SecurityFocus Microsoft Newsletter #251
----------------------------------------
This Issue is Sponsored By: Netmon
Concerned about malware infestations, employee productivity, system failures or
service performance on your network? Awareness is the key. Download the free
17-page whitepaper, "Developing an Effective Network Monitoring Strategy"
today. No registration required.
http://www.securityfocus.com/sponsor/Netmon_ms-secnews_050712
------------------------------------------------------------------
I. FRONT AND CENTER
1. Greasing the wheel with Greasemonkey
2. Security still underfunded
3. Windows Syscall Shellcode
II. MICROSOFT VULNERABILITY SUMMARY
1. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
2. MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
3. MySQL Eventum Multiple SQL Injection Vulnerabilities
4. Trend Micro OfficeScan POP3 Module Shared Section Insecure Permissions
Vulnerability
5. Pablo Software Solutions Quick 'n Easy FTP Server User Command Denial
of Service Vulnerability
6. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass
Vulnerability
7. Microsoft ActiveSync Network Synchronization Multiple Vulnerabilities
8. ProRat Server Remote Buffer Overflow Vulnerability
9. Symantec Norton GoBack Local Authentication Bypass Vulnerability
10. NetworkActiv Web Server Cross-Site Scripting Vulnerability
11. Microsoft August Advance Notification Unspecified Security
Vulnerabilities
12. Microsoft Windows Unspecified Remote Arbitrary Code Execution
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. IEEE 802.1x & EAP-TLS design based on Windows 2000 Server
2. SecurityFocus Microsoft Newsletter #250
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Greasing the wheel with Greasemonkey
By Scott Granneman
If blogging is enjoyable because it allows us to watch an interesting mind at
work, then Jon Udell's blog is definitely among the most enjoyable.
http://www.securityfocus.com/columnists/346
2. Security still underfunded
By Kelly Martin
Blackhat is one of my favorite places to do some casual online banking over an
insecure WiFi connection. Where's the risk, right?
http://www.securityfocus.com/columnists/345
3. Windows Syscall Shellcode
By Piotr Bania
This article has been written to show that is possible to write shellcode for
Windows operating systems that doesn't use standard API calls at all.
http://www.securityfocus.com/infocus/1844
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14434
Remote: Yes
Date Published: 2005-07-31
Relevant URL: http://www.securityfocus.com/bid/14434
Summary:
BusinessMail is affected by multiple remote buffer overflow vulnerabilities.
These issues arise due to a lack of boundary checks performed by the
application and may allow remote attackers to execute machine code in the
context of the server process.
BusinessMail 4.60 is reportedly vulnerable. Other versions may be affected as
well.
2. MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14436
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14436
Summary:
MySQL Eventum is prone to multiple cross-site scripting vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site. This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.
3. MySQL Eventum Multiple SQL Injection Vulnerabilities
BugTraq ID: 14437
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14437
Summary:
MySQL Eventum is prone to multiple SQL injection vulnerabilities. These issues
are due to a failure in the application to properly sanitize user-supplied
input before using it in SQL queries.
Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.
4. Trend Micro OfficeScan POP3 Module Shared Section Insecure Permissions
Vulnerability
BugTraq ID: 14448
Remote: No
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14448
Summary:
Trend Micro OfficeScan pop3 module utilizes Shared Sections in an insecure
manner.
Attackers may read the data stored in the affected memory region, gaining
access to potentially sensitive information. They may also write arbitrary data
to the shared memory segment.
By writing data to this region, they may alter the message that is displayed to
the user when the pop3 module intercepts malware in email. This may be utilized
in social engineering attacks.
This vulnerability may possibly be exploited to crash the OfficeScan service,
or potentially execute arbitrary machine code with System level privileges.
This has not been confirmed.
This vulnerability is reported in version 5.58 of OfficeScan. Other versions
may also be affected.
5. Pablo Software Solutions Quick 'n Easy FTP Server User Command Denial of
Service Vulnerability
BugTraq ID: 14451
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14451
Summary:
Quick 'n Easy FTP Server is prone to a remotely exploitable denial of service
vulnerability. This may be triggered by a client through an overly long
argument for the USER command.
Successful exploitation may lead to a crash due to resource exhaustion.
This issue was originally identified as a buffer overflow vulnerability. Due
to the availability of more details, it is being changed to a denial of service
vulnerability.
6. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass Vulnerability
BugTraq ID: 14455
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14455
Summary:
Metasploit Framework is susceptible to a restriction bypass vulnerability in
msfweb. This issue is due to a failure of the application to properly implement
access control restrictions.
This issue allows remote attackers to bypass security restrictions in the
affected Web server. Attackers may exploit this issue to attack arbitrary
computers using the Metasploit Framework, while originating the attacks from
the computer hosting the vulnerable msfweb process.
Attackers may also interact with the payload features in the Metasploit
Framework to manipulate files on the hosting computer, likely leading to
executing arbitrary commands and then complete system compromise.
It should be noted that the Metasploit Framework documentation specifies that
msfweb should not be globally accessible, due to potential security problems.
7. Microsoft ActiveSync Network Synchronization Multiple Vulnerabilities
BugTraq ID: 14457
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14457
Summary:
Several specific issues have been identified with the network synchronization
protocol used by Microsoft ActiveSync.
The first issue is the use of cleartext communications for all network traffic.
The second issue is the lack of password authentication.
The third issue is an information disclosure issue when attempting to initiate
network synchronization.
The last issue is a denial of service vulnerability.
These issues combine to allow remote attackers to gain access to potentially
sensitive information, aiding them in further attacks. Attackers may also alter
or destroy data by simulating the synchronization protocol, or crash the
ActiveSync service.
8. ProRat Server Remote Buffer Overflow Vulnerability
BugTraq ID: 14458
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14458
Summary:
ProRat Server is affected by a remote buffer overflow vulnerability.
A successful attack can result in overflowing a finite sized buffer and
ultimately leading to arbitrary code execution in the context of the affected
process. This may allow the attacker to gain elevated privileges.
9. Symantec Norton GoBack Local Authentication Bypass Vulnerability
BugTraq ID: 14461
Remote: No
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14461
Summary:
Norton GoBack is prone to a local authentication bypass vulnerability.
A successful attack causes the application to accept an arbitrary password
value and allow an attacker to make various configuration changes. Other
attacks may be possible as well.
Symantec is currently investigating this issue. This BID will be updated when
further analysis is complete.
10. NetworkActiv Web Server Cross-Site Scripting Vulnerability
BugTraq ID: 14473
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14473
Summary:
NetworkActiv Web Server is prone to a cross-site scripting vulnerability. This
issue is due to a failure in the application to properly sanitize user-supplied
input.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.
11. Microsoft August Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 14476
Remote: Unknown
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14476
Summary:
Microsoft has released advanced notification that they will be releasing six
security bulletins on August 9, 2005.
All six of the security bulletins address Microsoft Windows.
12. Microsoft Windows Unspecified Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 14480
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14480
Summary:
Microsoft Windows is affected by an unspecified remote arbitrary code execution
vulnerability.
Reportedly, this issue can allow remote unauthenticated attackers to gain
access to an affected computer without any user interaction.
Reports indicate that this issue may lend itself to the development of
self-propagating malicious code due to the lack of user interaction required
for exploitation. It is conjectured that a SYSTEM level compromise is
possible.
Due to a lack of details, further information is not available at the moment.
This BID will be updated when more information becomes available.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. IEEE 802.1x & EAP-TLS design based on Windows 2000 Server
http://www.securityfocus.com/archive/88/407639
2. SecurityFocus Microsoft Newsletter #250
http://www.securityfocus.com/archive/88/407139
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Netmon
Concerned about malware infestations, employee productivity, system failures or
service performance on your network? Awareness is the key.
Download the free 17-page whitepaper, "Developing an Effective Network
Monitoring Strategy" today. No registration required.
http://www.securityfocus.com/sponsor/Netmon_ms-secnews_050712
----------------------------------------
This Issue is Sponsored By: Netmon
Concerned about malware infestations, employee productivity, system failures or
service performance on your network? Awareness is the key. Download the free
17-page whitepaper, "Developing an Effective Network Monitoring Strategy"
today. No registration required.
http://www.securityfocus.com/sponsor/Netmon_ms-secnews_050712
------------------------------------------------------------------
I. FRONT AND CENTER
1. Greasing the wheel with Greasemonkey
2. Security still underfunded
3. Windows Syscall Shellcode
II. MICROSOFT VULNERABILITY SUMMARY
1. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
2. MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
3. MySQL Eventum Multiple SQL Injection Vulnerabilities
4. Trend Micro OfficeScan POP3 Module Shared Section Insecure Permissions
Vulnerability
5. Pablo Software Solutions Quick 'n Easy FTP Server User Command Denial
of Service Vulnerability
6. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass
Vulnerability
7. Microsoft ActiveSync Network Synchronization Multiple Vulnerabilities
8. ProRat Server Remote Buffer Overflow Vulnerability
9. Symantec Norton GoBack Local Authentication Bypass Vulnerability
10. NetworkActiv Web Server Cross-Site Scripting Vulnerability
11. Microsoft August Advance Notification Unspecified Security
Vulnerabilities
12. Microsoft Windows Unspecified Remote Arbitrary Code Execution
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. IEEE 802.1x & EAP-TLS design based on Windows 2000 Server
2. SecurityFocus Microsoft Newsletter #250
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Greasing the wheel with Greasemonkey
By Scott Granneman
If blogging is enjoyable because it allows us to watch an interesting mind at
work, then Jon Udell's blog is definitely among the most enjoyable.
http://www.securityfocus.com/columnists/346
2. Security still underfunded
By Kelly Martin
Blackhat is one of my favorite places to do some casual online banking over an
insecure WiFi connection. Where's the risk, right?
http://www.securityfocus.com/columnists/345
3. Windows Syscall Shellcode
By Piotr Bania
This article has been written to show that is possible to write shellcode for
Windows operating systems that doesn't use standard API calls at all.
http://www.securityfocus.com/infocus/1844
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14434
Remote: Yes
Date Published: 2005-07-31
Relevant URL: http://www.securityfocus.com/bid/14434
Summary:
BusinessMail is affected by multiple remote buffer overflow vulnerabilities.
These issues arise due to a lack of boundary checks performed by the
application and may allow remote attackers to execute machine code in the
context of the server process.
BusinessMail 4.60 is reportedly vulnerable. Other versions may be affected as
well.
2. MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14436
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14436
Summary:
MySQL Eventum is prone to multiple cross-site scripting vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site. This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.
3. MySQL Eventum Multiple SQL Injection Vulnerabilities
BugTraq ID: 14437
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14437
Summary:
MySQL Eventum is prone to multiple SQL injection vulnerabilities. These issues
are due to a failure in the application to properly sanitize user-supplied
input before using it in SQL queries.
Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.
4. Trend Micro OfficeScan POP3 Module Shared Section Insecure Permissions
Vulnerability
BugTraq ID: 14448
Remote: No
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14448
Summary:
Trend Micro OfficeScan pop3 module utilizes Shared Sections in an insecure
manner.
Attackers may read the data stored in the affected memory region, gaining
access to potentially sensitive information. They may also write arbitrary data
to the shared memory segment.
By writing data to this region, they may alter the message that is displayed to
the user when the pop3 module intercepts malware in email. This may be utilized
in social engineering attacks.
This vulnerability may possibly be exploited to crash the OfficeScan service,
or potentially execute arbitrary machine code with System level privileges.
This has not been confirmed.
This vulnerability is reported in version 5.58 of OfficeScan. Other versions
may also be affected.
5. Pablo Software Solutions Quick 'n Easy FTP Server User Command Denial of
Service Vulnerability
BugTraq ID: 14451
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14451
Summary:
Quick 'n Easy FTP Server is prone to a remotely exploitable denial of service
vulnerability. This may be triggered by a client through an overly long
argument for the USER command.
Successful exploitation may lead to a crash due to resource exhaustion.
This issue was originally identified as a buffer overflow vulnerability. Due
to the availability of more details, it is being changed to a denial of service
vulnerability.
6. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass Vulnerability
BugTraq ID: 14455
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14455
Summary:
Metasploit Framework is susceptible to a restriction bypass vulnerability in
msfweb. This issue is due to a failure of the application to properly implement
access control restrictions.
This issue allows remote attackers to bypass security restrictions in the
affected Web server. Attackers may exploit this issue to attack arbitrary
computers using the Metasploit Framework, while originating the attacks from
the computer hosting the vulnerable msfweb process.
Attackers may also interact with the payload features in the Metasploit
Framework to manipulate files on the hosting computer, likely leading to
executing arbitrary commands and then complete system compromise.
It should be noted that the Metasploit Framework documentation specifies that
msfweb should not be globally accessible, due to potential security problems.
7. Microsoft ActiveSync Network Synchronization Multiple Vulnerabilities
BugTraq ID: 14457
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14457
Summary:
Several specific issues have been identified with the network synchronization
protocol used by Microsoft ActiveSync.
The first issue is the use of cleartext communications for all network traffic.
The second issue is the lack of password authentication.
The third issue is an information disclosure issue when attempting to initiate
network synchronization.
The last issue is a denial of service vulnerability.
These issues combine to allow remote attackers to gain access to potentially
sensitive information, aiding them in further attacks. Attackers may also alter
or destroy data by simulating the synchronization protocol, or crash the
ActiveSync service.
8. ProRat Server Remote Buffer Overflow Vulnerability
BugTraq ID: 14458
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14458
Summary:
ProRat Server is affected by a remote buffer overflow vulnerability.
A successful attack can result in overflowing a finite sized buffer and
ultimately leading to arbitrary code execution in the context of the affected
process. This may allow the attacker to gain elevated privileges.
9. Symantec Norton GoBack Local Authentication Bypass Vulnerability
BugTraq ID: 14461
Remote: No
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14461
Summary:
Norton GoBack is prone to a local authentication bypass vulnerability.
A successful attack causes the application to accept an arbitrary password
value and allow an attacker to make various configuration changes. Other
attacks may be possible as well.
Symantec is currently investigating this issue. This BID will be updated when
further analysis is complete.
10. NetworkActiv Web Server Cross-Site Scripting Vulnerability
BugTraq ID: 14473
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14473
Summary:
NetworkActiv Web Server is prone to a cross-site scripting vulnerability. This
issue is due to a failure in the application to properly sanitize user-supplied
input.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.
11. Microsoft August Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 14476
Remote: Unknown
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14476
Summary:
Microsoft has released advanced notification that they will be releasing six
security bulletins on August 9, 2005.
All six of the security bulletins address Microsoft Windows.
12. Microsoft Windows Unspecified Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 14480
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14480
Summary:
Microsoft Windows is affected by an unspecified remote arbitrary code execution
vulnerability.
Reportedly, this issue can allow remote unauthenticated attackers to gain
access to an affected computer without any user interaction.
Reports indicate that this issue may lend itself to the development of
self-propagating malicious code due to the lack of user interaction required
for exploitation. It is conjectured that a SYSTEM level compromise is
possible.
Due to a lack of details, further information is not available at the moment.
This BID will be updated when more information becomes available.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. IEEE 802.1x & EAP-TLS design based on Windows 2000 Server
http://www.securityfocus.com/archive/88/407639
2. SecurityFocus Microsoft Newsletter #250
http://www.securityfocus.com/archive/88/407139
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Netmon
Concerned about malware infestations, employee productivity, system failures or
service performance on your network? Awareness is the key.
Download the free 17-page whitepaper, "Developing an Effective Network
Monitoring Strategy" today. No registration required.
http://www.securityfocus.com/sponsor/Netmon_ms-secnews_050712
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]