SecurityFocus Microsoft Newsletter #239
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
I. FRONT AND CENTER
1. Sarbanes Oxley for IT Security?
II. MICROSOFT VULNERABILITY SUMMARY
1. CartWIZ AddToCart.ASP SQL Injection Vulnerability
2. CartWIZ ProductCatalogSubCats.ASP SQL Injection Vulnerabilit...
3. CartWIZ ProductDetails.ASP SQL Injection Vulnerability
4. CartWIZ SearchResults.ASP PriceTo Argument SQL Injection Vul...
5. CartWIZ SearchResults.ASP PriceFrom Argument SQL Injection V...
6. CartWIZ SearchResults.ASP IDCategory Argument SQL Injection ...
7. PHPBB Profile.PHP Cross-Site Scripting Vulnerability
8. PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability
9. MailEnable HTTP Authorization Buffer Overflow Vulnerability
10. ImageMagick PNM Image Decoding Remote Buffer Overflow Vulner...
11. StorePortal Default.ASP Multiple SQL Injection Vulnerabiliti...
12. MySQL MaxDB HTTP GET Request Remote Buffer Overflow Vulnerab...
13. MySQL MaxDB WebDAV Lock Token Remote Buffer Overflow Vulnera...
14. Invision Power Board QPid Parameter SQL Injection Vulnerabil...
15. MetaCart E-Shop V-8 IntProdID Parameter Remote SQL Injection...
16. MetaCart E-Shop V-8 StrCatalog_NAME Parameter Remote SQL Inj...
17. MySQL MaxDB WebDAV IF Parameter Remote Buffer Overflow Vulne...
18. TCPDump BGP Decoding Routines Denial Of Service Vulnerabilit...
19. MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulner...
20. MetaCart2 StrSubCatalogID Parameter Remote SQL Injection Vul...
21. MetaCart2 CurCatalogID Parameter Remote SQL Injection Vulner...
22. MetaCart2 strSubCatalog_NAME Parameter Remote SQL Injection ...
23. Fastream NetFile FTP/Web Server Directory Traversal Variant ...
24. TCPDump LDP Decoding Routines Denial Of Service Vulnerabilit...
25. TCPDump RSVP Decoding Routines Denial Of Service Vulnerabili...
26. TCPDump ISIS Decoding Routines Denial Of Service Vulnerabili...
27. MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabil...
28. VooDoo Circle BotNet Connection Denial of Service Vulnerabil...
29. MetaBid Auctions intAuctionID Parameter Remote SQL Injection...
30. Debian CVS-Repouid Remote Authentication Bypass Vulnerabilit...
31. Debian CVS-Repouid Denial Of Service Vulnerability
32. HP OpenView Radia Management Portal Remote Command Execution...
33. Symantec AntiVirus RAR Archive Scan Evasion Denial Of Servic...
34. Notes Module for PHPBB SQL Injection Vulnerability
35. IBM Lotus Domino Server Notes Remote Procedure Call Remote F...
III. MICROSOFT FOCUS LIST SUMMARY
1. Group membership / Kerberos tickets (Thread)
2. SecurityFocus Microsoft Newsletter #238 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. LC 5 5
2. Enig3 1.0.0
3. .NET Security Tool Kit 1.0
4. SecureUML 1.0
5. Validator.NET 1.0
6. ldaupenum 0.02alpha
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Sarbanes Oxley for IT Security?
By Mark Rasch
Sarbanes Oxley seems wholly focused on the accuracy of a company's
financial records and controls around these records, so where does IT
security come into the picture?
http://www.securityfocus.com/columnists/322
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. CartWIZ AddToCart.ASP SQL Injection Vulnerability
BugTraq ID: 13330
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13330
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
2. CartWIZ ProductCatalogSubCats.ASP SQL Injection Vulnerabilit...
BugTraq ID: 13331
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13331
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
3. CartWIZ ProductDetails.ASP SQL Injection Vulnerability
BugTraq ID: 13332
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13332
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
4. CartWIZ SearchResults.ASP PriceTo Argument SQL Injection Vul...
BugTraq ID: 13333
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13333
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
5. CartWIZ SearchResults.ASP PriceFrom Argument SQL Injection V...
BugTraq ID: 13334
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13334
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
6. CartWIZ SearchResults.ASP IDCategory Argument SQL Injection ...
BugTraq ID: 13335
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13335
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
7. PHPBB Profile.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13344
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13344
Summary:
phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
8. PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13345
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13345
Summary:
phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
9. MailEnable HTTP Authorization Buffer Overflow Vulnerability
BugTraq ID: 13350
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13350
Summary:
MailEnable is prone to a remotely exploitable buffer overflow vulnerability. This issue occurs in the server's HTTP Header Field Definitions.
This condition may be leveraged to overwrite sensitive program control variables, allowing a remote attacker to control execution flow of the server process.
10. ImageMagick PNM Image Decoding Remote Buffer Overflow Vulner...
BugTraq ID: 13351
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13351
Summary:
A remote, client-side buffer overflow vulnerability affects ImageMagick. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to cause the affected application to crash, potentially destroying unsaved data, ultimately denying service to legitimate users.
11. StorePortal Default.ASP Multiple SQL Injection Vulnerabiliti...
BugTraq ID: 13358
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13358
Summary:
StorePortal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
12. MySQL MaxDB HTTP GET Request Remote Buffer Overflow Vulnerab...
BugTraq ID: 13368
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13368
Summary:
A remote buffer overflow vulnerability affects MySQL MaxDB. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
13. MySQL MaxDB WebDAV Lock Token Remote Buffer Overflow Vulnera...
BugTraq ID: 13369
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13369
Summary:
A remote buffer overflow vulnerability affects MySQL MaxDB. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
14. Invision Power Board QPid Parameter SQL Injection Vulnerabil...
BugTraq ID: 13375
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13375
Summary:
Invision Power Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This issue reportedly affects Invision Power Board version 2.0.1; other versions may also be vulnerable.
15. MetaCart E-Shop V-8 IntProdID Parameter Remote SQL Injection...
BugTraq ID: 13376
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13376
Summary:
An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
16. MetaCart E-Shop V-8 StrCatalog_NAME Parameter Remote SQL Inj...
BugTraq ID: 13377
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13377
Summary:
An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
17. MySQL MaxDB WebDAV IF Parameter Remote Buffer Overflow Vulne...
BugTraq ID: 13378
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13378
Summary:
A remote buffer overflow vulnerability affects MySQL MaxDB. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
18. TCPDump BGP Decoding Routines Denial Of Service Vulnerabilit...
BugTraq ID: 13380
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13380
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Border Gateway Protocol (BGP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed BGP packets resulting in the software hanging.
tcpdump versions up to and including 3.8.3 are reported prone to this issue.
19. MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulner...
BugTraq ID: 13382
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13382
Summary:
A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
20. MetaCart2 StrSubCatalogID Parameter Remote SQL Injection Vul...
BugTraq ID: 13383
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13383
Summary:
A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
21. MetaCart2 CurCatalogID Parameter Remote SQL Injection Vulner...
BugTraq ID: 13384
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13384
Summary:
A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
22. MetaCart2 strSubCatalog_NAME Parameter Remote SQL Injection ...
BugTraq ID: 13385
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13385
Summary:
A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
23. Fastream NetFile FTP/Web Server Directory Traversal Variant ...
BugTraq ID: 13388
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13388
Summary:
The NetFile FTP/Web Server is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. This can allow an attacker to create, view, and delete arbitrary files outside the web root.
A similar issue was reported in BID 10658. The fix for that issue did not properly filter all directory traversal sequences.
This issue is addressed in NetFile version 7.5.0 Beta 7 and above.
24. TCPDump LDP Decoding Routines Denial Of Service Vulnerabilit...
BugTraq ID: 13389
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13389
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Label Distribution Protocol (LDP) datagrams. A remote attacker may cause the software to enter an infinite loop by sending malformed LDP datagrams resulting in the software hanging.
tcpdump versions up to and including 3.8.3 are reported prone to this issue.
25. TCPDump RSVP Decoding Routines Denial Of Service Vulnerabili...
BugTraq ID: 13390
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13390
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Resource ReSerVation Protocol (RSVP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed RSVP packets resulting in the software hanging.
tcpdump versions up to and including 3.9.x/CVS are reported prone to this issue.
26. TCPDump ISIS Decoding Routines Denial Of Service Vulnerabili...
BugTraq ID: 13392
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13392
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Intermediate System to Intermediate System (ISIS) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed ISIS packets resulting in the software hanging.
tcpdump versions up to and including 3.9.x/CVS are reported prone to this issue.
27. MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabil...
BugTraq ID: 13393
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13393
Summary:
MetaCart2 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
An attacker may exploit these issues to manipulate SQL queries to the underlying database. This may facilitate the theft of sensitive information, potentially including authentication credentials, and data corruption.
28. VooDoo Circle BotNet Connection Denial of Service Vulnerabil...
BugTraq ID: 13394
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13394
Summary:
VooDoo cIRCle is affected by a denial of service vulnerability due to improper handling of BOTNET packets. A remote attacker with valid access can send a malicious packet through the BOTNET connection. The application fails to handle the malformed packet correctly and crashes.
This vulnerability is reported to affect VooDoo cIRCle versions 1.0.20 through 1.0.32; an upgrade is available.
29. MetaBid Auctions intAuctionID Parameter Remote SQL Injection...
BugTraq ID: 13395
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13395
Summary:
A remote SQL injection vulnerability affects MetaBid Auctions. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate the theft of sensitive information, potentially including authentication credentials, and data corruption.
30. Debian CVS-Repouid Remote Authentication Bypass Vulnerabilit...
BugTraq ID: 13402
Remote: Yes
Date Published: Apr 27 2005
Relevant URL: http://www.securityfocus.com/bid/13402
Summary:
A remote authentication bypass vulnerability affects Debian CVS. This issue is due to an error with Debian's CVS cvs-repouid patch.
A remote attacker may leverage this issue to bypass CVS authentication requirements and gain unauthorized access to a vulnerable repository.
31. Debian CVS-Repouid Denial Of Service Vulnerability
BugTraq ID: 13403
Remote: Yes
Date Published: Apr 27 2005
Relevant URL: http://www.securityfocus.com/bid/13403
Summary:
A denial of service vulnerability affects Debian CVS. This issue is due to an error with Debian's CVS cvs-repouid patch.
A remote attacker may leverage this issue to cause the CVS process to crash, effectively denying service to legitimate users.
32. HP OpenView Radia Management Portal Remote Command Execution...
BugTraq ID: 13414
Remote: Yes
Date Published: Apr 28 2005
Relevant URL: http://www.securityfocus.com/bid/13414
Summary:
A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality.
An unauthenticated, remote attacker may leverage this issue to execute arbitrary commands on an affected computer with SYSTEM privileges on the Microsoft Windows platform and elevated privileges on UNIX-based platforms.
33. Symantec AntiVirus RAR Archive Scan Evasion Denial Of Servic...
BugTraq ID: 13416
Remote: Yes
Date Published: Apr 28 2005
Relevant URL: http://www.securityfocus.com/bid/13416
Summary:
A scan evasion denial of service vulnerability affects Symantec AntiVirus. This issue is due to a failure of the application to properly handle malformed files.
An attacker may leverage this issue to crash the file scanner of the affected antivirus software, causing the file scanner to fail to detect malicious code contained therein.
34. Notes Module for PHPBB SQL Injection Vulnerability
BugTraq ID: 13417
Remote: Yes
Date Published: Apr 28 2005
Relevant URL: http://www.securityfocus.com/bid/13417
Summary:
The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
35. IBM Lotus Domino Server Notes Remote Procedure Call Remote F...
BugTraq ID: 13446
Remote: Yes
Date Published: Apr 29 2005
Relevant URL: http://www.securityfocus.com/bid/13446
Summary:
A remote format string vulnerability affects IBM Lotus Domino Server. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function.
Remote attackers may exploit this vulnerability to cause arbitrary machine code to be executed in the context of the affected application; typically the application runs with escalated privileges.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Group membership / Kerberos tickets (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/397228
2. SecurityFocus Microsoft Newsletter #238 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/397160
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. LC 5 5
By: @stake
Relevant URL: http://www.atstake.com/products/lc/
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
LC 5 is the latest version of L0phtCrack, the award-winning password auditing and recovery application used by thousands of companies worldwide.
Using multiple assessment methods, LC 5 reduces security risk by helping administrators to:
* Identify and remediate security vulnerabilities that result from the use of weak or easily guessed passwords
* Recover Windows and Unix account passwords to access user and administrator accounts whose passwords are lost or to streamline migration of users to another authentication system
* Rapidly process accounts using pre-computed password tables* that contain trillions of passwords
2. Enig3 1.0.0
By: CCC Morocco Team
Relevant URL: http://www.ccc.ma/sw/enig3/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Enig3 is a free cryptography tool that can encrypt/decrypt content/data using your own private generated 128 Bits Enig3-Key, was developed on CCC-Morocco Labs, using the most complex cryptographic methodologies. It uses a Flow-Encoding technique which is done in 3 phases...
3. .NET Security Tool Kit 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
The Foundstone S3i .NET Security Toolkit includes tools to help design, develop, and test secure .NET software applications. The toolkit includes Validator.NET, .NETMon, and the SecureUML Template.
4. SecureUML 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
The SecureUML Visio template defines a custom Unified Modeling Language (UML) dialect to help system architects build roles based access control systems (RBAC).
5. Validator.NET 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
Validator.NET enables developers to programmatically determine user input locations that could be potentially exploited by hackers and provides proactive steps to build data validation routines which are loaded into a protection module. The tool helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting.
6. ldaupenum 0.02alpha
By: Roni Bachar & Sol Zehnwirth
Relevant URL: https://sourceforge.net/projects/ldapenum
Platforms: Linux, Perl (any system supporting perl), Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
ldapenum is a perl script designed to enumerate system and password information from domain controllers using the LDAP service when IPC$ is locked. The script has been tested on windows and linux.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Sarbanes Oxley for IT Security?
II. MICROSOFT VULNERABILITY SUMMARY
1. CartWIZ AddToCart.ASP SQL Injection Vulnerability
2. CartWIZ ProductCatalogSubCats.ASP SQL Injection Vulnerabilit...
3. CartWIZ ProductDetails.ASP SQL Injection Vulnerability
4. CartWIZ SearchResults.ASP PriceTo Argument SQL Injection Vul...
5. CartWIZ SearchResults.ASP PriceFrom Argument SQL Injection V...
6. CartWIZ SearchResults.ASP IDCategory Argument SQL Injection ...
7. PHPBB Profile.PHP Cross-Site Scripting Vulnerability
8. PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability
9. MailEnable HTTP Authorization Buffer Overflow Vulnerability
10. ImageMagick PNM Image Decoding Remote Buffer Overflow Vulner...
11. StorePortal Default.ASP Multiple SQL Injection Vulnerabiliti...
12. MySQL MaxDB HTTP GET Request Remote Buffer Overflow Vulnerab...
13. MySQL MaxDB WebDAV Lock Token Remote Buffer Overflow Vulnera...
14. Invision Power Board QPid Parameter SQL Injection Vulnerabil...
15. MetaCart E-Shop V-8 IntProdID Parameter Remote SQL Injection...
16. MetaCart E-Shop V-8 StrCatalog_NAME Parameter Remote SQL Inj...
17. MySQL MaxDB WebDAV IF Parameter Remote Buffer Overflow Vulne...
18. TCPDump BGP Decoding Routines Denial Of Service Vulnerabilit...
19. MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulner...
20. MetaCart2 StrSubCatalogID Parameter Remote SQL Injection Vul...
21. MetaCart2 CurCatalogID Parameter Remote SQL Injection Vulner...
22. MetaCart2 strSubCatalog_NAME Parameter Remote SQL Injection ...
23. Fastream NetFile FTP/Web Server Directory Traversal Variant ...
24. TCPDump LDP Decoding Routines Denial Of Service Vulnerabilit...
25. TCPDump RSVP Decoding Routines Denial Of Service Vulnerabili...
26. TCPDump ISIS Decoding Routines Denial Of Service Vulnerabili...
27. MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabil...
28. VooDoo Circle BotNet Connection Denial of Service Vulnerabil...
29. MetaBid Auctions intAuctionID Parameter Remote SQL Injection...
30. Debian CVS-Repouid Remote Authentication Bypass Vulnerabilit...
31. Debian CVS-Repouid Denial Of Service Vulnerability
32. HP OpenView Radia Management Portal Remote Command Execution...
33. Symantec AntiVirus RAR Archive Scan Evasion Denial Of Servic...
34. Notes Module for PHPBB SQL Injection Vulnerability
35. IBM Lotus Domino Server Notes Remote Procedure Call Remote F...
III. MICROSOFT FOCUS LIST SUMMARY
1. Group membership / Kerberos tickets (Thread)
2. SecurityFocus Microsoft Newsletter #238 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. LC 5 5
2. Enig3 1.0.0
3. .NET Security Tool Kit 1.0
4. SecureUML 1.0
5. Validator.NET 1.0
6. ldaupenum 0.02alpha
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Sarbanes Oxley for IT Security?
By Mark Rasch
Sarbanes Oxley seems wholly focused on the accuracy of a company's
financial records and controls around these records, so where does IT
security come into the picture?
http://www.securityfocus.com/columnists/322
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. CartWIZ AddToCart.ASP SQL Injection Vulnerability
BugTraq ID: 13330
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13330
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
2. CartWIZ ProductCatalogSubCats.ASP SQL Injection Vulnerabilit...
BugTraq ID: 13331
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13331
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
3. CartWIZ ProductDetails.ASP SQL Injection Vulnerability
BugTraq ID: 13332
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13332
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
4. CartWIZ SearchResults.ASP PriceTo Argument SQL Injection Vul...
BugTraq ID: 13333
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13333
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
5. CartWIZ SearchResults.ASP PriceFrom Argument SQL Injection V...
BugTraq ID: 13334
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13334
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
6. CartWIZ SearchResults.ASP IDCategory Argument SQL Injection ...
BugTraq ID: 13335
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13335
Summary:
CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
7. PHPBB Profile.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13344
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13344
Summary:
phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
8. PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13345
Remote: Yes
Date Published: Apr 23 2005
Relevant URL: http://www.securityfocus.com/bid/13345
Summary:
phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
9. MailEnable HTTP Authorization Buffer Overflow Vulnerability
BugTraq ID: 13350
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13350
Summary:
MailEnable is prone to a remotely exploitable buffer overflow vulnerability. This issue occurs in the server's HTTP Header Field Definitions.
This condition may be leveraged to overwrite sensitive program control variables, allowing a remote attacker to control execution flow of the server process.
10. ImageMagick PNM Image Decoding Remote Buffer Overflow Vulner...
BugTraq ID: 13351
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13351
Summary:
A remote, client-side buffer overflow vulnerability affects ImageMagick. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to cause the affected application to crash, potentially destroying unsaved data, ultimately denying service to legitimate users.
11. StorePortal Default.ASP Multiple SQL Injection Vulnerabiliti...
BugTraq ID: 13358
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13358
Summary:
StorePortal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
12. MySQL MaxDB HTTP GET Request Remote Buffer Overflow Vulnerab...
BugTraq ID: 13368
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13368
Summary:
A remote buffer overflow vulnerability affects MySQL MaxDB. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
13. MySQL MaxDB WebDAV Lock Token Remote Buffer Overflow Vulnera...
BugTraq ID: 13369
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13369
Summary:
A remote buffer overflow vulnerability affects MySQL MaxDB. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
14. Invision Power Board QPid Parameter SQL Injection Vulnerabil...
BugTraq ID: 13375
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13375
Summary:
Invision Power Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This issue reportedly affects Invision Power Board version 2.0.1; other versions may also be vulnerable.
15. MetaCart E-Shop V-8 IntProdID Parameter Remote SQL Injection...
BugTraq ID: 13376
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13376
Summary:
An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
16. MetaCart E-Shop V-8 StrCatalog_NAME Parameter Remote SQL Inj...
BugTraq ID: 13377
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13377
Summary:
An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
17. MySQL MaxDB WebDAV IF Parameter Remote Buffer Overflow Vulne...
BugTraq ID: 13378
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13378
Summary:
A remote buffer overflow vulnerability affects MySQL MaxDB. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
18. TCPDump BGP Decoding Routines Denial Of Service Vulnerabilit...
BugTraq ID: 13380
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13380
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Border Gateway Protocol (BGP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed BGP packets resulting in the software hanging.
tcpdump versions up to and including 3.8.3 are reported prone to this issue.
19. MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulner...
BugTraq ID: 13382
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13382
Summary:
A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
20. MetaCart2 StrSubCatalogID Parameter Remote SQL Injection Vul...
BugTraq ID: 13383
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13383
Summary:
A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
21. MetaCart2 CurCatalogID Parameter Remote SQL Injection Vulner...
BugTraq ID: 13384
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13384
Summary:
A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
22. MetaCart2 strSubCatalog_NAME Parameter Remote SQL Injection ...
BugTraq ID: 13385
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13385
Summary:
A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate theft sensitive information, potentially including authentication credentials, and data corruption.
23. Fastream NetFile FTP/Web Server Directory Traversal Variant ...
BugTraq ID: 13388
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13388
Summary:
The NetFile FTP/Web Server is reported prone to a directory traversal vulnerability due to insufficient sanitization of user-supplied data. This can allow an attacker to create, view, and delete arbitrary files outside the web root.
A similar issue was reported in BID 10658. The fix for that issue did not properly filter all directory traversal sequences.
This issue is addressed in NetFile version 7.5.0 Beta 7 and above.
24. TCPDump LDP Decoding Routines Denial Of Service Vulnerabilit...
BugTraq ID: 13389
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13389
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Label Distribution Protocol (LDP) datagrams. A remote attacker may cause the software to enter an infinite loop by sending malformed LDP datagrams resulting in the software hanging.
tcpdump versions up to and including 3.8.3 are reported prone to this issue.
25. TCPDump RSVP Decoding Routines Denial Of Service Vulnerabili...
BugTraq ID: 13390
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13390
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Resource ReSerVation Protocol (RSVP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed RSVP packets resulting in the software hanging.
tcpdump versions up to and including 3.9.x/CVS are reported prone to this issue.
26. TCPDump ISIS Decoding Routines Denial Of Service Vulnerabili...
BugTraq ID: 13392
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13392
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Intermediate System to Intermediate System (ISIS) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed ISIS packets resulting in the software hanging.
tcpdump versions up to and including 3.9.x/CVS are reported prone to this issue.
27. MetaCart2 SearchAction.ASP Multiple SQL Injection Vulnerabil...
BugTraq ID: 13393
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13393
Summary:
MetaCart2 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
An attacker may exploit these issues to manipulate SQL queries to the underlying database. This may facilitate the theft of sensitive information, potentially including authentication credentials, and data corruption.
28. VooDoo Circle BotNet Connection Denial of Service Vulnerabil...
BugTraq ID: 13394
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13394
Summary:
VooDoo cIRCle is affected by a denial of service vulnerability due to improper handling of BOTNET packets. A remote attacker with valid access can send a malicious packet through the BOTNET connection. The application fails to handle the malformed packet correctly and crashes.
This vulnerability is reported to affect VooDoo cIRCle versions 1.0.20 through 1.0.32; an upgrade is available.
29. MetaBid Auctions intAuctionID Parameter Remote SQL Injection...
BugTraq ID: 13395
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13395
Summary:
A remote SQL injection vulnerability affects MetaBid Auctions. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries.
An attacker may exploit this issue to manipulate SQL queries to the underlying database. This may facilitate the theft of sensitive information, potentially including authentication credentials, and data corruption.
30. Debian CVS-Repouid Remote Authentication Bypass Vulnerabilit...
BugTraq ID: 13402
Remote: Yes
Date Published: Apr 27 2005
Relevant URL: http://www.securityfocus.com/bid/13402
Summary:
A remote authentication bypass vulnerability affects Debian CVS. This issue is due to an error with Debian's CVS cvs-repouid patch.
A remote attacker may leverage this issue to bypass CVS authentication requirements and gain unauthorized access to a vulnerable repository.
31. Debian CVS-Repouid Denial Of Service Vulnerability
BugTraq ID: 13403
Remote: Yes
Date Published: Apr 27 2005
Relevant URL: http://www.securityfocus.com/bid/13403
Summary:
A denial of service vulnerability affects Debian CVS. This issue is due to an error with Debian's CVS cvs-repouid patch.
A remote attacker may leverage this issue to cause the CVS process to crash, effectively denying service to legitimate users.
32. HP OpenView Radia Management Portal Remote Command Execution...
BugTraq ID: 13414
Remote: Yes
Date Published: Apr 28 2005
Relevant URL: http://www.securityfocus.com/bid/13414
Summary:
A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality.
An unauthenticated, remote attacker may leverage this issue to execute arbitrary commands on an affected computer with SYSTEM privileges on the Microsoft Windows platform and elevated privileges on UNIX-based platforms.
33. Symantec AntiVirus RAR Archive Scan Evasion Denial Of Servic...
BugTraq ID: 13416
Remote: Yes
Date Published: Apr 28 2005
Relevant URL: http://www.securityfocus.com/bid/13416
Summary:
A scan evasion denial of service vulnerability affects Symantec AntiVirus. This issue is due to a failure of the application to properly handle malformed files.
An attacker may leverage this issue to crash the file scanner of the affected antivirus software, causing the file scanner to fail to detect malicious code contained therein.
34. Notes Module for PHPBB SQL Injection Vulnerability
BugTraq ID: 13417
Remote: Yes
Date Published: Apr 28 2005
Relevant URL: http://www.securityfocus.com/bid/13417
Summary:
The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
35. IBM Lotus Domino Server Notes Remote Procedure Call Remote F...
BugTraq ID: 13446
Remote: Yes
Date Published: Apr 29 2005
Relevant URL: http://www.securityfocus.com/bid/13446
Summary:
A remote format string vulnerability affects IBM Lotus Domino Server. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function.
Remote attackers may exploit this vulnerability to cause arbitrary machine code to be executed in the context of the affected application; typically the application runs with escalated privileges.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Group membership / Kerberos tickets (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/397228
2. SecurityFocus Microsoft Newsletter #238 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/397160
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. LC 5 5
By: @stake
Relevant URL: http://www.atstake.com/products/lc/
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
LC 5 is the latest version of L0phtCrack, the award-winning password auditing and recovery application used by thousands of companies worldwide.
Using multiple assessment methods, LC 5 reduces security risk by helping administrators to:
* Identify and remediate security vulnerabilities that result from the use of weak or easily guessed passwords
* Recover Windows and Unix account passwords to access user and administrator accounts whose passwords are lost or to streamline migration of users to another authentication system
* Rapidly process accounts using pre-computed password tables* that contain trillions of passwords
2. Enig3 1.0.0
By: CCC Morocco Team
Relevant URL: http://www.ccc.ma/sw/enig3/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Enig3 is a free cryptography tool that can encrypt/decrypt content/data using your own private generated 128 Bits Enig3-Key, was developed on CCC-Morocco Labs, using the most complex cryptographic methodologies. It uses a Flow-Encoding technique which is done in 3 phases...
3. .NET Security Tool Kit 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
The Foundstone S3i .NET Security Toolkit includes tools to help design, develop, and test secure .NET software applications. The toolkit includes Validator.NET, .NETMon, and the SecureUML Template.
4. SecureUML 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
The SecureUML Visio template defines a custom Unified Modeling Language (UML) dialect to help system architects build roles based access control systems (RBAC).
5. Validator.NET 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
Validator.NET enables developers to programmatically determine user input locations that could be potentially exploited by hackers and provides proactive steps to build data validation routines which are loaded into a protection module. The tool helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting.
6. ldaupenum 0.02alpha
By: Roni Bachar & Sol Zehnwirth
Relevant URL: https://sourceforge.net/projects/ldapenum
Platforms: Linux, Perl (any system supporting perl), Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
ldapenum is a perl script designed to enumerate system and password information from domain controllers using the LDAP service when IPC$ is locked. The script has been tested on windows and linux.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]