SecurityFocus Microsoft Newsletter #215
----------------------------------------
This Issue is Sponsored By: Check Point
Learn how Check Point Connectra delivers secure
SSL VPN access, protecting your network from worms and
other malware threats. Download this free Web Security
Information Kit with whitepapers from Stratecast Partners
and Ziff-Davis, plus much more. It's free! Download now.
I. FRONT AND CENTER
1. The Worst Case Scenario
II. MICROSOFT VULNERABILITY SUMMARY
1. Software602 602 LAN Suite Multiple Remote Denial Of Service ...
2. MiniShare Server Remote Buffer Overflow Vulnerability
3. Microsoft Internet Explorer Local Resource Enumeration Vulne...
4. Samba Remote Wild Card Denial Of Service Vulnerability
5. EGroupWare JiNN Application Unspecified Vulnerability
6. Nucleus CMS Multiple Unspecified Input Validation Vulnerabil...
7. Infusium ASP Message Board Multiple Unspecified Input Valida...
8. SQLgrey Postfix Greylisting Service SQL Injection Vulnerabil...
9. Samhain Labs Samhain Database Update Local Heap Overflow Vul...
10. Microsoft Internet Explorer Embedded Content Status Bar URI ...
11. Microsoft Windows DDEShare Buffer Overflow Vulnerability
12. Kerio Personal Firewall IP Options Denial Of Service Vulnera...
13. Mozilla Firefox Download Dialogue Box File Name Spoofing Vul...
14. Mozilla Firefox Insecure Default Installation Vulnerability
15. WhitSoft Development SlimFTPd Remote Buffer Overflow Vulnera...
16. Multiple Browser IMG Tag Multiple Vulnerabilities
17. 04WebServer Multiple Remote Vulnerabilities
18. vBulletin LAST.PHP SQL Injection Vulnerability
19. Phorum FOLLOW.PHP SQL Injection Vulnerability
20. ZoneLabs IMsecure URI Filter Bypass Vulnerability
21. GD Graphics Library Multiple Unspecified Remote Buffer overf...
22. ARJ Software UNARJ Remote Buffer Overflow Vulnerability
23. Youngzsoft CCProxy Logging Function Unspecified Remote Buffe...
24. SecureAction Research Secure Network Messenger Remote Denial...
III. MICROSOFT FOCUS LIST SUMMARY
1. Supported products in Windows Security Center (WSC) (Thread)
2. Microsoft rights management server alternatives (Thread)
3. SecurityFocus Microsoft Newsletter #214 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CAT Cellular Authentication Token and eAuthentication Servic...
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. lock 2.0
2. WapgGui 1.0
3. VTrace 0.1
4. Random Number Generator Pro v1.31
5. creddump
6. antinat v0.81
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. The Worst Case Scenario
By Mark Rasch
The fine print in an insurance policy becomes an issue when a bizarre chain
of IT disasters leaves a company without a single copy of the source code
to its flagship product.
http://www.securityfocus.com/columnists/276
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Software602 602 LAN Suite Multiple Remote Denial Of Service ...
BugTraq ID: 11615
Remote: Yes
Date Published: Nov 06 2004
Relevant URL: http://www.securityfocus.com/bid/11615
Summary:
602 LAN SUITE is reported prone to multiple remote denial of service vulnerabilities. The following specific issues are reported:
It is reported that an attacker may consume CPU and memory resources on a target 602 LAN SUITE server. Reports indicate that this condition exists due to a lack of sanity checking prior to the allocation of regions of memory by the affected software.
A remote attacker may exploit this vulnerability to consume system resources, ultimately impacting the performance of the target computer and potentially resulting in a denial of service.
A second vulnerability is reported in the manner in which 602 LAN SUITE handles telnet proxy requests. It is reported that the proxy does not perform sufficient sanity checks on the destination IP of a proxy request.
A remote attacker may exploit this condition to exhaust all available sockets on a target computer that is running 602 LAN SUITE telnet proxy. This will effectively deny service to legitimate requests.
2. MiniShare Server Remote Buffer Overflow Vulnerability
BugTraq ID: 11620
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11620
Summary:
It is reported that MiniShare is susceptible to a remote buffer overflow vulnerability. This issue is due to insufficient buffer boundary verification prior to copying user-supplied data.
This vulnerability allows remote attackers to execute arbitrary code in the context of the affected application.
Version 1.4.1 of MiniShare is reported vulnerable to this issue. Other versions may also be affected.
3. Microsoft Internet Explorer Local Resource Enumeration Vulne...
BugTraq ID: 11621
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11621
Summary:
Microsoft Internet Explorer is reported prone to a local resource enumeration vulnerability. It is reported that the vulnerability exists because when handling 'res://' requests for local resources, Internet explorer behavior may reveal the existence of local files.
An attacker may employ information that is harvested in this manner to aid in further attacks that are launched against a target computer.
4. Samba Remote Wild Card Denial Of Service Vulnerability
BugTraq ID: 11624
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11624
Summary:
A remote denial of service vulnerability affects the wild card file name functionality of Samba. This issue is caused due to a failure of the application to properly validate malformed user-supplied strings.
An attacker may leverage this issue to cause the affected application to hang, effectively denying service to legitimate users.
5. EGroupWare JiNN Application Unspecified Vulnerability
BugTraq ID: 11625
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11625
Summary:
eGroupWare JiNN application is reported prone to an unspecified vulnerability.
Further details of this issue are not available at the time of writing. This BID will be updated as details are released.
6. Nucleus CMS Multiple Unspecified Input Validation Vulnerabil...
BugTraq ID: 11631
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11631
Summary:
Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. These issue are due to a failure of the application to properly sanitize user-supplied input prior to employing it in critical locations including dynamic content and database queries.
A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents.
7. Infusium ASP Message Board Multiple Unspecified Input Valida...
BugTraq ID: 11632
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11632
Summary:
Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. These issue are due to a failure of the application to properly sanitize user-supplied input prior to employing it in critical locations including dynamic content and database queries.
A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents.
8. SQLgrey Postfix Greylisting Service SQL Injection Vulnerabil...
BugTraq ID: 11633
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11633
Summary:
SQLgrey Postfix Greylisting Service is prone to an SQL injection vulnerability. This issue is reportedly due to insufficient sanitization of SQL syntax from fields in email processed by the software.
The issue could be exploited to influence SQL queries, potentially allowing for compromise of the software or other attacks that impact database security.
9. Samhain Labs Samhain Database Update Local Heap Overflow Vul...
BugTraq ID: 11635
Remote: No
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11635
Summary:
A locally exploitable heap-based buffer overflow exists in Samhain. This issue is exposed when the database is run in update mode and may allow a malicious local user to execute arbitrary code with superuser privileges if successfully exploited.
10. Microsoft Internet Explorer Embedded Content Status Bar URI ...
BugTraq ID: 11637
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11637
Summary:
Microsoft Internet Explorer is reported prone to a status bar URI obfuscation weakness. The issue presents itself when an embedded object is encapsulated in a HREF tag.
This issue may be leveraged by an attacker to display false information in the status bar of the browser of an unsuspecting user, allowing an attacker to present web pages to users that seem to originate from a trusted location. This may facilitate phishing style attacks; other attacks may also be possible.
11. Microsoft Windows DDEShare Buffer Overflow Vulnerability
BugTraq ID: 11638
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11638
Summary:
A buffer overflow vulnerability is reported to affect the Microsoft Windows 'ddeshare.exe' utility.
Although unconfirmed it is conjectured that a remote attacker may potentially exploit this condition to execute arbitrary code in the context of a user that is employing the affected utility to process a malicious remote DDE share name.
12. Kerio Personal Firewall IP Options Denial Of Service Vulnera...
BugTraq ID: 11639
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11639
Summary:
A remote denial of service vulnerability affects the IP options filtering functionality of Kerio's Personal Firewall. This issue is caused by a failure of the application to properly handle malformed network packets.
A remote attacker can exploit this issue anonymously with a spoofed packet to cause a computer running the affected application to hang indefinitely, denying service to legitimate users.
13. Mozilla Firefox Download Dialogue Box File Name Spoofing Vul...
BugTraq ID: 11643
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11643
Summary:
A download dialogue box file name spoofing vulnerability affects Mozilla Firefox. This issue is due to a design error that facilitates the spoofing of file names.
An attacker may leverage this issue to spoof downloaded file names to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences.
NOTE: This issue has been fixed by reducing the number of space characters displayed in the dialogue box. It should be noted that this issue may still be triggered by using other characters to fill the space such as non-displayable characters and even extremely long file names. Users should be cautious about downloading files with the affected application.
14. Mozilla Firefox Insecure Default Installation Vulnerability
BugTraq ID: 11644
Remote: No
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11644
Summary:
Mozilla Firefox is a Web browser developed and supported by the Mozilla Organization. It is freely available for most UNIX and Linux based operating systems as well as Microsoft Windows.
An insecure default installation vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to place secure permissions on installed files. It should be noted that this issue only affects the vulnerable application installed on the Apple Mac OS X platform.
An unsuspecting user that double-clicks on such an affected application may have attacker-specified code executing with their privileges, potentially facilitating privilege escalation.
15. WhitSoft Development SlimFTPd Remote Buffer Overflow Vulnera...
BugTraq ID: 11645
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11645
Summary:
A remote buffer overflow vulnerability affects WhitSoft Development SlimFTPd. This issue is due to a failure of the application to perform proper bounds checking on user-supplied strings prior to copying them into process buffers.
An attacker can leverage this issue to execute arbitrary machine code with the privileges of the affected FTP server, facilitating unauthorized access and privilege escalation.
16. Multiple Browser IMG Tag Multiple Vulnerabilities
BugTraq ID: 11648
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11648
Summary:
Various browsers are reported prone to multiple vulnerabilities in the image handling functionality through the <IMG> tag. These issues can allow remote attackers to determine the existence of local files, cause a denial of service condition, and disclose passwords for Windows systems via file shares.
Mozilla Firefox 0.10.1 and prior versions are reported vulnerable to these issues. It is alleged that Microsoft Internet Explorer and Netscape Browsers are also vulnerable to these issues. Due to this vulnerable packages for Internet Explorer and Netscape have been added. This BID will be updated as more information becomes available.
17. 04WebServer Multiple Remote Vulnerabilities
BugTraq ID: 11652
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11652
Summary:
Multiple remote vulnerabilities reportedly affect 04WebServer. These issues are due to a failure of the application to properly sanitize user-supplied input.
An attacker may leverage these issues to carry out cross-site scripting attacks against any Web sites hosted on the affected server and to inject arbitrary characters into log files, potentially leading to corruption.
18. vBulletin LAST.PHP SQL Injection Vulnerability
BugTraq ID: 11658
Remote: Yes
Date Published: Nov 11 2004
Relevant URL: http://www.securityfocus.com/bid/11658
Summary:
vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query.
An attacker exploits this issue to manipulate and inject SQL queries onto the underlying database. It is reportedly possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to attack the underlying database.
Update: It is reported that this vulnerability exists in third party scripts that can be used with vBulletin. Currently, the vendor of the affected scripts is not known. This BID will be updated as more information becomes available.
19. Phorum FOLLOW.PHP SQL Injection Vulnerability
BugTraq ID: 11660
Remote: Yes
Date Published: Nov 11 2004
Relevant URL: http://www.securityfocus.com/bid/11660
Summary:
Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input.
This issue allows remote attackers to manipulate query logic, leading to unauthorized access to sensitive information such as the user password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
This issue has been reported to affected versions prior to 5.0.13.
20. ZoneLabs IMsecure URI Filter Bypass Vulnerability
BugTraq ID: 11662
Remote: Yes
Date Published: Nov 11 2004
Relevant URL: http://www.securityfocus.com/bid/11662
Summary:
It is reported that IMsecure is vulnerable to a filter bypass vulnerability.
This vulnerability allows remote attackers to bypass the security filter of the affected product.
Versions prior to 1.5.0.39 are reportedly affected by this vulnerability.
21. GD Graphics Library Multiple Unspecified Remote Buffer overf...
BugTraq ID: 11663
Remote: Yes
Date Published: Nov 12 2004
Relevant URL: http://www.securityfocus.com/bid/11663
Summary:
Multiple unspecified remote buffer overflow vulnerabilities have been identified in the GD Graphics Library. These issues are due to a failure of the library to do sufficient bounds checking prior to processing user-specified strings.
An attacker may leverage these issues to remotely execute arbitrary code on a computer with the privileges of a user that views a malicious image file. This may facilitate unauthorized access or privilege escalation.
22. ARJ Software UNARJ Remote Buffer Overflow Vulnerability
BugTraq ID: 11665
Remote: Yes
Date Published: Nov 12 2004
Relevant URL: http://www.securityfocus.com/bid/11665
Summary:
A remote buffer overflow vulnerability affects ARJ Software's unarj. This issue is caused by a failure of the application to carry out sufficient bounds checking on user-supplied strings prior to processing.
A remote attacker may leverage this issue to execute arbitrary code with the privileges of a user that process a malicious file with the affected application. This may facilitate unauthorized access or privilege escalation.
23. Youngzsoft CCProxy Logging Function Unspecified Remote Buffe...
BugTraq ID: 11666
Remote: Yes
Date Published: Nov 11 2004
Relevant URL: http://www.securityfocus.com/bid/11666
Summary:
CCProxy is reported prone to an unspecified remote buffer overflow vulnerability. This issue may allow remote attackers to execute arbitrary code on a vulnerable computer, which can allow for unauthorized access.
All versions of CCProxy are considered vulnerable at the moment.
24. SecureAction Research Secure Network Messenger Remote Denial...
BugTraq ID: 11670
Remote: Yes
Date Published: Nov 12 2004
Relevant URL: http://www.securityfocus.com/bid/11670
Summary:
A remote denial of service vulnerability affects SecureAction Research Secure Network Messenger. This issue is due to a failure of the application to properly handle exceptional network data.
An attacker may leverage this issue to cause a computer running the vulnerable application to crash, denying service to legitimate users.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Supported products in Windows Security Center (WSC) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/381203
2. Microsoft rights management server alternatives (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/381142
3. SecurityFocus Microsoft Newsletter #214 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/381012
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. lock 2.0
By: Uri Fridman
Relevant URL: http://www.geocities.com/urifrid/lock-2.0-src.zip
Platforms: Windows 2000
Summary:
Lock is a command line tool to lock the
workstation, options include:
- lock the workstation
- lock workstation and run default
screensaver
- minimize all open windows and lock the
workstation
- send the system to sleep (standby)
open source, free and small.
2. WapgGui 1.0
By: William D. Bartholomew
Relevant URL: http://www.bartholomew.id.au/Default.aspx?tabid=32
Platforms: Windows 2000, Windows XP
Summary:
A free, open-source, user-friendly interface to run the WAPG password generator. Supports generation of random and pronounceable passwords, specifying minimum and maximum length, specifying what character classes should or must be used, and much more.
3. VTrace 0.1
By: Emilio Cini
Relevant URL: http://www.guerradigital.com.br/vtrace/vtrace.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Tool for visual tracert, exhibiting the geographical location of each it plans that the package travels ties to arrive to the specified domain.
4. Random Number Generator Pro v1.31
By: Segobit Software
Relevant URL: http://www.segobit.com/rng.zip
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
Random Number Generator is a Windows based application designed to generate random numbers. Program allow users choose lower and upper limits and increments of the numbers. Limits can be positive or negative values. User can exclude digits from generated random numbers. Random numbers can be edit and copied to the clipboard for pasting into other applications. Random Number Generator can print all random numbers or save numbers as file. Random Number Generator will generate to 9999 numbers at the time.
5. creddump
By: Massimiliano Montoro
Relevant URL: http://www.oxid.it/downloads/creddump.zip
Platforms: Windows XP
Summary:
Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 and Windows XP to provide a secured store for credential information. It and allows you to input user name and passwords for various network resources and applications once, and then have the system automatically supply that information for subsequent visits to those resources without your intervention.
6. antinat v0.81
By: Malcolm Smith
Relevant URL: http://yallara.cs.rmit.edu.au/~malsmith/products/antinat/
Platforms: MacOS, POSIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The Antinat SOCKS Server is a multi-threaded, scalable SOCKS server with a client library for writing proxy-based applications. It supports SOCKS 4, SOCKS 5, authentication, firewalling, UDP, and name resolution.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Check Point
Learn how Check Point Connectra delivers secure
SSL VPN access, protecting your network from worms and
other malware threats. Download this free Web Security
Information Kit with whitepapers from Stratecast Partners
and Ziff-Davis, plus much more. It's free! Download now.
----------------------------------------
This Issue is Sponsored By: Check Point
Learn how Check Point Connectra delivers secure
SSL VPN access, protecting your network from worms and
other malware threats. Download this free Web Security
Information Kit with whitepapers from Stratecast Partners
and Ziff-Davis, plus much more. It's free! Download now.
http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_041116
------------------------------------------------------------------------
I. FRONT AND CENTER
1. The Worst Case Scenario
II. MICROSOFT VULNERABILITY SUMMARY
1. Software602 602 LAN Suite Multiple Remote Denial Of Service ...
2. MiniShare Server Remote Buffer Overflow Vulnerability
3. Microsoft Internet Explorer Local Resource Enumeration Vulne...
4. Samba Remote Wild Card Denial Of Service Vulnerability
5. EGroupWare JiNN Application Unspecified Vulnerability
6. Nucleus CMS Multiple Unspecified Input Validation Vulnerabil...
7. Infusium ASP Message Board Multiple Unspecified Input Valida...
8. SQLgrey Postfix Greylisting Service SQL Injection Vulnerabil...
9. Samhain Labs Samhain Database Update Local Heap Overflow Vul...
10. Microsoft Internet Explorer Embedded Content Status Bar URI ...
11. Microsoft Windows DDEShare Buffer Overflow Vulnerability
12. Kerio Personal Firewall IP Options Denial Of Service Vulnera...
13. Mozilla Firefox Download Dialogue Box File Name Spoofing Vul...
14. Mozilla Firefox Insecure Default Installation Vulnerability
15. WhitSoft Development SlimFTPd Remote Buffer Overflow Vulnera...
16. Multiple Browser IMG Tag Multiple Vulnerabilities
17. 04WebServer Multiple Remote Vulnerabilities
18. vBulletin LAST.PHP SQL Injection Vulnerability
19. Phorum FOLLOW.PHP SQL Injection Vulnerability
20. ZoneLabs IMsecure URI Filter Bypass Vulnerability
21. GD Graphics Library Multiple Unspecified Remote Buffer overf...
22. ARJ Software UNARJ Remote Buffer Overflow Vulnerability
23. Youngzsoft CCProxy Logging Function Unspecified Remote Buffe...
24. SecureAction Research Secure Network Messenger Remote Denial...
III. MICROSOFT FOCUS LIST SUMMARY
1. Supported products in Windows Security Center (WSC) (Thread)
2. Microsoft rights management server alternatives (Thread)
3. SecurityFocus Microsoft Newsletter #214 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CAT Cellular Authentication Token and eAuthentication Servic...
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. lock 2.0
2. WapgGui 1.0
3. VTrace 0.1
4. Random Number Generator Pro v1.31
5. creddump
6. antinat v0.81
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. The Worst Case Scenario
By Mark Rasch
The fine print in an insurance policy becomes an issue when a bizarre chain
of IT disasters leaves a company without a single copy of the source code
to its flagship product.
http://www.securityfocus.com/columnists/276
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Software602 602 LAN Suite Multiple Remote Denial Of Service ...
BugTraq ID: 11615
Remote: Yes
Date Published: Nov 06 2004
Relevant URL: http://www.securityfocus.com/bid/11615
Summary:
602 LAN SUITE is reported prone to multiple remote denial of service vulnerabilities. The following specific issues are reported:
It is reported that an attacker may consume CPU and memory resources on a target 602 LAN SUITE server. Reports indicate that this condition exists due to a lack of sanity checking prior to the allocation of regions of memory by the affected software.
A remote attacker may exploit this vulnerability to consume system resources, ultimately impacting the performance of the target computer and potentially resulting in a denial of service.
A second vulnerability is reported in the manner in which 602 LAN SUITE handles telnet proxy requests. It is reported that the proxy does not perform sufficient sanity checks on the destination IP of a proxy request.
A remote attacker may exploit this condition to exhaust all available sockets on a target computer that is running 602 LAN SUITE telnet proxy. This will effectively deny service to legitimate requests.
2. MiniShare Server Remote Buffer Overflow Vulnerability
BugTraq ID: 11620
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11620
Summary:
It is reported that MiniShare is susceptible to a remote buffer overflow vulnerability. This issue is due to insufficient buffer boundary verification prior to copying user-supplied data.
This vulnerability allows remote attackers to execute arbitrary code in the context of the affected application.
Version 1.4.1 of MiniShare is reported vulnerable to this issue. Other versions may also be affected.
3. Microsoft Internet Explorer Local Resource Enumeration Vulne...
BugTraq ID: 11621
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11621
Summary:
Microsoft Internet Explorer is reported prone to a local resource enumeration vulnerability. It is reported that the vulnerability exists because when handling 'res://' requests for local resources, Internet explorer behavior may reveal the existence of local files.
An attacker may employ information that is harvested in this manner to aid in further attacks that are launched against a target computer.
4. Samba Remote Wild Card Denial Of Service Vulnerability
BugTraq ID: 11624
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11624
Summary:
A remote denial of service vulnerability affects the wild card file name functionality of Samba. This issue is caused due to a failure of the application to properly validate malformed user-supplied strings.
An attacker may leverage this issue to cause the affected application to hang, effectively denying service to legitimate users.
5. EGroupWare JiNN Application Unspecified Vulnerability
BugTraq ID: 11625
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11625
Summary:
eGroupWare JiNN application is reported prone to an unspecified vulnerability.
Further details of this issue are not available at the time of writing. This BID will be updated as details are released.
6. Nucleus CMS Multiple Unspecified Input Validation Vulnerabil...
BugTraq ID: 11631
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11631
Summary:
Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. These issue are due to a failure of the application to properly sanitize user-supplied input prior to employing it in critical locations including dynamic content and database queries.
A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents.
7. Infusium ASP Message Board Multiple Unspecified Input Valida...
BugTraq ID: 11632
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11632
Summary:
Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. These issue are due to a failure of the application to properly sanitize user-supplied input prior to employing it in critical locations including dynamic content and database queries.
A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents.
8. SQLgrey Postfix Greylisting Service SQL Injection Vulnerabil...
BugTraq ID: 11633
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11633
Summary:
SQLgrey Postfix Greylisting Service is prone to an SQL injection vulnerability. This issue is reportedly due to insufficient sanitization of SQL syntax from fields in email processed by the software.
The issue could be exploited to influence SQL queries, potentially allowing for compromise of the software or other attacks that impact database security.
9. Samhain Labs Samhain Database Update Local Heap Overflow Vul...
BugTraq ID: 11635
Remote: No
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11635
Summary:
A locally exploitable heap-based buffer overflow exists in Samhain. This issue is exposed when the database is run in update mode and may allow a malicious local user to execute arbitrary code with superuser privileges if successfully exploited.
10. Microsoft Internet Explorer Embedded Content Status Bar URI ...
BugTraq ID: 11637
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11637
Summary:
Microsoft Internet Explorer is reported prone to a status bar URI obfuscation weakness. The issue presents itself when an embedded object is encapsulated in a HREF tag.
This issue may be leveraged by an attacker to display false information in the status bar of the browser of an unsuspecting user, allowing an attacker to present web pages to users that seem to originate from a trusted location. This may facilitate phishing style attacks; other attacks may also be possible.
11. Microsoft Windows DDEShare Buffer Overflow Vulnerability
BugTraq ID: 11638
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11638
Summary:
A buffer overflow vulnerability is reported to affect the Microsoft Windows 'ddeshare.exe' utility.
Although unconfirmed it is conjectured that a remote attacker may potentially exploit this condition to execute arbitrary code in the context of a user that is employing the affected utility to process a malicious remote DDE share name.
12. Kerio Personal Firewall IP Options Denial Of Service Vulnera...
BugTraq ID: 11639
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11639
Summary:
A remote denial of service vulnerability affects the IP options filtering functionality of Kerio's Personal Firewall. This issue is caused by a failure of the application to properly handle malformed network packets.
A remote attacker can exploit this issue anonymously with a spoofed packet to cause a computer running the affected application to hang indefinitely, denying service to legitimate users.
13. Mozilla Firefox Download Dialogue Box File Name Spoofing Vul...
BugTraq ID: 11643
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11643
Summary:
A download dialogue box file name spoofing vulnerability affects Mozilla Firefox. This issue is due to a design error that facilitates the spoofing of file names.
An attacker may leverage this issue to spoof downloaded file names to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences.
NOTE: This issue has been fixed by reducing the number of space characters displayed in the dialogue box. It should be noted that this issue may still be triggered by using other characters to fill the space such as non-displayable characters and even extremely long file names. Users should be cautious about downloading files with the affected application.
14. Mozilla Firefox Insecure Default Installation Vulnerability
BugTraq ID: 11644
Remote: No
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11644
Summary:
Mozilla Firefox is a Web browser developed and supported by the Mozilla Organization. It is freely available for most UNIX and Linux based operating systems as well as Microsoft Windows.
An insecure default installation vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to place secure permissions on installed files. It should be noted that this issue only affects the vulnerable application installed on the Apple Mac OS X platform.
An unsuspecting user that double-clicks on such an affected application may have attacker-specified code executing with their privileges, potentially facilitating privilege escalation.
15. WhitSoft Development SlimFTPd Remote Buffer Overflow Vulnera...
BugTraq ID: 11645
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11645
Summary:
A remote buffer overflow vulnerability affects WhitSoft Development SlimFTPd. This issue is due to a failure of the application to perform proper bounds checking on user-supplied strings prior to copying them into process buffers.
An attacker can leverage this issue to execute arbitrary machine code with the privileges of the affected FTP server, facilitating unauthorized access and privilege escalation.
16. Multiple Browser IMG Tag Multiple Vulnerabilities
BugTraq ID: 11648
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11648
Summary:
Various browsers are reported prone to multiple vulnerabilities in the image handling functionality through the <IMG> tag. These issues can allow remote attackers to determine the existence of local files, cause a denial of service condition, and disclose passwords for Windows systems via file shares.
Mozilla Firefox 0.10.1 and prior versions are reported vulnerable to these issues. It is alleged that Microsoft Internet Explorer and Netscape Browsers are also vulnerable to these issues. Due to this vulnerable packages for Internet Explorer and Netscape have been added. This BID will be updated as more information becomes available.
17. 04WebServer Multiple Remote Vulnerabilities
BugTraq ID: 11652
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11652
Summary:
Multiple remote vulnerabilities reportedly affect 04WebServer. These issues are due to a failure of the application to properly sanitize user-supplied input.
An attacker may leverage these issues to carry out cross-site scripting attacks against any Web sites hosted on the affected server and to inject arbitrary characters into log files, potentially leading to corruption.
18. vBulletin LAST.PHP SQL Injection Vulnerability
BugTraq ID: 11658
Remote: Yes
Date Published: Nov 11 2004
Relevant URL: http://www.securityfocus.com/bid/11658
Summary:
vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query.
An attacker exploits this issue to manipulate and inject SQL queries onto the underlying database. It is reportedly possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to attack the underlying database.
Update: It is reported that this vulnerability exists in third party scripts that can be used with vBulletin. Currently, the vendor of the affected scripts is not known. This BID will be updated as more information becomes available.
19. Phorum FOLLOW.PHP SQL Injection Vulnerability
BugTraq ID: 11660
Remote: Yes
Date Published: Nov 11 2004
Relevant URL: http://www.securityfocus.com/bid/11660
Summary:
Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input.
This issue allows remote attackers to manipulate query logic, leading to unauthorized access to sensitive information such as the user password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
This issue has been reported to affected versions prior to 5.0.13.
20. ZoneLabs IMsecure URI Filter Bypass Vulnerability
BugTraq ID: 11662
Remote: Yes
Date Published: Nov 11 2004
Relevant URL: http://www.securityfocus.com/bid/11662
Summary:
It is reported that IMsecure is vulnerable to a filter bypass vulnerability.
This vulnerability allows remote attackers to bypass the security filter of the affected product.
Versions prior to 1.5.0.39 are reportedly affected by this vulnerability.
21. GD Graphics Library Multiple Unspecified Remote Buffer overf...
BugTraq ID: 11663
Remote: Yes
Date Published: Nov 12 2004
Relevant URL: http://www.securityfocus.com/bid/11663
Summary:
Multiple unspecified remote buffer overflow vulnerabilities have been identified in the GD Graphics Library. These issues are due to a failure of the library to do sufficient bounds checking prior to processing user-specified strings.
An attacker may leverage these issues to remotely execute arbitrary code on a computer with the privileges of a user that views a malicious image file. This may facilitate unauthorized access or privilege escalation.
22. ARJ Software UNARJ Remote Buffer Overflow Vulnerability
BugTraq ID: 11665
Remote: Yes
Date Published: Nov 12 2004
Relevant URL: http://www.securityfocus.com/bid/11665
Summary:
A remote buffer overflow vulnerability affects ARJ Software's unarj. This issue is caused by a failure of the application to carry out sufficient bounds checking on user-supplied strings prior to processing.
A remote attacker may leverage this issue to execute arbitrary code with the privileges of a user that process a malicious file with the affected application. This may facilitate unauthorized access or privilege escalation.
23. Youngzsoft CCProxy Logging Function Unspecified Remote Buffe...
BugTraq ID: 11666
Remote: Yes
Date Published: Nov 11 2004
Relevant URL: http://www.securityfocus.com/bid/11666
Summary:
CCProxy is reported prone to an unspecified remote buffer overflow vulnerability. This issue may allow remote attackers to execute arbitrary code on a vulnerable computer, which can allow for unauthorized access.
All versions of CCProxy are considered vulnerable at the moment.
24. SecureAction Research Secure Network Messenger Remote Denial...
BugTraq ID: 11670
Remote: Yes
Date Published: Nov 12 2004
Relevant URL: http://www.securityfocus.com/bid/11670
Summary:
A remote denial of service vulnerability affects SecureAction Research Secure Network Messenger. This issue is due to a failure of the application to properly handle exceptional network data.
An attacker may leverage this issue to cause a computer running the vulnerable application to crash, denying service to legitimate users.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Supported products in Windows Security Center (WSC) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/381203
2. Microsoft rights management server alternatives (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/381142
3. SecurityFocus Microsoft Newsletter #214 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/381012
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. lock 2.0
By: Uri Fridman
Relevant URL: http://www.geocities.com/urifrid/lock-2.0-src.zip
Platforms: Windows 2000
Summary:
Lock is a command line tool to lock the
workstation, options include:
- lock the workstation
- lock workstation and run default
screensaver
- minimize all open windows and lock the
workstation
- send the system to sleep (standby)
open source, free and small.
2. WapgGui 1.0
By: William D. Bartholomew
Relevant URL: http://www.bartholomew.id.au/Default.aspx?tabid=32
Platforms: Windows 2000, Windows XP
Summary:
A free, open-source, user-friendly interface to run the WAPG password generator. Supports generation of random and pronounceable passwords, specifying minimum and maximum length, specifying what character classes should or must be used, and much more.
3. VTrace 0.1
By: Emilio Cini
Relevant URL: http://www.guerradigital.com.br/vtrace/vtrace.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Tool for visual tracert, exhibiting the geographical location of each it plans that the package travels ties to arrive to the specified domain.
4. Random Number Generator Pro v1.31
By: Segobit Software
Relevant URL: http://www.segobit.com/rng.zip
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
Random Number Generator is a Windows based application designed to generate random numbers. Program allow users choose lower and upper limits and increments of the numbers. Limits can be positive or negative values. User can exclude digits from generated random numbers. Random numbers can be edit and copied to the clipboard for pasting into other applications. Random Number Generator can print all random numbers or save numbers as file. Random Number Generator will generate to 9999 numbers at the time.
5. creddump
By: Massimiliano Montoro
Relevant URL: http://www.oxid.it/downloads/creddump.zip
Platforms: Windows XP
Summary:
Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 and Windows XP to provide a secured store for credential information. It and allows you to input user name and passwords for various network resources and applications once, and then have the system automatically supply that information for subsequent visits to those resources without your intervention.
6. antinat v0.81
By: Malcolm Smith
Relevant URL: http://yallara.cs.rmit.edu.au/~malsmith/products/antinat/
Platforms: MacOS, POSIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The Antinat SOCKS Server is a multi-threaded, scalable SOCKS server with a client library for writing proxy-based applications. It supports SOCKS 4, SOCKS 5, authentication, firewalling, UDP, and name resolution.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Check Point
Learn how Check Point Connectra delivers secure
SSL VPN access, protecting your network from worms and
other malware threats. Download this free Web Security
Information Kit with whitepapers from Stratecast Partners
and Ziff-Davis, plus much more. It's free! Download now.
http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_041116
------------------------------------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]