SecurityFocus Microsoft Newsletter #249
----------------------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
------------------------------------------------------------------
I. FRONT AND CENTER
1. Identifying P2P users using traffic analysis
2. Interview with Dan Kaminsky on Microsoft's security
II. MICROSOFT VULNERABILITY SUMMARY
1. Macromedia JRun Unauthorized Session Access Vulnerability
2. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
3. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer
Overflow Vulnerability
4. Hosting Controller Multiple Remote Vulnerabilities
5. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial
Of Service Vulnerability
6. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption
Denial Of Service Vulnerability
7. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of
Service Vulnerability
8. Microsoft MSN Messenger / Internet Explorer Image ICC Profile
Processing Vulnerability
9. Hosting Controller Multiple Remote Access Control and SQL Injection
Vulnerabilities
10. Oracle Reports Server DESName Remote File Overwrite Vulnerability
11. Novell GroupWise WebAccess HTML Injection Vulnerability
12. Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability
13. Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer
Overflow Vulnerability
14. Mozilla Firefox Weak Authentication Mechanism Vulnerability
15. WhitSoft Development SlimFTPd Multiple Commands Remote Buffer
Overflow Vulnerability
16. Alwil Software Avast! Antivirus Multiple Vulnerabilities
17. Veritas NetBackup Access Violation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Disabling Microsoft FTP service banner.
2. Administrivia: IIS/AV thread
3. Should servers have anti--virus installed on them?
4. SecurityFocus Microsoft Newsletter #248
5. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
6. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Identifying P2P users using traffic analysis
By Yiming Gong
With the popularity of P2P and the bandwidth it consume, there is a growing
need to identify P2P users within the network traffic.
http://www.securityfocus.com/infocus/1843
2. Interview with Dan Kaminsky on Microsoft's security
By Federico Biancuzzi
Could you introduce yourself?
http://www.securityfocus.com/columnists/342
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Macromedia JRun Unauthorized Session Access Vulnerability
BugTraq ID: 14271
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14271
Summary:
Macromedia JRun is affected by a vulnerability that may allow a user's session
to be shared with another user.
Under certain circumstances, two users may share the same session facilitating
various attacks including a compromise of the user's account.
It should be noted that this issue cannot be triggered by an attacker and
occurs rarely.
JRun 4.0, ColdFusion MX 7.0 Enterprise Multi-Server Edition, and ColdFusion MX
6.1 Enterprise with JRun are affected by this vulnerability.
2. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
BugTraq ID: 14276
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14276
Summary:
Winamp is susceptible to a buffer overflow vulnerability in its ID3v2
functionality. This issue is due to a failure of the application to properly
bounds check input data prior to copying it into a fixed size memory buffer.
This issue will facilitate remote exploitation as an attacker may distribute
malicious MP3 files and entice unsuspecting users to process them with the
affected application.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application.
Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other
versions are also likely affected.
3. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow
Vulnerability
BugTraq ID: 14282
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14282
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the
JPEG image rendering library used by the browser. This issue is due to a
failure of the application to properly bounds check input data prior to copying
it to a fixed size memory buffer.
This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.
Successful exploitation may result in execution of arbitrary code in the
context of the user executing the affected browser.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.
4. Hosting Controller Multiple Remote Vulnerabilities
BugTraq ID: 14283
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14283
Summary:
Hosting Controller is reported prone to multiple vulnerabilities. These issues
can allow an attacker to carry out SQL injection attacks, gain unauthorized
access to scripts, gain elevated privileges and carry out potential denial of
service attacks.
Hosting Controller version 6.1 hotfix 2.1 is vulnerable to these issues.
5. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of
Service Vulnerability
BugTraq ID: 14284
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14284
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser. This
issue is reportedly similar to the one described in BID 14282.
This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.
Successful exploitation results in crashing the affected Web browser. It may be
possible that execution of arbitrary code may also be achieved, but this has
not been confirmed.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.
6. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial
Of Service Vulnerability
BugTraq ID: 14285
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14285
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser.
This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.
Successful exploitation results in crashing the affected Web browser by
consuming excessive memory.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.
7. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of
Service Vulnerability
BugTraq ID: 14286
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14286
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser.
This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.
Successful exploitation results in crashing the affected Web browser. This
vulnerability also reportedly consumes excessive CPU resources.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.
8. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing
Vulnerability
BugTraq ID: 14288
Remote: Yes
Date Published: 2005-07-16
Relevant URL: http://www.securityfocus.com/bid/14288
Summary:
It has been reported that both Microsoft Internet Explorer and MSN Instant
Messenger can be crashed if image data with malformed embedded ICC profile data
is processed. The condition is likely due to an integer handling error. The
author has stated that the crash observed was due to an access violation on a
memory read attempt, possibly due to an out-of-bounds array access. This means
that the flaw is not immediately exploitable, though there may yet be a way to
write data.
9. Hosting Controller Multiple Remote Access Control and SQL Injection
Vulnerabilities
BugTraq ID: 14302
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14302
Summary:
Hosting Controller is prone to multiple vulnerabilities. These issues can allow
an attacker to carry out SQL injection attacks and gain unauthorized access to
scripts.
Hosting Controller version 6.1 hotfix 2.2 is vulnerable to these issues.
10. Oracle Reports Server DESName Remote File Overwrite Vulnerability
BugTraq ID: 14309
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14309
Summary:
Oracle Reports Server is susceptible to an arbitrary file overwrite
vulnerability in its Web interface.
On the Microsoft Windows platform, attackers may exploit this vulnerability to
overwrite arbitrary files with System-level privileges. Attackers may overwrite
critical system files, resulting in a system-level failures.
On other platforms, attackers may exploit this vulnerability to overwrite
arbitrary files with the privileges of the Oracle Applications Server user.
Attackers may overwrite critical Oracle files, resulting in an
application-level failure.
Database failure, data destruction, and possibly other attacks are possible.
11. Novell GroupWise WebAccess HTML Injection Vulnerability
BugTraq ID: 14310
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14310
Summary:
Novell GroupWise WebAccess is prone to an HTML injection vulnerability. This
may be used to inject hostile HTML and script code into the Web mail
application. When a user opens an email containing the hostile code, it may be
rendered in their browser.
Successful exploitation could potentially allow theft of cookie-based
authentication. Other attacks are also possible.
12. Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability
BugTraq ID: 14315
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14315
Summary:
Alt-N MDaemon IMAP Server is affected by a remote buffer overflow
vulnerability.
This issue presents itself when an attacker submits excessive data through the
CREATE command subsequent to authentication
This vulnerability may be leveraged to execute arbitrary code in the context of
the server, facilitating unauthorized access to the affected computer.
Alt-N MDaemon 8.03 is reported to be vulnerable. Other versions are likely
affected as well.
13. Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow
Vulnerability
BugTraq ID: 14317
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14317
Summary:
Alt-N MDaemon IMAP Server is affected by a remote buffer overflow
vulnerability.
A specially crafted request can corrupt process memory and lead to an overflow
condition.
This issue may be leveraged to execute arbitrary code in the context of the
server. This may facilitate unauthorized access to the affected computer.
Alt-N MDaemon 8.03 is reported to be vulnerable. Other versions are likely
affected as well.
14. Mozilla Firefox Weak Authentication Mechanism Vulnerability
BugTraq ID: 14325
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14325
Summary:
Firefox is affected by a vulnerability that may result in sending
authentication credentials across the network in plaintext format.
By default, the browser chooses basic authentication even if other
authentication schemas such as Digest or NTLM are available from the server.
Mozilla Firefox 1.0.4 and 1.0.5 running on Windows are confirmed to be
vulnerable. Other versions on different platforms may be affected as well.
15. WhitSoft Development SlimFTPd Multiple Commands Remote Buffer Overflow
Vulnerability
BugTraq ID: 14339
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14339
Summary:
A remote buffer overflow vulnerability affects WhitSoft Development SlimFTPd.
The problem presents itself when an authenticated user issues a command with
excessive string values as parameters.
An attacker can leverage this issue to execute arbitrary machine code with the
privileges of the affected FTP server, facilitating unauthorized access to the
vulnerable computer.
16. Alwil Software Avast! Antivirus Multiple Vulnerabilities
BugTraq ID: 14342
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14342
Summary:
Avast! is affected by multiple remote vulnerabilities. These issues can allow
an attacker to write files to arbitrary directories and exploit a remote buffer
overflow to execute arbitrary code.
These issues can lead to a complete compromise of the vulnerable computer.
17. Veritas NetBackup Access Violation Vulnerability
BugTraq ID: 14355
Remote: Yes
Date Published: 2005-07-22
Relevant URL: http://www.securityfocus.com/bid/14355
Summary:
Veritas NetBackup may be prone to an access violation error.
It is conjectured that this issue may arise due to NULL pointer dereference,
although this is not confirmed. An attacker may disclose potentially sensitive
data or crash the application by exploiting this vulnerability.
Veritas NetBackup 5.1 running on Microsoft Windows platform is reported to be
vulnerable to this issue.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Disabling Microsoft FTP service banner.
http://www.securityfocus.com/archive/88/406235
3. Should servers have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405896
4. SecurityFocus Microsoft Newsletter #248
http://www.securityfocus.com/archive/88/405798
5. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405749
6. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405648
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
----------------------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_ms-secnews_050726
------------------------------------------------------------------
I. FRONT AND CENTER
1. Identifying P2P users using traffic analysis
2. Interview with Dan Kaminsky on Microsoft's security
II. MICROSOFT VULNERABILITY SUMMARY
1. Macromedia JRun Unauthorized Session Access Vulnerability
2. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
3. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer
Overflow Vulnerability
4. Hosting Controller Multiple Remote Vulnerabilities
5. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial
Of Service Vulnerability
6. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption
Denial Of Service Vulnerability
7. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of
Service Vulnerability
8. Microsoft MSN Messenger / Internet Explorer Image ICC Profile
Processing Vulnerability
9. Hosting Controller Multiple Remote Access Control and SQL Injection
Vulnerabilities
10. Oracle Reports Server DESName Remote File Overwrite Vulnerability
11. Novell GroupWise WebAccess HTML Injection Vulnerability
12. Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability
13. Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer
Overflow Vulnerability
14. Mozilla Firefox Weak Authentication Mechanism Vulnerability
15. WhitSoft Development SlimFTPd Multiple Commands Remote Buffer
Overflow Vulnerability
16. Alwil Software Avast! Antivirus Multiple Vulnerabilities
17. Veritas NetBackup Access Violation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Disabling Microsoft FTP service banner.
2. Administrivia: IIS/AV thread
3. Should servers have anti--virus installed on them?
4. SecurityFocus Microsoft Newsletter #248
5. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
6. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Identifying P2P users using traffic analysis
By Yiming Gong
With the popularity of P2P and the bandwidth it consume, there is a growing
need to identify P2P users within the network traffic.
http://www.securityfocus.com/infocus/1843
2. Interview with Dan Kaminsky on Microsoft's security
By Federico Biancuzzi
Could you introduce yourself?
http://www.securityfocus.com/columnists/342
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Macromedia JRun Unauthorized Session Access Vulnerability
BugTraq ID: 14271
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14271
Summary:
Macromedia JRun is affected by a vulnerability that may allow a user's session
to be shared with another user.
Under certain circumstances, two users may share the same session facilitating
various attacks including a compromise of the user's account.
It should be noted that this issue cannot be triggered by an attacker and
occurs rarely.
JRun 4.0, ColdFusion MX 7.0 Enterprise Multi-Server Edition, and ColdFusion MX
6.1 Enterprise with JRun are affected by this vulnerability.
2. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
BugTraq ID: 14276
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14276
Summary:
Winamp is susceptible to a buffer overflow vulnerability in its ID3v2
functionality. This issue is due to a failure of the application to properly
bounds check input data prior to copying it into a fixed size memory buffer.
This issue will facilitate remote exploitation as an attacker may distribute
malicious MP3 files and entice unsuspecting users to process them with the
affected application.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application.
Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other
versions are also likely affected.
3. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow
Vulnerability
BugTraq ID: 14282
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14282
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the
JPEG image rendering library used by the browser. This issue is due to a
failure of the application to properly bounds check input data prior to copying
it to a fixed size memory buffer.
This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.
Successful exploitation may result in execution of arbitrary code in the
context of the user executing the affected browser.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.
4. Hosting Controller Multiple Remote Vulnerabilities
BugTraq ID: 14283
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14283
Summary:
Hosting Controller is reported prone to multiple vulnerabilities. These issues
can allow an attacker to carry out SQL injection attacks, gain unauthorized
access to scripts, gain elevated privileges and carry out potential denial of
service attacks.
Hosting Controller version 6.1 hotfix 2.1 is vulnerable to these issues.
5. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of
Service Vulnerability
BugTraq ID: 14284
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14284
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser. This
issue is reportedly similar to the one described in BID 14282.
This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.
Successful exploitation results in crashing the affected Web browser. It may be
possible that execution of arbitrary code may also be achieved, but this has
not been confirmed.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.
6. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial
Of Service Vulnerability
BugTraq ID: 14285
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14285
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser.
This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.
Successful exploitation results in crashing the affected Web browser by
consuming excessive memory.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.
7. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of
Service Vulnerability
BugTraq ID: 14286
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14286
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service
vulnerability in the JPEG image rendering library used by the browser.
This issue was identified by creating random input for the browser, and has not
been researched further at this time. This BID will be updated as further
information is disclosed.
Successful exploitation results in crashing the affected Web browser. This
vulnerability also reportedly consumes excessive CPU resources.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also
be affected.
8. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing
Vulnerability
BugTraq ID: 14288
Remote: Yes
Date Published: 2005-07-16
Relevant URL: http://www.securityfocus.com/bid/14288
Summary:
It has been reported that both Microsoft Internet Explorer and MSN Instant
Messenger can be crashed if image data with malformed embedded ICC profile data
is processed. The condition is likely due to an integer handling error. The
author has stated that the crash observed was due to an access violation on a
memory read attempt, possibly due to an out-of-bounds array access. This means
that the flaw is not immediately exploitable, though there may yet be a way to
write data.
9. Hosting Controller Multiple Remote Access Control and SQL Injection
Vulnerabilities
BugTraq ID: 14302
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14302
Summary:
Hosting Controller is prone to multiple vulnerabilities. These issues can allow
an attacker to carry out SQL injection attacks and gain unauthorized access to
scripts.
Hosting Controller version 6.1 hotfix 2.2 is vulnerable to these issues.
10. Oracle Reports Server DESName Remote File Overwrite Vulnerability
BugTraq ID: 14309
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14309
Summary:
Oracle Reports Server is susceptible to an arbitrary file overwrite
vulnerability in its Web interface.
On the Microsoft Windows platform, attackers may exploit this vulnerability to
overwrite arbitrary files with System-level privileges. Attackers may overwrite
critical system files, resulting in a system-level failures.
On other platforms, attackers may exploit this vulnerability to overwrite
arbitrary files with the privileges of the Oracle Applications Server user.
Attackers may overwrite critical Oracle files, resulting in an
application-level failure.
Database failure, data destruction, and possibly other attacks are possible.
11. Novell GroupWise WebAccess HTML Injection Vulnerability
BugTraq ID: 14310
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14310
Summary:
Novell GroupWise WebAccess is prone to an HTML injection vulnerability. This
may be used to inject hostile HTML and script code into the Web mail
application. When a user opens an email containing the hostile code, it may be
rendered in their browser.
Successful exploitation could potentially allow theft of cookie-based
authentication. Other attacks are also possible.
12. Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability
BugTraq ID: 14315
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14315
Summary:
Alt-N MDaemon IMAP Server is affected by a remote buffer overflow
vulnerability.
This issue presents itself when an attacker submits excessive data through the
CREATE command subsequent to authentication
This vulnerability may be leveraged to execute arbitrary code in the context of
the server, facilitating unauthorized access to the affected computer.
Alt-N MDaemon 8.03 is reported to be vulnerable. Other versions are likely
affected as well.
13. Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow
Vulnerability
BugTraq ID: 14317
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14317
Summary:
Alt-N MDaemon IMAP Server is affected by a remote buffer overflow
vulnerability.
A specially crafted request can corrupt process memory and lead to an overflow
condition.
This issue may be leveraged to execute arbitrary code in the context of the
server. This may facilitate unauthorized access to the affected computer.
Alt-N MDaemon 8.03 is reported to be vulnerable. Other versions are likely
affected as well.
14. Mozilla Firefox Weak Authentication Mechanism Vulnerability
BugTraq ID: 14325
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14325
Summary:
Firefox is affected by a vulnerability that may result in sending
authentication credentials across the network in plaintext format.
By default, the browser chooses basic authentication even if other
authentication schemas such as Digest or NTLM are available from the server.
Mozilla Firefox 1.0.4 and 1.0.5 running on Windows are confirmed to be
vulnerable. Other versions on different platforms may be affected as well.
15. WhitSoft Development SlimFTPd Multiple Commands Remote Buffer Overflow
Vulnerability
BugTraq ID: 14339
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14339
Summary:
A remote buffer overflow vulnerability affects WhitSoft Development SlimFTPd.
The problem presents itself when an authenticated user issues a command with
excessive string values as parameters.
An attacker can leverage this issue to execute arbitrary machine code with the
privileges of the affected FTP server, facilitating unauthorized access to the
vulnerable computer.
16. Alwil Software Avast! Antivirus Multiple Vulnerabilities
BugTraq ID: 14342
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14342
Summary:
Avast! is affected by multiple remote vulnerabilities. These issues can allow
an attacker to write files to arbitrary directories and exploit a remote buffer
overflow to execute arbitrary code.
These issues can lead to a complete compromise of the vulnerable computer.
17. Veritas NetBackup Access Violation Vulnerability
BugTraq ID: 14355
Remote: Yes
Date Published: 2005-07-22
Relevant URL: http://www.securityfocus.com/bid/14355
Summary:
Veritas NetBackup may be prone to an access violation error.
It is conjectured that this issue may arise due to NULL pointer dereference,
although this is not confirmed. An attacker may disclose potentially sensitive
data or crash the application by exploiting this vulnerability.
Veritas NetBackup 5.1 running on Microsoft Windows platform is reported to be
vulnerable to this issue.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Disabling Microsoft FTP service banner.
http://www.securityfocus.com/archive/88/406235
2. Administrivia: IIS/AV thread
http://www.securityfocus.com/archive/88/406177
3. Should servers have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405896
4. SecurityFocus Microsoft Newsletter #248
http://www.securityfocus.com/archive/88/405798
5. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405749
6. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405648
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: AirDefense
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_ms-secnews_050726
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]