface to some people. The analysis is performed by defining the fields of each log we are monitoring, and then by using these fields to define rules as to what is important data or not.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040713
----------------------------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040713
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit Framework (Part One)
2. Service Pack Deux?
II. MICROSOFT VULNERABILITY SUMMARY
1. Easy Chat Server Multiple Denial Of Service Vulnerabilities
2. IBM Websphere Edge Server Denial Of Service Vulnerability
3. Microsoft Internet Explorer Shell.Application Object Script ...
4. Fastream NetFile FTP/Web Server Directory Traversal Vulnerab...
5. Multiple Vendor Internet Browser User Action Prediction/Inte...
6. Qualcomm Eudora MIME Attachment Spoofing Vulnerability
7. DiamondCS Process Guard Service Description Table Restoratio...
8. Microsoft Windows Program Group Converter Filename Local Buf...
9. Mozilla External Protocol Handler Weakness
10. Microsoft Word/Outlook Object Tag Security Setting Compromis...
11. Sun Java Virtual Machine Font.createFont Method Insecure Tem...
12. Symantec Norton Antivirus Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #196 (Thread)
2. supressing IE (Thread)
3. Betr.: supressing IE (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Network Time System
2. Anon-Encrypt
3. RSI
4. WiSSH
5. Firewall RuleMaker
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Ettercap v0.7.0 pre2
2. Athena 1.0
3. CryptoHeaven v2.4.0
4. XArp 0.1
5. Honeynet Security Console 1.0
6. LogMonitor 1.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Metasploit Framework (Part One)
By Pukhraj Singh and K.K. Mookhey
This article provides an elaborate insight into the Open Source exploit
framework, the Metasploit Framework, which is meant to change the future of
penetration testing once and for all. Part one of three.
http://www.securityfocus.com/infocus/1789
2. Service Pack Deux?
By Scott Granneman
Microsoft should make SP2 available to all users and backport the changes
to older operating systems, or they risk putting profits ahead of security
yet again.
http://www.securityfocus.com/columnists/254
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Easy Chat Server Multiple Denial Of Service Vulnerabilities
BugTraq ID: 10649
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10649
Summary:
It is reported that Easy Chat Server is susceptible to multiple denial of service vulnerabilities.
The chat software is implemented as a web server serving a chat web application to clients. The software is reported to contain two denial of service vulnerabilities. The application improperly sanitizes user supplied URI data, and cannot handle large numbers of anonymous users created in chat rooms.
An attacker with remote access to an affected instance of this application could use these vulnerabilities to crash the service, denying service to legitimate users.
2. IBM Websphere Edge Server Denial Of Service Vulnerability
BugTraq ID: 10651
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10651
Summary:
A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server.
It is reported that if the proxy is configured with the JunctionRewrite directive in conjunction with the UseCookie option, an attacker may be able to crash the application.
A remote attacker reportedly is able to cause a denial of service condition with one request.
IBM has released a patch dealing with this issue. This patch is available only to customers with support levels 2 or 3.
3. Microsoft Internet Explorer Shell.Application Object Script ...
BugTraq ID: 10652
Remote: Yes
Date Published: Jul 03 2004
Relevant URL: http://www.securityfocus.com/bid/10652
Summary:
Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the ability to alter registry settings that may allow for further attacks. In conjunction with other vulnerabilities, execution of attacker-supplied binaries may also be possible.
In particular, it is reported possible to alter the registry to allow for previously patched vulnerabilities to be exploitable again.
Exploitation of this weakness typically requires other vulnerabilities to redirect the browser into the Local Zone (or other appropriate Security Zone). Other attack vectors also exist, such as enticing a user to download an HTML document to their system then opening it with the Web browser. HTML email may also provide an attack vector for this weakness (in combination with other vulnerabilities). Cross-site scripting and HTML injection vulnerabilities in Web applications may also provide a surreptitious attack vector in unsuspecting clients.
4. Fastream NetFile FTP/Web Server Directory Traversal Vulnerab...
BugTraq ID: 10658
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10658
Summary:
The NetFile FTP/Web Server is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. This can allow an attacker to create, view, and delete arbitrary files outside the web root.
Fastream NetFILE FTP/Web Server versions 6.7.2.1085 and prior are reported prone to this issue.
5. Multiple Vendor Internet Browser User Action Prediction/Inte...
BugTraq ID: 10661
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10661
Summary:
Multiple vendor Internet Browsers are reported prone to a weakness where user actions may be used to commit unintentional actions. It is reported that if a malicious website can control or predict a user action, then a malicious site may popup a dialog and have the user unintentionally commit an action to that dialog.
The issue is reported to be exploitable through the XPInstall dialog feature of Mozilla and Mozilla Firefox. Other browsers are also vulnerable.
6. Qualcomm Eudora MIME Attachment Spoofing Vulnerability
BugTraq ID: 10671
Remote: Yes
Date Published: Jul 06 2004
Relevant URL: http://www.securityfocus.com/bid/10671
Summary:
It is reported that Eudora is susceptible to a MIME attachment spoofing vulnerability.
A user of Eudora could potentially be tricked into unknowingly sending sensitive files as attachments to forwarded email containing malicious MIME attachments.
Eudora version 6.1.2 for Windows was reported by the vendor to be fixed, but Paul Szabo disclosed an untested proof-of-concept exploit to demonstrate that the vulnerability still reportedly exists.
7. DiamondCS Process Guard Service Description Table Restoratio...
BugTraq ID: 10675
Remote: No
Date Published: Jul 07 2004
Relevant URL: http://www.securityfocus.com/bid/10675
Summary:
A vulnerability is reported to affect Process Guard that could permit an executable that is run by an administrator to disable Process Guard protection. It is reported that it is possible to restore the Service Description Table (SDT) to its original state. This can be accomplished because direct writes to certain devices are not controlled by the Process Guard driver-blocking feature. A malicious application that is run by an administrator can read an intact SDT table from kernel memory and restore the SDT table in the running kernel by writing to kernel memory space.
8. Microsoft Windows Program Group Converter Filename Local Buf...
BugTraq ID: 10677
Remote: Yes
Date Published: Jul 07 2004
Relevant URL: http://www.securityfocus.com/bid/10677
Summary:
Microsoft Windows Program Group Converter (grpconv.exe) is reported prone to a buffer overrun vulnerability. The issue is reported to exist due to a lack of sufficient validation performed on filename data.
An attacker may craft a malicious file and present it to a victim in order to exploit this vulnerability. Additionally, it is demonstrated that this vulnerability may also be exploited using a series of seperate vulnerabilities in Internet Explorer in order to exploit this vulnerability when a malicious website is viewed.
It is reported that exploitation may be hindered because parameter data is stored in Unicode format.
9. Mozilla External Protocol Handler Weakness
BugTraq ID: 10681
Remote: Yes
Date Published: Jul 08 2004
Relevant URL: http://www.securityfocus.com/bid/10681
Summary:
Mozilla Internet Browser is reported prone to a weakness that may permit an external protocol to be called without any user interaction. This may expose Mozilla users to vulnerabilities that exist in the underlying operating system or in the software that is the default handler for a registered protocol.
Vulnerabilities in the applications that are invoked by a protocol, and vulnerabilities in the way a called protocol is handled by the host operating system may be exploited using this weakness in the Mozilla browser.
10. Microsoft Word/Outlook Object Tag Security Setting Compromis...
BugTraq ID: 10683
Remote: Yes
Date Published: Jul 08 2004
Relevant URL: http://www.securityfocus.com/bid/10683
Summary:
Microsoft Outlook when configured to employ Microsoft Word as an email editor, is reported prone to a security setting compromise vulnerability. It is reported that under certain circumstances, when an HTML email is received and said email message contains an OBJECT tag that is not closed, the URI that the OBJECT tag points to will be rendered in the Microsoft Outlook window when the email message is forwarded.
11. Sun Java Virtual Machine Font.createFont Method Insecure Tem...
BugTraq ID: 10685
Remote: Yes
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10685
Summary:
Sun Java Virtual Machine is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Unix, Linux, and Microsoft platforms.
Sun Java Virtual Machine is prone to an insecure temporary file creation weakness. It is reported that this file is created by the 'Font.createFont' method with the following name:
+~JFxxxxx.tmp
where xxxxx is a random number.
This issue can be combined with various other vulnerabilities in Internet Explorer to ultimately allow for code execution on a vulnerable computer.
12. Symantec Norton Antivirus Denial Of Service Vulnerability
BugTraq ID: 10686
Remote: Yes
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10686
Summary:
It is reported that Symantec Norton AntiVirus is prone to a denial of service vulnerability. The issue is reported to present itself if the vulnerable software scans a compressed archive that contains a malicious executable contained in over 49647 directories. When an archive of this type is scanned, the affected software will reportedly consume system resources. This may impact performance, ultimately denying service to legitimate users.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #196 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/368178
2. supressing IE (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/368133
3. Betr.: supressing IE (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/368103
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:
Network Time System - Secure, fast and accurate time sync software across entire network.
2. Anon-Encrypt
By: RiserSoft Corporation
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://risersoft.com/anon-encrypt.php
Summary:
Surf the Internet Totally Anonymous, and Fully Encrypted with our Internet Explorer Pluging!
3. RSI
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.digitallabs.net/rsi/
Summary:
Remote System Information audits your network for critical hardware and software information and displays the results in a clear, exportable spreadsheet view.
Remote Registry technology provides the ability to dynamically scan your network without the need to install client software.
4. WiSSH
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.wissh.com
Summary:
WiSSH (Windows over SSH) utilizes SSH tunneling technology to secure Microsoft's RDP protocol. Allows access to multiple hosts behind your network perimeter with only a single host's SSH port open to the Internet
5. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control software product for managers of Cisco PIX and Netscreen firewalls.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
2. Athena 1.0
By: Steve Lord
Relevant URL: http://www.buyukada.co.uk/projects/athena/
Platforms: Windows 2000, Windows XP
Summary:
Athena is a search engine query tool designed to help find information leakage vulnerabilties using 'googledork' strings. Athena uses an extensible configuration format that supports multiple search engines (Yahoo and Google included). Athena is designed with ease of use in mind and a full illustrated manual is included featuring a full walkthrough.
3. CryptoHeaven v2.4.0
By: Marcin Kurzawa <marcin (at) cryptoheaven (dot) com [email concealed]>
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.
4. XArp 0.1
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:
XArp is a graphical tool to monitor the ARP cache. It periodically requests the local ARP cache and reports changes in the IP to MAC mapping. Thus it can be used to recognize ARP poisoning which is used to prepare 'man in the middle' attacks on switched networks.
5. Honeynet Security Console 1.0
By: Activeworx, Inc.
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows XP
Summary:
Honeynet Security Console is an analysis tool to view events on your personal honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. It also allows you to correlate events from each of these data types to have a full grasp of the attackers' actions.
6. LogMonitor 1.0
By: Adam Richard/SécurIT Informatique Inc.
Relevant URL: ftp://ftp.digitalvoodoo.org/pub/mirrors/securit/Logmon10free.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for the GUI which is a complete makeover. Instead of focusing on network location, LogMonitor presents the data in a set of floating windows grouped by application, which may be a more intuitive interface to some people. The analysis is performed by defining the fields of each log we are monitoring, and then by using these fields to define rules as to what is important data or not.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040713
------------------------------------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]