SecurityFocus Microsoft Newsletter #253
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer is a
free service that gives you the ability to track and manage attacks. Analyzer
automatically correlates attacks from various Firewall and network based
Intrusion Detection Systems, giving you a comprehensive view of your computer
or general network. Sign up today!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Legal disassembly
2. It's only a matter of time...
II. MICROSOFT VULNERABILITY SUMMARY
1. Chris Moneymaker's World Poker Championship Buffer Overflow
Vulnerability
2. Microsoft Visual Studio .NET msdds.dll Remote Code Execution
Vulnerability
3. Sysinternals Process Explorer CompanyName Value Buffer Overflow
Vulnerability
4. Computer Associates Message Queuing Denial Of Service Vulnerability
5. Computer Associates Message Queuing Buffer Overflow Vulnerability
6. Computer Associates Message Queuing CAFT Spoofing Vulnerability
7. ZipTorrent Proxy Server Password Disclosure Vulnerability
8. Mercora IMRadio Plaintext Password Disclosure Weakness
9. CVS Cvsbug.In Script Insecure Temporary File Creation Vulnerability
10. MPlayer Audio Header Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Latest patches: restart issues?
2. New MS patches crashed my 2k3 SP1 PDC
3. exploit to vulnerability
4. Exploiting heap overflows on XP SP2
5. SharePoint securization
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Legal disassembly
By Mark Rasch
When security researcher and ISS employee Michael Lynn went to give a
presentation at the Black Hat conference in Las Vegas, little did he know he
would ignite a legal firestorm questioning whether even the act of looking for
security vulnerabilities violates the law.
http://www.securityfocus.com/columnists/349
2. It's only a matter of time...
By Jason Miller
According to the Apple Web site, Security Update 2005-007 was released to the
public on August 12, 2005. And, as with all of their recent security updates,
it is available to all Apple customers free of charge. I'm sure none of you
reading this article will argue with me about that being a good thing.
http://www.securityfocus.com/columnists/348
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Chris Moneymaker's World Poker Championship Buffer Overflow Vulnerability
BugTraq ID: 14587
Remote: Yes
Date Published: 2005-08-17
Relevant URL: http://www.securityfocus.com/bid/14587
Summary:
Chris Moneymaker's World Poker Championship is prone to a boundary condition
error. Exploitation may cause the application to fail or result in arbitrary
code execution.
2. Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability
BugTraq ID: 14594
Remote: Yes
Date Published: 2005-08-17
Relevant URL: http://www.securityfocus.com/bid/14594
Summary:
Microsoft Visual Studio .NET is prone to a vulnerability that could allow
remote arbitrary code execution.
The list of vulnerable packages has been updated to include applications
suspected of installing the vulnerable msdds.dll library.
3. Sysinternals Process Explorer CompanyName Value Buffer Overflow
Vulnerability
BugTraq ID: 14616
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14616
Summary:
Process Explorer is prone to a buffer overflow vulnerability. This issue is
due to a failure in the application to perform proper bounds checking on
user-supplied data.
A successful attack can result in the overflowing of a finite sized buffer and
may ultimately lead to the execution of arbitrary code in the context of the
affected application.
4. Computer Associates Message Queuing Denial Of Service Vulnerability
BugTraq ID: 14621
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14621
Summary:
Computer Associates Message Queuing (CAM) is prone to a remote denial of
service vulnerability.
A remote attacker can exploit this vulnerability to deny service to legitimate
users.
It should be noted exploitation of this issue does not cause the affected
application to consume system resources. The only known consequence is no
further connections to the TCP port can take place.
5. Computer Associates Message Queuing Buffer Overflow Vulnerability
BugTraq ID: 14622
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14622
Summary:
Computer Associates Message Queuing (CAM) is prone to a buffer overflow
vulnerability. This issue is due to a failure in the application to perform
proper bounds checking on user-supplied data.
A successful attack can cause the process's execution stack to overflow and may
ultimately lead to the execution of arbitrary code in the context of the
affected application. This may facilitate privilege escalation to SYSTEM level
privileges.
6. Computer Associates Message Queuing CAFT Spoofing Vulnerability
BugTraq ID: 14623
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14623
Summary:
CAM is prone to a vulnerability that could permit the spoofing of a CAFT
application utilizing the CAM instance. This may ultimately allow the
execution of arbitrary commands.
CAFT is a file transfer application that utilizes CAM to send and receive the
files. The problem presents itself due to a failure in the CAM service to
verify the legitimacy of the CAFT application. An attacker can spoof a
legitimate CAFT instance and ultimately execute arbitrary CAM commands with
elevated privileges.
7. ZipTorrent Proxy Server Password Disclosure Vulnerability
BugTraq ID: 14645
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14645
Summary:
ZipTorrent is affected by a vulnerability that may allow local attackers to
obtain the proxy server passwords of affected users.
This may lead to various attacks against affected users including the
disclosure of sensitive information.
ZipTorrent 1.3.7.3 is vulnerable to this issue, however, other versions may be
affected as well.
8. Mercora IMRadio Plaintext Password Disclosure Weakness
BugTraq ID: 14646
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14646
Summary:
Mercora IMRadio is prone to a plaintext password disclosure weakness. This will
allow an attacker to view the registry keys for the application and retrieve
user names and passwords for users of the affected application.
A local attacker with privileges to view the registry can retrieve the
passwords for other users of the affected application.
9. CVS Cvsbug.In Script Insecure Temporary File Creation Vulnerability
BugTraq ID: 14648
Remote: No
Date Published: 2005-08-19
Relevant URL: http://www.securityfocus.com/bid/14648
Summary:
CVS creates temporary files in an insecure manner.
The vulnerability is due to the program creating temporary files with a
predictable name in the '/tmp' directory.
Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well.
10. MPlayer Audio Header Buffer Overflow Vulnerability
BugTraq ID: 14652
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14652
Summary:
A buffer overflow vulnerability affects MPlayer. This issue is due to a failure
of the application to properly validate the length of user-supplied strings
prior to copying them into static process buffers.
The problem presents itself when the affected application attempts to process
audio streams that contain overly large values in their header.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Latest patches: restart issues?
http://www.securityfocus.com/archive/88/408678
2. New MS patches crashed my 2k3 SP1 PDC
http://www.securityfocus.com/archive/88/408679
3. exploit to vulnerability
http://www.securityfocus.com/archive/88/408570
4. Exploiting heap overflows on XP SP2
http://www.securityfocus.com/archive/88/408467
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer is a
free service that gives you the ability to track and manage attacks. Analyzer
automatically correlates attacks from various Firewall and network based
Intrusion Detection Systems, giving you a comprehensive view of your computer
or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer is a
free service that gives you the ability to track and manage attacks. Analyzer
automatically correlates attacks from various Firewall and network based
Intrusion Detection Systems, giving you a comprehensive view of your computer
or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Legal disassembly
2. It's only a matter of time...
II. MICROSOFT VULNERABILITY SUMMARY
1. Chris Moneymaker's World Poker Championship Buffer Overflow
Vulnerability
2. Microsoft Visual Studio .NET msdds.dll Remote Code Execution
Vulnerability
3. Sysinternals Process Explorer CompanyName Value Buffer Overflow
Vulnerability
4. Computer Associates Message Queuing Denial Of Service Vulnerability
5. Computer Associates Message Queuing Buffer Overflow Vulnerability
6. Computer Associates Message Queuing CAFT Spoofing Vulnerability
7. ZipTorrent Proxy Server Password Disclosure Vulnerability
8. Mercora IMRadio Plaintext Password Disclosure Weakness
9. CVS Cvsbug.In Script Insecure Temporary File Creation Vulnerability
10. MPlayer Audio Header Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Latest patches: restart issues?
2. New MS patches crashed my 2k3 SP1 PDC
3. exploit to vulnerability
4. Exploiting heap overflows on XP SP2
5. SharePoint securization
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Legal disassembly
By Mark Rasch
When security researcher and ISS employee Michael Lynn went to give a
presentation at the Black Hat conference in Las Vegas, little did he know he
would ignite a legal firestorm questioning whether even the act of looking for
security vulnerabilities violates the law.
http://www.securityfocus.com/columnists/349
2. It's only a matter of time...
By Jason Miller
According to the Apple Web site, Security Update 2005-007 was released to the
public on August 12, 2005. And, as with all of their recent security updates,
it is available to all Apple customers free of charge. I'm sure none of you
reading this article will argue with me about that being a good thing.
http://www.securityfocus.com/columnists/348
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Chris Moneymaker's World Poker Championship Buffer Overflow Vulnerability
BugTraq ID: 14587
Remote: Yes
Date Published: 2005-08-17
Relevant URL: http://www.securityfocus.com/bid/14587
Summary:
Chris Moneymaker's World Poker Championship is prone to a boundary condition
error. Exploitation may cause the application to fail or result in arbitrary
code execution.
2. Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability
BugTraq ID: 14594
Remote: Yes
Date Published: 2005-08-17
Relevant URL: http://www.securityfocus.com/bid/14594
Summary:
Microsoft Visual Studio .NET is prone to a vulnerability that could allow
remote arbitrary code execution.
The list of vulnerable packages has been updated to include applications
suspected of installing the vulnerable msdds.dll library.
3. Sysinternals Process Explorer CompanyName Value Buffer Overflow
Vulnerability
BugTraq ID: 14616
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14616
Summary:
Process Explorer is prone to a buffer overflow vulnerability. This issue is
due to a failure in the application to perform proper bounds checking on
user-supplied data.
A successful attack can result in the overflowing of a finite sized buffer and
may ultimately lead to the execution of arbitrary code in the context of the
affected application.
4. Computer Associates Message Queuing Denial Of Service Vulnerability
BugTraq ID: 14621
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14621
Summary:
Computer Associates Message Queuing (CAM) is prone to a remote denial of
service vulnerability.
A remote attacker can exploit this vulnerability to deny service to legitimate
users.
It should be noted exploitation of this issue does not cause the affected
application to consume system resources. The only known consequence is no
further connections to the TCP port can take place.
5. Computer Associates Message Queuing Buffer Overflow Vulnerability
BugTraq ID: 14622
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14622
Summary:
Computer Associates Message Queuing (CAM) is prone to a buffer overflow
vulnerability. This issue is due to a failure in the application to perform
proper bounds checking on user-supplied data.
A successful attack can cause the process's execution stack to overflow and may
ultimately lead to the execution of arbitrary code in the context of the
affected application. This may facilitate privilege escalation to SYSTEM level
privileges.
6. Computer Associates Message Queuing CAFT Spoofing Vulnerability
BugTraq ID: 14623
Remote: Yes
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14623
Summary:
CAM is prone to a vulnerability that could permit the spoofing of a CAFT
application utilizing the CAM instance. This may ultimately allow the
execution of arbitrary commands.
CAFT is a file transfer application that utilizes CAM to send and receive the
files. The problem presents itself due to a failure in the CAM service to
verify the legitimacy of the CAFT application. An attacker can spoof a
legitimate CAFT instance and ultimately execute arbitrary CAM commands with
elevated privileges.
7. ZipTorrent Proxy Server Password Disclosure Vulnerability
BugTraq ID: 14645
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14645
Summary:
ZipTorrent is affected by a vulnerability that may allow local attackers to
obtain the proxy server passwords of affected users.
This may lead to various attacks against affected users including the
disclosure of sensitive information.
ZipTorrent 1.3.7.3 is vulnerable to this issue, however, other versions may be
affected as well.
8. Mercora IMRadio Plaintext Password Disclosure Weakness
BugTraq ID: 14646
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14646
Summary:
Mercora IMRadio is prone to a plaintext password disclosure weakness. This will
allow an attacker to view the registry keys for the application and retrieve
user names and passwords for users of the affected application.
A local attacker with privileges to view the registry can retrieve the
passwords for other users of the affected application.
9. CVS Cvsbug.In Script Insecure Temporary File Creation Vulnerability
BugTraq ID: 14648
Remote: No
Date Published: 2005-08-19
Relevant URL: http://www.securityfocus.com/bid/14648
Summary:
CVS creates temporary files in an insecure manner.
The vulnerability is due to the program creating temporary files with a
predictable name in the '/tmp' directory.
Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well.
10. MPlayer Audio Header Buffer Overflow Vulnerability
BugTraq ID: 14652
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14652
Summary:
A buffer overflow vulnerability affects MPlayer. This issue is due to a failure
of the application to properly validate the length of user-supplied strings
prior to copying them into static process buffers.
The problem presents itself when the affected application attempts to process
audio streams that contain overly large values in their header.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Latest patches: restart issues?
http://www.securityfocus.com/archive/88/408678
2. New MS patches crashed my 2k3 SP1 PDC
http://www.securityfocus.com/archive/88/408679
3. exploit to vulnerability
http://www.securityfocus.com/archive/88/408570
4. Exploiting heap overflows on XP SP2
http://www.securityfocus.com/archive/88/408467
5. SharePoint securization
http://www.securityfocus.com/archive/88/408410
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer is a
free service that gives you the ability to track and manage attacks. Analyzer
automatically correlates attacks from various Firewall and network based
Intrusion Detection Systems, giving you a comprehensive view of your computer
or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]