SecurityFocus Microsoft Newsletter #220
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
I. FRONT AND CENTER
1. Zero Viruses In 2005?
2. Security Holes That Run Deep
II. MICROSOFT VULNERABILITY SUMMARY
1. Opera Web Browser Download Dialogue Box File Name Spoofing V...
2. Digital Illusions CE Codename Eagle Remote Denial Of Service...
3. SugarSales Multiple Remote Vulnerabilities
4. SQLgrey Postfix Greylisting Service Unspecified SQL Injectio...
5. Opera Web Browser KDE KFMCLIENT Remote Command Execution Vul...
6. Nullsoft Winamp Tag Processing Remote Denial Of Service Vuln...
7. Microsoft Windows Kernel Unchecked LPC Buffer Privilege Esca...
8. Microsoft Windows LSASS Connection Validation Privilege Esca...
9. Hilgraeve HyperTerminal Session Data Buffer Overflow Vulnera...
10. Sun Java System Web And Application Server Remote Session Di...
11. Microsoft Windows DHCP Server Logging Remote Denial Of Servi...
12. Microsoft Windows DHCP Server Remote Buffer Overflow Vulnera...
13. Microsoft Windows WINS Name Value Handling Remote Buffer Ove...
14. Adobe Acrobat Reader Email Message Remote Buffer Overflow Vu...
15. Microsoft Word for Windows 6.0 Converter Table Conversion Bu...
16. Microsoft Word for Windows 6.0 Converter Font Conversion Buf...
17. ASP-Rider Remote SQL Injection Vulnerability
18. Adobe Acrobat/Acrobat Reader ETD File Parser Format String V...
19. Vim Modelines Arbitrary Command Execution Variant Vulnerabil...
20. Novell NetMail Multiple Remote Vulnerabilities
21. 3Com 3CDaemon TFTP Service Remote Buffer Overflow Vulnerabil...
22. Apple Safari Web Browser HTML Form Status Bar Misrepresentat...
23. Microsoft Internet Explorer DHTML Edit Control Script Inject...
24. Cisco Unity With Exchange Default User Accounts and Password...
25. MPlayer MMST Get_Header Remote Client-Side Buffer Overflow V...
26. PHP Multiple Local And Remote Vulnerabilities
27. XLReader Remote Client-Side Buffer Overflow Vulnerability
28. Computer Associates eTrust EZ Antivirus Local Insecure Defau...
29. Samba Directory Access Control List Remote Integer Overflow ...
30. VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vul...
31. Yanf HTTP Response Buffer Overflow Vulnerability
32. PHP Multiple Remote Vulnerabilities
33. MPlayer And Xine-Lib Multiple Remote Client-Side Buffer Over...
34. NASM Error Preprocessor Directive Buffer Overflow Vulnerabil...
35. PHP JPEG Image Buffer Overflow Vulnerability
36. LinPopUp Remote Buffer Overflow Vulnerability
37. RARLAB WinRAR File Name Remote Client-Side Buffer Overflow V...
38. HTML2HDML File Conversion Buffer Overflow Vulnerability
39. ASP2PHP Preparse Token Variable Buffer Overflow Vulnerabilit...
40. ASP2PHP Preparse Temp Variable Buffer Overflow Vulnerability
41. ABC2MTEX Process ABC Key Field Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Securty Audit Correlating (Thread)
2. Subdomain security (Thread)
3. services running in windows domain (winXP clients) (Thread)
4. iisadmpwd/UPN (Thread)
5. SV: services running in windows domain (winXP client... (Thread)
6. Corrupt Certificate information on local system (Thread)
7. SecurityFocus Microsoft Newsletter #219 (Thread)
8. Group policy help needed!!! (Thread)
9. RE : Secondary Storage Device Policy (Thread)
10. Secondary Storage Device Policy (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Colasoft Capsa 4.05
2. Attack Tool Kit (ATK) 3.0
3. IDS Policy Manager v1.5
4. PatchLink Update 6.01.78
5. Dekart Private Disk 2.03
6. Remote Process Watcher 1.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Zero Viruses In 2005?
By Kelly Martin
It's the time of year to reflect on the good security choices you've made
over the year, the defense-in-depth strategy that you've decided to follow,
and plan for your response to future threats and virus outbreaks.
http://www.securityfocus.com/columnists/284
2. Security Holes That Run Deep
By Mark Burnett
How a seemingly simply Microsoft bug betrayed its author's disdain for a
wide range of secure coding principles.
http://www.securityfocus.com/columnists/285
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Opera Web Browser Download Dialogue Box File Name Spoofing V...
BugTraq ID: 11883
Remote: Yes
Date Published: Dec 11 2004
Relevant URL: http://www.securityfocus.com/bid/11883
Summary:
A download dialogue box file name spoofing vulnerability affects Opera. This issue is due to a design error that facilitates the spoofing of file names.
The problem presents itself when an unsuspecting user attempts to download a file from a malicious site. The malicious web site may respond with HTTP header data that is sufficient to trigger the issue. As a result of this attack, the requested filename and file type may be misrepresented in a file download dialog, making it possible for an attacker to make a potentially malicious file seem innocuous.
2. Digital Illusions CE Codename Eagle Remote Denial Of Service...
BugTraq ID: 11887
Remote: Yes
Date Published: Dec 13 2004
Relevant URL: http://www.securityfocus.com/bid/11887
Summary:
A remote denial of service vulnerability reportedly affects Digital Illusions CE Codename Eagle. This issue is due to a failure of the application to properly handle exceptional network data.
An attacker may leverage this issue to cause the affected application to stop responding to network-based messages, effectively denying service to legitimate, remote users. Due to the nature of the network protocol used by the affected application an attacker may spoof their network identity, facilitating anonymous exploitation.
3. SugarSales Multiple Remote Vulnerabilities
BugTraq ID: 11896
Remote: Yes
Date Published: Dec 13 2004
Relevant URL: http://www.securityfocus.com/bid/11896
Summary:
Multiple remote vulnerabilities are reported to exist in SugarSales.
The first reported issue is an SQL injection vulnerability. This vulnerability is due to a lack of proper input-validation by the application, prior to utilizing attacker-supplied data in and SQL query.
This vulnerability is reported to exist in versions prior to 2.0.1a.
The next issue is reportedly a directory traversal vulnerability. This vulnerability is also due to a lack of proper input-validation by the application.
The last reported issue is a remote denial of service and information disclosure vulnerability.
The directory traversal and installation script vulnerabilities reportedly exist in all current versions of SugarSales.
These vulnerabilities may be related to the issues disclosed in BID 11740.
4. SQLgrey Postfix Greylisting Service Unspecified SQL Injectio...
BugTraq ID: 11898
Remote: Yes
Date Published: Dec 13 2004
Relevant URL: http://www.securityfocus.com/bid/11898
Summary:
SQLgrey Postfix Greylisting Service is prone to an unspecified SQL injection vulnerability. This issue is reportedly due to insufficient sanitization of SQL syntax from fields in email processed by the software.
The issue could be exploited to influence SQL queries, potentially allowing for compromise of the software or other attacks that impact database security.
This issue was reportedly missed by the vendor when they fixed the issue described in BID 11633.
5. Opera Web Browser KDE KFMCLIENT Remote Command Execution Vul...
BugTraq ID: 11901
Remote: Yes
Date Published: Dec 13 2004
Relevant URL: http://www.securityfocus.com/bid/11901
Summary:
It is reported that Opera for Linux is susceptible to a remote command execution vulnerability. This issue is due to a default configuration setting in Opera that utilizes the KDE 'kfmclient' utility to open unknown content.
Exploitation of this issue allows attacker-supplied commands to be executed in the context of the user running Opera.
Version 7.54 of Opera for Linux with KDE version 3.2.3 is reported vulnerable to this issue. Other versions may also be affected.
6. Nullsoft Winamp Tag Processing Remote Denial Of Service Vuln...
BugTraq ID: 11909
Remote: Yes
Date Published: Dec 13 2004
Relevant URL: http://www.securityfocus.com/bid/11909
Summary:
Winamp is reported prone to a remote denial of service vulnerability. The issue is reported to present itself when certain '.mp4' and '.m4a' files are processed.
It is not known at this point whether this vulnerability may be exploited to any means other than a denial of service.
7. Microsoft Windows Kernel Unchecked LPC Buffer Privilege Esca...
BugTraq ID: 11913
Remote: No
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11913
Summary:
Microsoft Windows is prone to a locally exploitable privilege escalation vulnerability. This is reportedly due to an unchecked buffer that is exposed through the LPC (Local Procedure Call) interface in the Windows kernel.
Successful exploitation would permit a local attacker to compromise the vulnerable computer.
The vendor has stated that this issue may likely only result in a denial of service on Windows XP SP2 and Windows Server 2003 platforms. This may be due to buffer overflow protection features included in these platforms. It is possible that a skilled attacker could bypass these security measures.
It is noted that the vulnerability is present in an API, so any applications or libraries that rely on the API may be exposed to this issue.
8. Microsoft Windows LSASS Connection Validation Privilege Esca...
BugTraq ID: 11914
Remote: No
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11914
Summary:
Microsoft Windows is prone to a local privilege escalation vulnerability through LSASS (Local Security Authority Subsystem Service). The issue is reportedly due to an access validation error in LSASS.
Successful exploitation could result in a local user gaining SYSTEM level access on the computer.
9. Hilgraeve HyperTerminal Session Data Buffer Overflow Vulnera...
BugTraq ID: 11916
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11916
Summary:
A remote buffer overflow vulnerability affects the session parsing functionality of Hilgraeve HyperTerminal. HyperTerminal is shipped and installed with every copy of Microsoft Windows 98, ME, NT 4.0, 2000, XP, and 2003. It is the default telnet client in Microsoft 98 and ME, but not in Windows NT 4.0, 2000, XP, and 2003.
This issue is due to a failure of the application to properly validate the length of session-related strings prior to copying them into static process buffers. This may be triggered by a malicious session file or through a telnet URI in circumstances where HyperTerminal is configured to be the default handler for the telnet protocol.
An attacker may exploit this issue to execute arbitrary code with the privileges of the unsuspecting user that activates the vulnerable application. This may facilitate unauthorized access or privilege escalation.
10. Sun Java System Web And Application Server Remote Session Di...
BugTraq ID: 11918
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11918
Summary:
A remote session disclosure vulnerability affects the Sun Java System Web and Application Servers. This issue is due to a design error that may cause sessions IDs to be revealed.
This issue may be exploited to steal session IDs from unsuspecting users and gain access to their current sessions. Reportedly only sessions that do not require authentication are affected by this issue.
11. Microsoft Windows DHCP Server Logging Remote Denial Of Servi...
BugTraq ID: 11919
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11919
Summary:
Microsoft Windows DHCP server on NT 4 server platforms is reported susceptible to a remote denial of service vulnerability in its logging functionality. This issue is due to a failure of the application to properly handle user-supplied network input.
This vulnerability allows remote attackers to crash the affected service, denying service to legitimate users. This may allow attackers to interrupt network services to an entire network. It is believed that this issue would only result in a denial of service, though an unconfirmed possibility of code execution exists due to the apparent nature of the vulnerability.
It is noted that the service is not installed by default, nor is the affected logging facility enabled by default where the service has been installed.
12. Microsoft Windows DHCP Server Remote Buffer Overflow Vulnera...
BugTraq ID: 11920
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11920
Summary:
Microsoft Windows DHCP server on NT 4 server platforms is reported susceptible to a remote buffer overflow vulnerability. This issue is due to insufficient bounds checking of user-supplied network data.
This vulnerability allows remote attackers to execute arbitrary code in the context of the affected service. The DHCP server is running with administrative privileges, allowing remote attackers to gain administrative access, or to crash the affected service, denying service to legitimate users. This may allow attackers to interrupt network services to an entire network.
It is noted that the service is not installed by default.
13. Microsoft Windows WINS Name Value Handling Remote Buffer Ove...
BugTraq ID: 11922
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11922
Summary:
It is reported that the WINS server contains a buffer overflow vulnerability that when exploited will result in WINS process memory corruption. The issue exists due to a lack of sufficient boundary checks performed on computer 'name' data that is handled during a WINS transaction.
Ultimately, the issue could potentially be exploited remotely by a WINS client to execute arbitrary code with SYSTEM level privileges on a target WINS server. The service may be exposed via TCP/UDP port 42 by default, but the vendor has stated that other attack vectors may exist though none are known at this time.
14. Adobe Acrobat Reader Email Message Remote Buffer Overflow Vu...
BugTraq ID: 11923
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11923
Summary:
A remote buffer overflow vulnerability reportedly affects the email message checking functionality in Adobe Acrobat Reader for Unix. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
It should be noted that this issue only affects Adobe Acrobat Reader for the Unix platform.
15. Microsoft Word for Windows 6.0 Converter Table Conversion Bu...
BugTraq ID: 11927
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11927
Summary:
Microsoft Word for Windows 6.0 Converter is reported prone to a buffer overflow vulnerability. An attacker may exploit this issue to gain unauthorized access to a vulnerable computer in the context of the user running the application. This issue specifically exists in the Table Conversion functionality of the application.
It is reported that this issue may be exploited when a maliciously crafted file is opened in Microsoft WordPad.
Microsoft Word for Windows 6.0 Converter is not enabled by default on Windows XP Service Pack 2 and Windows Server 2003. This issue reportedly does not pose a significant risk on Windows 98, 98 SE, and ME; it may only cause a denial of service condition in the application without the possibility of code execution.
16. Microsoft Word for Windows 6.0 Converter Font Conversion Buf...
BugTraq ID: 11929
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11929
Summary:
Microsoft Word for Windows 6.0 Converter is reported prone to a buffer overflow vulnerability. An attacker may exploit this issue to gain unauthorized access to a vulnerable computer in the context of the user running the application. This issue specifically exists in the Font Conversion functionality of the application.
It is reported that this issue may be exploited when a maliciously crafted file is opened in Microsoft WordPad.
Microsoft Word for Windows 6.0 Converter is not enabled by default on Windows XP Service Pack 2 and Windows Server 2003. This issue does not pose a significant risk on Windows 98, 98 SE, and ME; it may only cause a denial of service condition in the application without the possibility of code execution.
17. ASP-Rider Remote SQL Injection Vulnerability
BugTraq ID: 11933
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11933
Summary:
A remote SQL injection vulnerability reportedly affects ASP-Rider Web blog. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
18. Adobe Acrobat/Acrobat Reader ETD File Parser Format String V...
BugTraq ID: 11934
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11934
Summary:
Adobe Acrobat/Acrobat Reader is reported prone to a remote format string vulnerability. The vulnerability is present in the ETD file parser when processing tag values. Reports indicate that the values supplied for certain tags are used as the format string in an unspecified formatted output function. Because an attacker can control the format string and the variables passed to the formatted output function, this vulnerability may be exploited to write to arbitrary locations within the memory of the process.
19. Vim Modelines Arbitrary Command Execution Variant Vulnerabil...
BugTraq ID: 11941
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11941
Summary:
Vim modelines is prone to a vulnerability that may permit execution of arbitrary commands. Reportedly, certain modelines options expose this issue. Exploitation could occur when a malicious file is opened in the editor and would occur in the context of the user opening the file.
This issue is similar to BID 6384.
20. Novell NetMail Multiple Remote Vulnerabilities
BugTraq ID: 11942
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11942
Summary:
Multiple remote vulnerabilities reportedly affect Novell NetMail. These vulnerabilities are due to multiple issues including failure to verify string length before copying them into static process buffers, failure to handle malformed input, and various design errors.
The first issue reported is a buffer overflow vulnerability in the IMAP functionality of the affected application. The second issue is a failure of the application to properly integrate with Symantec antivirus software. Finally a number of issues reported may facilitate denial of service attacks, although these are not confirmed.
An attacker may leverage these issues to execute arbitrary code on the affected computer, facilitating system compromise, anti-virus screening bypass, facilitating a false sense of security, and potentially carry out denial of service attacks.
21. 3Com 3CDaemon TFTP Service Remote Buffer Overflow Vulnerabil...
BugTraq ID: 11944
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11944
Summary:
3CDaemon TFTP service is reported to be prone to a remote denial of service vulnerability. The vulnerability presents itself when any command is invoked that contains a superfluous filename parameter. When such a command is handled, the 3CDaemon will fail reporting opmode 0x01.
22. Apple Safari Web Browser HTML Form Status Bar Misrepresentat...
BugTraq ID: 11949
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11949
Summary:
A vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site.
The issue presents itself when an attacker creates an HTML form with the submit 'value' property set to a legitimate site and the 'action' property set to the attacker-specified site. The malicious form could also be embedded in a link using the HTML Anchor tag and specifying the legitimate site as the 'href' property. As a result, the attacker-supplied link would point to the legitimate site and the status bar would display the address of the legitimate site as well.
23. Microsoft Internet Explorer DHTML Edit Control Script Inject...
BugTraq ID: 11950
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11950
Summary:
Microsoft Internet Explorer DHTML Edit control may be used to carry out cross-domain script injection. This issue may allow an attacker to execute malicious script code in a user's browser to facilitate cross-site scripting type attacks.
It is possible to steal cookie-based authentication credentials through this vulnerability. Other attacks may be possible as well.
24. Cisco Unity With Exchange Default User Accounts and Password...
BugTraq ID: 11954
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11954
Summary:
It is reported that vulnerable Unity systems contain default user accounts and passwords that can be used by an attacker to gain unauthorized access. This issue only arises when Unity is integrated with Microsoft Exchange.
Unauthorized attakers may use these accounts to gain administrative access to vulnerable systems. Some accounts can allow attackers to disclose messages going to and from external voicemail systems.
25. MPlayer MMST Get_Header Remote Client-Side Buffer Overflow V...
BugTraq ID: 11962
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11962
Summary:
A remote, client-side buffer overflow vulnerability reportedly affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
26. PHP Multiple Local And Remote Vulnerabilities
BugTraq ID: 11964
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11964
Summary:
PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The following specific issues are reported:
A heap-based buffer overflow is reported to affect the PHP 'pack()' function call. An attacker that has the ability to make the PHP interpreter run a malicious script may exploit this condition to execute arbitrary instructions in the context of the vulnerable process.
A heap-based memory disclosure vulnerability is reported to affect the PHP 'unpack()' function call. An attacker that has the ability to make the PHP interpreter run a malicious script may exploit this condition to reveal portions of the process heap.
PHP safe_mode_exec_dir is reported prone to an access control bypass vulnerability. A local attacker that can manipulate the directory name from which the PHP script is called, may bypass 'safe_mode_exec_dir' restrictions by placing shell metacharacters and restricted commands into the directory name of the current directory.
PHP safe_mode is reported prone to an access control bypass vulnerability. An attacker that has the ability to make the PHP interpreter run a malicious script may exploit this condition to execute commands that are otherwise restricted by PHP safe_mode.
PHP is reported prone to a 'realpath()' path truncation vulnerability. The vulnerability exists due to a lack of sanitization as to whether a path has been silently truncated by the libc realpath() function or not. This may lead to remote file include vulnerabilities in some cases.
The PHP function 'unserialize()' is reported prone to a memory corruption vulnerability. This corruption may be leveraged by a remote attacker that has the ability to make the PHP interpreter run a malicious script to execute arbitrary code in the context of the vulnerable process.
The PHP function 'unserialize()' is also reported prone to an information disclosure vulnerability. This issue may be leveraged by a remote attacker to disclose the contents of heap memory. This may allow them to gain access to potentially sensitive information, such as database credentials.
Finally, the PHP function 'unserialize()', is reported prone to an additional vulnerability. It is reported that previous versions of this function allow a malicious programmer to set references to entries of a variable hash that have already been freed. This can lead to remote memory corruption.
27. XLReader Remote Client-Side Buffer Overflow Vulnerability
BugTraq ID: 11970
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11970
Summary:
A remote, client-side buffer overflow vulnerability affects xlreader. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
28. Computer Associates eTrust EZ Antivirus Local Insecure Defau...
BugTraq ID: 11971
Remote: No
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11971
Summary:
A local insecure installation vulnerability affects eTrust EZ Antivirus. This issue is due to a failure of the application to properly secure files upon installation.
An attacker may leverage this issue to manipulate installed files, potentially allowing them to disable anti-virus protection or execute code with SYSTEM privileges.
29. Samba Directory Access Control List Remote Integer Overflow ...
BugTraq ID: 11973
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11973
Summary:
A remotely exploitable integer overflow vulnerability affects the directory access control list (DACL) processing functionality of Samba. This issue is due to a failure of the application to properly perform sanity checking on calculated data sizes prior to copying data into static process buffers.
An attacker with access to an SMB share may leverage this issue to overwrite the heap of the affected process, facilitating code execution with superuser privileges.
30. VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vul...
BugTraq ID: 11974
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11974
Summary:
VERITAS Backup Exec is reported prone to a remote buffer overflow vulnerability. This issue exists because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. A remote attacker can exploit this issue to execute arbitrary code on a vulnerable computer leading to a complete compromise.
It is reported that this issue presents itself in an unspecified function that is responsible for handling registration requests. This function is part of the Agent Browser service code.
31. Yanf HTTP Response Buffer Overflow Vulnerability
BugTraq ID: 11975
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11975
Summary:
Yanf is prone to a buffer overflow vulnerability. This issue is exposed when the client reads data from a remote HTTP server.
If this issue is successfully exploited, it could allow for execution of arbitrary code in the context of the user running the client.
32. PHP Multiple Remote Vulnerabilities
BugTraq ID: 11981
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11981
Summary:
PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal attacks to disclose arbitrary files and upload files to arbitrary locations.
It is reported that these vulnerabilities may only be exploited on Windows.
33. MPlayer And Xine-Lib Multiple Remote Client-Side Buffer Over...
BugTraq ID: 11987
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11987
Summary:
Multiple remote, client side buffer overflow vulnerabilities reportedly affect xine-lib and MPlayer. These issues are due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
34. NASM Error Preprocessor Directive Buffer Overflow Vulnerabil...
BugTraq ID: 11991
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11991
Summary:
NASM is prone to a buffer overflow. This condition is exposed when the application attempts to assemble a source file that contains malformed '%error' preprocessor directive arguments. Since the source file may originate from an external or untrusted source, this vulnerability is considered remote in nature.
Successful exploitation will permit arbitrary code execution with the privileges of the user running the application.
35. PHP JPEG Image Buffer Overflow Vulnerability
BugTraq ID: 11992
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11992
Summary:
It is reported that PHP is susceptible to a buffer overflow vulnerability in handling JPEG images. This issue is due to a failure of the application to properly bounds check user-supplied image data prior to copying it into a fixed-size memory buffer.
This vulnerability allows remote attackers to alter the proper flow of execution of the application, potentially resulting in the execution of attacker-supplied machine code in the context of the web server executing the PHP interpreter.
36. LinPopUp Remote Buffer Overflow Vulnerability
BugTraq ID: 11997
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11997
Summary:
LinPopUp is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain unauthorized access to a computer in the context of the application.
An attacker can exploit this issue by crafting a malicious message that contains excessive string data, replacement memory addresses, and executable instructions to trigger this issue.
LinPopUp version 1.2.0 is reported prone to this vulnerability. It is likely that other versions are affected as well.
37. RARLAB WinRAR File Name Remote Client-Side Buffer Overflow V...
BugTraq ID: 12002
Remote: Yes
Date Published: Dec 17 2004
Relevant URL: http://www.securityfocus.com/bid/12002
Summary:
A remote, client-side buffer overflow vulnerability has been reported in the reported file name processing functionality of RARLAB WinRAR. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
38. HTML2HDML File Conversion Buffer Overflow Vulnerability
BugTraq ID: 12003
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/12003
Summary:
html2hdml is prone to a buffer overflow vulnerability. This issue is exposed when converting HTML files to HDML (Handheld Device Markup Language). Since HTML files may originate from an external or untrusted source, this vulnerability is considered remote in nature.
Successful exploitation may result in execution of arbitrary code in the context of the user running the application.
39. ASP2PHP Preparse Token Variable Buffer Overflow Vulnerabilit...
BugTraq ID: 12014
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/12014
Summary:
asp2php is prone to a buffer overflow vulnerability. This issue is exposed when the application is used to convert an ASP file to PHP. The particular issue is related to parsing of tokens in ASP files. Since ASP files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature.
Successful exploitation would allow for execution of arbitrary code in the context of the user running the application.
This issue is reportedly distinct from BID 12015 (ASP2PHP Preparse Temp Variable Buffer Overflow Vulnerability). The differences that distinguish these issues are two separate vulnerabilities have not been determined at this time, other than that the overrun occurs in a different destination buffer.
40. ASP2PHP Preparse Temp Variable Buffer Overflow Vulnerability
BugTraq ID: 12015
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/12015
Summary:
asp2php is prone to a buffer overflow vulnerability. This issue is exposed when the application is used to convert an ASP file to PHP. The particular issue is related to parsing of tokens in ASP files. Since ASP files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature.
Successful exploitation would allow for execution of arbitrary code in the context of the user running the application.
This issue is reportedly distinct from BID 12014 (ASP2PHP Preparse Token Buffer Overflow Vulnerability). The differences that distinguish these issues are two separate vulnerabilities have not been determined at this time, other than that the overrun occurs in a different destination buffer.
41. ABC2MTEX Process ABC Key Field Buffer Overflow Vulnerability
BugTraq ID: 12018
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/12018
Summary:
abc2mtex is prone to a buffer overflow vulnerability. This issue is exposed when the program is used to convert ABC music notation files to MTEX format. In particular, the issue is due to insufficient bounds checking of key data in ABC notation files. Since the ABC files may originate from an external or untrusted source, this issue is considered remote in nature.
Successful exploitation will result in execution of arbitrary code in the context of the user running the application.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Securty Audit Correlating (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/385085
2. Subdomain security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/385079
3. services running in windows domain (winXP clients) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/385068
4. iisadmpwd/UPN (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384824
5. SV: services running in windows domain (winXP client... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384649
6. Corrupt Certificate information on local system (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384610
7. SecurityFocus Microsoft Newsletter #219 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384592
8. Group policy help needed!!! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384490
9. RE : Secondary Storage Device Policy (Thread)
Relevant URL:
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Colasoft Capsa 4.05
By: Roy Luo
Relevant URL: http://www.colasoft.com/
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Capsa is a powerful but easy to use network monitor and analyzer designed for packet decoding and network diagnosis. With the abilities of real time monitoring and data analyzing, you can capture and decode network traffic transmitted over local host and local network. Capsa has Packet Analysis Module and three advanced analysis modules: Email Analysis Module, Web Analysis Module and Transaction Analysis Module.
2. Attack Tool Kit (ATK) 3.0
By: Marc Ruef
Relevant URL: http://www.computec.ch/projekte/atk/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The Attack Tool Kit (ATK) is an open-source utility to realize penetration tests and enhance security audits. The most important changes in ATK 3.0 are the introduction of a dedicated exploiting routine and the Plugin AutoUpdate (over HTTP).
3. IDS Policy Manager v1.5
By: ActiveWorx
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
IDS Policy Manager was designed to manage Snort IDS sensors in a distributed environment. This is done by having the ability to take the textconfiguration and rule files and allow you to modify them with an easy touse graphical interface. With the added ability to merge new rule sets,manage preprocessors, control output modules and scp rules to sensors, thistool makes managing snort easy for most security professionals.
4. PatchLink Update 6.01.78
By: PatchLink Corporation
Relevant URL: http://www.patchlink.com/products_services/plu_evaluationrequest.html
Platforms: AIX, DG-UX, Digital UNIX/Alpha, DOS, HP-UX, Java, Linux, MacOS, Net, NetBSD, Netware, OpenVMS, PalmOS, POSIX, SecureBSD, SINIX, Solaris, SunOS, True64 UN, True64 UNIX, Ultrix, UNICOS, UNIX, Unixware, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
With PATCHLINK UPDATE, patch management is the secure, proactive, and preventative process it should be. PATCHLINK UPDATE scans networks for security holes and closes them with the click of a mouse, no matter the operating system, the vendor applications, the mix, or the size of the environment. From 5K nodes to 20+K nodes, PATCHLINK UPDATE works quickly, accurately and safely to ensure desktops and servers are patched correctly and completely the first time around.
5. Dekart Private Disk 2.03
By: Dekart
Relevant URL: http://www.private-disk.net/
Platforms: Windows XP
Summary:
Private Disk - is an easy-to-use, reliable, user-friendly and smart program that lets you create encrypted disk partitions (drive letters) to keep your private and confidential data secure. Uses 256-bit AES encryption.
6. Remote Process Watcher 1.0
By: Fitsec Tmi
Relevant URL: http://www.fitsec.com/downloads
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
A Java based software that watches processes running on the computers inside a domain. Gives out warnings when it spots a process that it doesn't recognize or processes that have been marked on the warning list. It is also able to autokill processes marked as critical.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Zero Viruses In 2005?
2. Security Holes That Run Deep
II. MICROSOFT VULNERABILITY SUMMARY
1. Opera Web Browser Download Dialogue Box File Name Spoofing V...
2. Digital Illusions CE Codename Eagle Remote Denial Of Service...
3. SugarSales Multiple Remote Vulnerabilities
4. SQLgrey Postfix Greylisting Service Unspecified SQL Injectio...
5. Opera Web Browser KDE KFMCLIENT Remote Command Execution Vul...
6. Nullsoft Winamp Tag Processing Remote Denial Of Service Vuln...
7. Microsoft Windows Kernel Unchecked LPC Buffer Privilege Esca...
8. Microsoft Windows LSASS Connection Validation Privilege Esca...
9. Hilgraeve HyperTerminal Session Data Buffer Overflow Vulnera...
10. Sun Java System Web And Application Server Remote Session Di...
11. Microsoft Windows DHCP Server Logging Remote Denial Of Servi...
12. Microsoft Windows DHCP Server Remote Buffer Overflow Vulnera...
13. Microsoft Windows WINS Name Value Handling Remote Buffer Ove...
14. Adobe Acrobat Reader Email Message Remote Buffer Overflow Vu...
15. Microsoft Word for Windows 6.0 Converter Table Conversion Bu...
16. Microsoft Word for Windows 6.0 Converter Font Conversion Buf...
17. ASP-Rider Remote SQL Injection Vulnerability
18. Adobe Acrobat/Acrobat Reader ETD File Parser Format String V...
19. Vim Modelines Arbitrary Command Execution Variant Vulnerabil...
20. Novell NetMail Multiple Remote Vulnerabilities
21. 3Com 3CDaemon TFTP Service Remote Buffer Overflow Vulnerabil...
22. Apple Safari Web Browser HTML Form Status Bar Misrepresentat...
23. Microsoft Internet Explorer DHTML Edit Control Script Inject...
24. Cisco Unity With Exchange Default User Accounts and Password...
25. MPlayer MMST Get_Header Remote Client-Side Buffer Overflow V...
26. PHP Multiple Local And Remote Vulnerabilities
27. XLReader Remote Client-Side Buffer Overflow Vulnerability
28. Computer Associates eTrust EZ Antivirus Local Insecure Defau...
29. Samba Directory Access Control List Remote Integer Overflow ...
30. VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vul...
31. Yanf HTTP Response Buffer Overflow Vulnerability
32. PHP Multiple Remote Vulnerabilities
33. MPlayer And Xine-Lib Multiple Remote Client-Side Buffer Over...
34. NASM Error Preprocessor Directive Buffer Overflow Vulnerabil...
35. PHP JPEG Image Buffer Overflow Vulnerability
36. LinPopUp Remote Buffer Overflow Vulnerability
37. RARLAB WinRAR File Name Remote Client-Side Buffer Overflow V...
38. HTML2HDML File Conversion Buffer Overflow Vulnerability
39. ASP2PHP Preparse Token Variable Buffer Overflow Vulnerabilit...
40. ASP2PHP Preparse Temp Variable Buffer Overflow Vulnerability
41. ABC2MTEX Process ABC Key Field Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Securty Audit Correlating (Thread)
2. Subdomain security (Thread)
3. services running in windows domain (winXP clients) (Thread)
4. iisadmpwd/UPN (Thread)
5. SV: services running in windows domain (winXP client... (Thread)
6. Corrupt Certificate information on local system (Thread)
7. SecurityFocus Microsoft Newsletter #219 (Thread)
8. Group policy help needed!!! (Thread)
9. RE : Secondary Storage Device Policy (Thread)
10. Secondary Storage Device Policy (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Colasoft Capsa 4.05
2. Attack Tool Kit (ATK) 3.0
3. IDS Policy Manager v1.5
4. PatchLink Update 6.01.78
5. Dekart Private Disk 2.03
6. Remote Process Watcher 1.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Zero Viruses In 2005?
By Kelly Martin
It's the time of year to reflect on the good security choices you've made
over the year, the defense-in-depth strategy that you've decided to follow,
and plan for your response to future threats and virus outbreaks.
http://www.securityfocus.com/columnists/284
2. Security Holes That Run Deep
By Mark Burnett
How a seemingly simply Microsoft bug betrayed its author's disdain for a
wide range of secure coding principles.
http://www.securityfocus.com/columnists/285
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Opera Web Browser Download Dialogue Box File Name Spoofing V...
BugTraq ID: 11883
Remote: Yes
Date Published: Dec 11 2004
Relevant URL: http://www.securityfocus.com/bid/11883
Summary:
A download dialogue box file name spoofing vulnerability affects Opera. This issue is due to a design error that facilitates the spoofing of file names.
The problem presents itself when an unsuspecting user attempts to download a file from a malicious site. The malicious web site may respond with HTTP header data that is sufficient to trigger the issue. As a result of this attack, the requested filename and file type may be misrepresented in a file download dialog, making it possible for an attacker to make a potentially malicious file seem innocuous.
2. Digital Illusions CE Codename Eagle Remote Denial Of Service...
BugTraq ID: 11887
Remote: Yes
Date Published: Dec 13 2004
Relevant URL: http://www.securityfocus.com/bid/11887
Summary:
A remote denial of service vulnerability reportedly affects Digital Illusions CE Codename Eagle. This issue is due to a failure of the application to properly handle exceptional network data.
An attacker may leverage this issue to cause the affected application to stop responding to network-based messages, effectively denying service to legitimate, remote users. Due to the nature of the network protocol used by the affected application an attacker may spoof their network identity, facilitating anonymous exploitation.
3. SugarSales Multiple Remote Vulnerabilities
BugTraq ID: 11896
Remote: Yes
Date Published: Dec 13 2004
Relevant URL: http://www.securityfocus.com/bid/11896
Summary:
Multiple remote vulnerabilities are reported to exist in SugarSales.
The first reported issue is an SQL injection vulnerability. This vulnerability is due to a lack of proper input-validation by the application, prior to utilizing attacker-supplied data in and SQL query.
This vulnerability is reported to exist in versions prior to 2.0.1a.
The next issue is reportedly a directory traversal vulnerability. This vulnerability is also due to a lack of proper input-validation by the application.
The last reported issue is a remote denial of service and information disclosure vulnerability.
The directory traversal and installation script vulnerabilities reportedly exist in all current versions of SugarSales.
These vulnerabilities may be related to the issues disclosed in BID 11740.
4. SQLgrey Postfix Greylisting Service Unspecified SQL Injectio...
BugTraq ID: 11898
Remote: Yes
Date Published: Dec 13 2004
Relevant URL: http://www.securityfocus.com/bid/11898
Summary:
SQLgrey Postfix Greylisting Service is prone to an unspecified SQL injection vulnerability. This issue is reportedly due to insufficient sanitization of SQL syntax from fields in email processed by the software.
The issue could be exploited to influence SQL queries, potentially allowing for compromise of the software or other attacks that impact database security.
This issue was reportedly missed by the vendor when they fixed the issue described in BID 11633.
5. Opera Web Browser KDE KFMCLIENT Remote Command Execution Vul...
BugTraq ID: 11901
Remote: Yes
Date Published: Dec 13 2004
Relevant URL: http://www.securityfocus.com/bid/11901
Summary:
It is reported that Opera for Linux is susceptible to a remote command execution vulnerability. This issue is due to a default configuration setting in Opera that utilizes the KDE 'kfmclient' utility to open unknown content.
Exploitation of this issue allows attacker-supplied commands to be executed in the context of the user running Opera.
Version 7.54 of Opera for Linux with KDE version 3.2.3 is reported vulnerable to this issue. Other versions may also be affected.
6. Nullsoft Winamp Tag Processing Remote Denial Of Service Vuln...
BugTraq ID: 11909
Remote: Yes
Date Published: Dec 13 2004
Relevant URL: http://www.securityfocus.com/bid/11909
Summary:
Winamp is reported prone to a remote denial of service vulnerability. The issue is reported to present itself when certain '.mp4' and '.m4a' files are processed.
It is not known at this point whether this vulnerability may be exploited to any means other than a denial of service.
7. Microsoft Windows Kernel Unchecked LPC Buffer Privilege Esca...
BugTraq ID: 11913
Remote: No
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11913
Summary:
Microsoft Windows is prone to a locally exploitable privilege escalation vulnerability. This is reportedly due to an unchecked buffer that is exposed through the LPC (Local Procedure Call) interface in the Windows kernel.
Successful exploitation would permit a local attacker to compromise the vulnerable computer.
The vendor has stated that this issue may likely only result in a denial of service on Windows XP SP2 and Windows Server 2003 platforms. This may be due to buffer overflow protection features included in these platforms. It is possible that a skilled attacker could bypass these security measures.
It is noted that the vulnerability is present in an API, so any applications or libraries that rely on the API may be exposed to this issue.
8. Microsoft Windows LSASS Connection Validation Privilege Esca...
BugTraq ID: 11914
Remote: No
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11914
Summary:
Microsoft Windows is prone to a local privilege escalation vulnerability through LSASS (Local Security Authority Subsystem Service). The issue is reportedly due to an access validation error in LSASS.
Successful exploitation could result in a local user gaining SYSTEM level access on the computer.
9. Hilgraeve HyperTerminal Session Data Buffer Overflow Vulnera...
BugTraq ID: 11916
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11916
Summary:
A remote buffer overflow vulnerability affects the session parsing functionality of Hilgraeve HyperTerminal. HyperTerminal is shipped and installed with every copy of Microsoft Windows 98, ME, NT 4.0, 2000, XP, and 2003. It is the default telnet client in Microsoft 98 and ME, but not in Windows NT 4.0, 2000, XP, and 2003.
This issue is due to a failure of the application to properly validate the length of session-related strings prior to copying them into static process buffers. This may be triggered by a malicious session file or through a telnet URI in circumstances where HyperTerminal is configured to be the default handler for the telnet protocol.
An attacker may exploit this issue to execute arbitrary code with the privileges of the unsuspecting user that activates the vulnerable application. This may facilitate unauthorized access or privilege escalation.
10. Sun Java System Web And Application Server Remote Session Di...
BugTraq ID: 11918
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11918
Summary:
A remote session disclosure vulnerability affects the Sun Java System Web and Application Servers. This issue is due to a design error that may cause sessions IDs to be revealed.
This issue may be exploited to steal session IDs from unsuspecting users and gain access to their current sessions. Reportedly only sessions that do not require authentication are affected by this issue.
11. Microsoft Windows DHCP Server Logging Remote Denial Of Servi...
BugTraq ID: 11919
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11919
Summary:
Microsoft Windows DHCP server on NT 4 server platforms is reported susceptible to a remote denial of service vulnerability in its logging functionality. This issue is due to a failure of the application to properly handle user-supplied network input.
This vulnerability allows remote attackers to crash the affected service, denying service to legitimate users. This may allow attackers to interrupt network services to an entire network. It is believed that this issue would only result in a denial of service, though an unconfirmed possibility of code execution exists due to the apparent nature of the vulnerability.
It is noted that the service is not installed by default, nor is the affected logging facility enabled by default where the service has been installed.
12. Microsoft Windows DHCP Server Remote Buffer Overflow Vulnera...
BugTraq ID: 11920
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11920
Summary:
Microsoft Windows DHCP server on NT 4 server platforms is reported susceptible to a remote buffer overflow vulnerability. This issue is due to insufficient bounds checking of user-supplied network data.
This vulnerability allows remote attackers to execute arbitrary code in the context of the affected service. The DHCP server is running with administrative privileges, allowing remote attackers to gain administrative access, or to crash the affected service, denying service to legitimate users. This may allow attackers to interrupt network services to an entire network.
It is noted that the service is not installed by default.
13. Microsoft Windows WINS Name Value Handling Remote Buffer Ove...
BugTraq ID: 11922
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11922
Summary:
It is reported that the WINS server contains a buffer overflow vulnerability that when exploited will result in WINS process memory corruption. The issue exists due to a lack of sufficient boundary checks performed on computer 'name' data that is handled during a WINS transaction.
Ultimately, the issue could potentially be exploited remotely by a WINS client to execute arbitrary code with SYSTEM level privileges on a target WINS server. The service may be exposed via TCP/UDP port 42 by default, but the vendor has stated that other attack vectors may exist though none are known at this time.
14. Adobe Acrobat Reader Email Message Remote Buffer Overflow Vu...
BugTraq ID: 11923
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11923
Summary:
A remote buffer overflow vulnerability reportedly affects the email message checking functionality in Adobe Acrobat Reader for Unix. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
It should be noted that this issue only affects Adobe Acrobat Reader for the Unix platform.
15. Microsoft Word for Windows 6.0 Converter Table Conversion Bu...
BugTraq ID: 11927
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11927
Summary:
Microsoft Word for Windows 6.0 Converter is reported prone to a buffer overflow vulnerability. An attacker may exploit this issue to gain unauthorized access to a vulnerable computer in the context of the user running the application. This issue specifically exists in the Table Conversion functionality of the application.
It is reported that this issue may be exploited when a maliciously crafted file is opened in Microsoft WordPad.
Microsoft Word for Windows 6.0 Converter is not enabled by default on Windows XP Service Pack 2 and Windows Server 2003. This issue reportedly does not pose a significant risk on Windows 98, 98 SE, and ME; it may only cause a denial of service condition in the application without the possibility of code execution.
16. Microsoft Word for Windows 6.0 Converter Font Conversion Buf...
BugTraq ID: 11929
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11929
Summary:
Microsoft Word for Windows 6.0 Converter is reported prone to a buffer overflow vulnerability. An attacker may exploit this issue to gain unauthorized access to a vulnerable computer in the context of the user running the application. This issue specifically exists in the Font Conversion functionality of the application.
It is reported that this issue may be exploited when a maliciously crafted file is opened in Microsoft WordPad.
Microsoft Word for Windows 6.0 Converter is not enabled by default on Windows XP Service Pack 2 and Windows Server 2003. This issue does not pose a significant risk on Windows 98, 98 SE, and ME; it may only cause a denial of service condition in the application without the possibility of code execution.
17. ASP-Rider Remote SQL Injection Vulnerability
BugTraq ID: 11933
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11933
Summary:
A remote SQL injection vulnerability reportedly affects ASP-Rider Web blog. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
18. Adobe Acrobat/Acrobat Reader ETD File Parser Format String V...
BugTraq ID: 11934
Remote: Yes
Date Published: Dec 14 2004
Relevant URL: http://www.securityfocus.com/bid/11934
Summary:
Adobe Acrobat/Acrobat Reader is reported prone to a remote format string vulnerability. The vulnerability is present in the ETD file parser when processing tag values. Reports indicate that the values supplied for certain tags are used as the format string in an unspecified formatted output function. Because an attacker can control the format string and the variables passed to the formatted output function, this vulnerability may be exploited to write to arbitrary locations within the memory of the process.
19. Vim Modelines Arbitrary Command Execution Variant Vulnerabil...
BugTraq ID: 11941
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11941
Summary:
Vim modelines is prone to a vulnerability that may permit execution of arbitrary commands. Reportedly, certain modelines options expose this issue. Exploitation could occur when a malicious file is opened in the editor and would occur in the context of the user opening the file.
This issue is similar to BID 6384.
20. Novell NetMail Multiple Remote Vulnerabilities
BugTraq ID: 11942
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11942
Summary:
Multiple remote vulnerabilities reportedly affect Novell NetMail. These vulnerabilities are due to multiple issues including failure to verify string length before copying them into static process buffers, failure to handle malformed input, and various design errors.
The first issue reported is a buffer overflow vulnerability in the IMAP functionality of the affected application. The second issue is a failure of the application to properly integrate with Symantec antivirus software. Finally a number of issues reported may facilitate denial of service attacks, although these are not confirmed.
An attacker may leverage these issues to execute arbitrary code on the affected computer, facilitating system compromise, anti-virus screening bypass, facilitating a false sense of security, and potentially carry out denial of service attacks.
21. 3Com 3CDaemon TFTP Service Remote Buffer Overflow Vulnerabil...
BugTraq ID: 11944
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11944
Summary:
3CDaemon TFTP service is reported to be prone to a remote denial of service vulnerability. The vulnerability presents itself when any command is invoked that contains a superfluous filename parameter. When such a command is handled, the 3CDaemon will fail reporting opmode 0x01.
22. Apple Safari Web Browser HTML Form Status Bar Misrepresentat...
BugTraq ID: 11949
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11949
Summary:
A vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site.
The issue presents itself when an attacker creates an HTML form with the submit 'value' property set to a legitimate site and the 'action' property set to the attacker-specified site. The malicious form could also be embedded in a link using the HTML Anchor tag and specifying the legitimate site as the 'href' property. As a result, the attacker-supplied link would point to the legitimate site and the status bar would display the address of the legitimate site as well.
23. Microsoft Internet Explorer DHTML Edit Control Script Inject...
BugTraq ID: 11950
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11950
Summary:
Microsoft Internet Explorer DHTML Edit control may be used to carry out cross-domain script injection. This issue may allow an attacker to execute malicious script code in a user's browser to facilitate cross-site scripting type attacks.
It is possible to steal cookie-based authentication credentials through this vulnerability. Other attacks may be possible as well.
24. Cisco Unity With Exchange Default User Accounts and Password...
BugTraq ID: 11954
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11954
Summary:
It is reported that vulnerable Unity systems contain default user accounts and passwords that can be used by an attacker to gain unauthorized access. This issue only arises when Unity is integrated with Microsoft Exchange.
Unauthorized attakers may use these accounts to gain administrative access to vulnerable systems. Some accounts can allow attackers to disclose messages going to and from external voicemail systems.
25. MPlayer MMST Get_Header Remote Client-Side Buffer Overflow V...
BugTraq ID: 11962
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11962
Summary:
A remote, client-side buffer overflow vulnerability reportedly affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
26. PHP Multiple Local And Remote Vulnerabilities
BugTraq ID: 11964
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11964
Summary:
PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The following specific issues are reported:
A heap-based buffer overflow is reported to affect the PHP 'pack()' function call. An attacker that has the ability to make the PHP interpreter run a malicious script may exploit this condition to execute arbitrary instructions in the context of the vulnerable process.
A heap-based memory disclosure vulnerability is reported to affect the PHP 'unpack()' function call. An attacker that has the ability to make the PHP interpreter run a malicious script may exploit this condition to reveal portions of the process heap.
PHP safe_mode_exec_dir is reported prone to an access control bypass vulnerability. A local attacker that can manipulate the directory name from which the PHP script is called, may bypass 'safe_mode_exec_dir' restrictions by placing shell metacharacters and restricted commands into the directory name of the current directory.
PHP safe_mode is reported prone to an access control bypass vulnerability. An attacker that has the ability to make the PHP interpreter run a malicious script may exploit this condition to execute commands that are otherwise restricted by PHP safe_mode.
PHP is reported prone to a 'realpath()' path truncation vulnerability. The vulnerability exists due to a lack of sanitization as to whether a path has been silently truncated by the libc realpath() function or not. This may lead to remote file include vulnerabilities in some cases.
The PHP function 'unserialize()' is reported prone to a memory corruption vulnerability. This corruption may be leveraged by a remote attacker that has the ability to make the PHP interpreter run a malicious script to execute arbitrary code in the context of the vulnerable process.
The PHP function 'unserialize()' is also reported prone to an information disclosure vulnerability. This issue may be leveraged by a remote attacker to disclose the contents of heap memory. This may allow them to gain access to potentially sensitive information, such as database credentials.
Finally, the PHP function 'unserialize()', is reported prone to an additional vulnerability. It is reported that previous versions of this function allow a malicious programmer to set references to entries of a variable hash that have already been freed. This can lead to remote memory corruption.
27. XLReader Remote Client-Side Buffer Overflow Vulnerability
BugTraq ID: 11970
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11970
Summary:
A remote, client-side buffer overflow vulnerability affects xlreader. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
28. Computer Associates eTrust EZ Antivirus Local Insecure Defau...
BugTraq ID: 11971
Remote: No
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11971
Summary:
A local insecure installation vulnerability affects eTrust EZ Antivirus. This issue is due to a failure of the application to properly secure files upon installation.
An attacker may leverage this issue to manipulate installed files, potentially allowing them to disable anti-virus protection or execute code with SYSTEM privileges.
29. Samba Directory Access Control List Remote Integer Overflow ...
BugTraq ID: 11973
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11973
Summary:
A remotely exploitable integer overflow vulnerability affects the directory access control list (DACL) processing functionality of Samba. This issue is due to a failure of the application to properly perform sanity checking on calculated data sizes prior to copying data into static process buffers.
An attacker with access to an SMB share may leverage this issue to overwrite the heap of the affected process, facilitating code execution with superuser privileges.
30. VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vul...
BugTraq ID: 11974
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11974
Summary:
VERITAS Backup Exec is reported prone to a remote buffer overflow vulnerability. This issue exists because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. A remote attacker can exploit this issue to execute arbitrary code on a vulnerable computer leading to a complete compromise.
It is reported that this issue presents itself in an unspecified function that is responsible for handling registration requests. This function is part of the Agent Browser service code.
31. Yanf HTTP Response Buffer Overflow Vulnerability
BugTraq ID: 11975
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11975
Summary:
Yanf is prone to a buffer overflow vulnerability. This issue is exposed when the client reads data from a remote HTTP server.
If this issue is successfully exploited, it could allow for execution of arbitrary code in the context of the user running the client.
32. PHP Multiple Remote Vulnerabilities
BugTraq ID: 11981
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11981
Summary:
PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal attacks to disclose arbitrary files and upload files to arbitrary locations.
It is reported that these vulnerabilities may only be exploited on Windows.
33. MPlayer And Xine-Lib Multiple Remote Client-Side Buffer Over...
BugTraq ID: 11987
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11987
Summary:
Multiple remote, client side buffer overflow vulnerabilities reportedly affect xine-lib and MPlayer. These issues are due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
34. NASM Error Preprocessor Directive Buffer Overflow Vulnerabil...
BugTraq ID: 11991
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11991
Summary:
NASM is prone to a buffer overflow. This condition is exposed when the application attempts to assemble a source file that contains malformed '%error' preprocessor directive arguments. Since the source file may originate from an external or untrusted source, this vulnerability is considered remote in nature.
Successful exploitation will permit arbitrary code execution with the privileges of the user running the application.
35. PHP JPEG Image Buffer Overflow Vulnerability
BugTraq ID: 11992
Remote: Yes
Date Published: Dec 16 2004
Relevant URL: http://www.securityfocus.com/bid/11992
Summary:
It is reported that PHP is susceptible to a buffer overflow vulnerability in handling JPEG images. This issue is due to a failure of the application to properly bounds check user-supplied image data prior to copying it into a fixed-size memory buffer.
This vulnerability allows remote attackers to alter the proper flow of execution of the application, potentially resulting in the execution of attacker-supplied machine code in the context of the web server executing the PHP interpreter.
36. LinPopUp Remote Buffer Overflow Vulnerability
BugTraq ID: 11997
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/11997
Summary:
LinPopUp is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain unauthorized access to a computer in the context of the application.
An attacker can exploit this issue by crafting a malicious message that contains excessive string data, replacement memory addresses, and executable instructions to trigger this issue.
LinPopUp version 1.2.0 is reported prone to this vulnerability. It is likely that other versions are affected as well.
37. RARLAB WinRAR File Name Remote Client-Side Buffer Overflow V...
BugTraq ID: 12002
Remote: Yes
Date Published: Dec 17 2004
Relevant URL: http://www.securityfocus.com/bid/12002
Summary:
A remote, client-side buffer overflow vulnerability has been reported in the reported file name processing functionality of RARLAB WinRAR. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
38. HTML2HDML File Conversion Buffer Overflow Vulnerability
BugTraq ID: 12003
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/12003
Summary:
html2hdml is prone to a buffer overflow vulnerability. This issue is exposed when converting HTML files to HDML (Handheld Device Markup Language). Since HTML files may originate from an external or untrusted source, this vulnerability is considered remote in nature.
Successful exploitation may result in execution of arbitrary code in the context of the user running the application.
39. ASP2PHP Preparse Token Variable Buffer Overflow Vulnerabilit...
BugTraq ID: 12014
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/12014
Summary:
asp2php is prone to a buffer overflow vulnerability. This issue is exposed when the application is used to convert an ASP file to PHP. The particular issue is related to parsing of tokens in ASP files. Since ASP files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature.
Successful exploitation would allow for execution of arbitrary code in the context of the user running the application.
This issue is reportedly distinct from BID 12015 (ASP2PHP Preparse Temp Variable Buffer Overflow Vulnerability). The differences that distinguish these issues are two separate vulnerabilities have not been determined at this time, other than that the overrun occurs in a different destination buffer.
40. ASP2PHP Preparse Temp Variable Buffer Overflow Vulnerability
BugTraq ID: 12015
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/12015
Summary:
asp2php is prone to a buffer overflow vulnerability. This issue is exposed when the application is used to convert an ASP file to PHP. The particular issue is related to parsing of tokens in ASP files. Since ASP files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature.
Successful exploitation would allow for execution of arbitrary code in the context of the user running the application.
This issue is reportedly distinct from BID 12014 (ASP2PHP Preparse Token Buffer Overflow Vulnerability). The differences that distinguish these issues are two separate vulnerabilities have not been determined at this time, other than that the overrun occurs in a different destination buffer.
41. ABC2MTEX Process ABC Key Field Buffer Overflow Vulnerability
BugTraq ID: 12018
Remote: Yes
Date Published: Dec 15 2004
Relevant URL: http://www.securityfocus.com/bid/12018
Summary:
abc2mtex is prone to a buffer overflow vulnerability. This issue is exposed when the program is used to convert ABC music notation files to MTEX format. In particular, the issue is due to insufficient bounds checking of key data in ABC notation files. Since the ABC files may originate from an external or untrusted source, this issue is considered remote in nature.
Successful exploitation will result in execution of arbitrary code in the context of the user running the application.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Securty Audit Correlating (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/385085
2. Subdomain security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/385079
3. services running in windows domain (winXP clients) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/385068
4. iisadmpwd/UPN (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384824
5. SV: services running in windows domain (winXP client... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384649
6. Corrupt Certificate information on local system (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384610
7. SecurityFocus Microsoft Newsletter #219 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384592
8. Group policy help needed!!! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384490
9. RE : Secondary Storage Device Policy (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384448
10. Secondary Storage Device Policy (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384443
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Colasoft Capsa 4.05
By: Roy Luo
Relevant URL: http://www.colasoft.com/
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Capsa is a powerful but easy to use network monitor and analyzer designed for packet decoding and network diagnosis. With the abilities of real time monitoring and data analyzing, you can capture and decode network traffic transmitted over local host and local network. Capsa has Packet Analysis Module and three advanced analysis modules: Email Analysis Module, Web Analysis Module and Transaction Analysis Module.
2. Attack Tool Kit (ATK) 3.0
By: Marc Ruef
Relevant URL: http://www.computec.ch/projekte/atk/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
The Attack Tool Kit (ATK) is an open-source utility to realize penetration tests and enhance security audits. The most important changes in ATK 3.0 are the introduction of a dedicated exploiting routine and the Plugin AutoUpdate (over HTTP).
3. IDS Policy Manager v1.5
By: ActiveWorx
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
IDS Policy Manager was designed to manage Snort IDS sensors in a distributed environment. This is done by having the ability to take the textconfiguration and rule files and allow you to modify them with an easy touse graphical interface. With the added ability to merge new rule sets,manage preprocessors, control output modules and scp rules to sensors, thistool makes managing snort easy for most security professionals.
4. PatchLink Update 6.01.78
By: PatchLink Corporation
Relevant URL: http://www.patchlink.com/products_services/plu_evaluationrequest.html
Platforms: AIX, DG-UX, Digital UNIX/Alpha, DOS, HP-UX, Java, Linux, MacOS, Net, NetBSD, Netware, OpenVMS, PalmOS, POSIX, SecureBSD, SINIX, Solaris, SunOS, True64 UN, True64 UNIX, Ultrix, UNICOS, UNIX, Unixware, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
With PATCHLINK UPDATE, patch management is the secure, proactive, and preventative process it should be. PATCHLINK UPDATE scans networks for security holes and closes them with the click of a mouse, no matter the operating system, the vendor applications, the mix, or the size of the environment. From 5K nodes to 20+K nodes, PATCHLINK UPDATE works quickly, accurately and safely to ensure desktops and servers are patched correctly and completely the first time around.
5. Dekart Private Disk 2.03
By: Dekart
Relevant URL: http://www.private-disk.net/
Platforms: Windows XP
Summary:
Private Disk - is an easy-to-use, reliable, user-friendly and smart program that lets you create encrypted disk partitions (drive letters) to keep your private and confidential data secure. Uses 256-bit AES encryption.
6. Remote Process Watcher 1.0
By: Fitsec Tmi
Relevant URL: http://www.fitsec.com/downloads
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
A Java based software that watches processes running on the computers inside a domain. Gives out warnings when it spots a process that it doesn't recognize or processes that have been marked on the warning list. It is also able to autokill processes marked as critical.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]