SecurityFocus Microsoft Newsletter #257
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Crime? What crime?
2. Cisco SNMP configuration attack with a GRE tunnel
II. MICROSOFT VULNERABILITY SUMMARY
1. Veritas Storage Exec Multiple Remote DCOM Buffer Overflow
Vulnerabilities
2. COOL! Remote Control Remote Denial Of Service Vulnerability
3. PunBB BBCode URL Tag HTML Injection Vulnerability
4. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
5. MIVA Merchant 5 Merchant.MVC Cross-Site Scripting Vulnerability
6. Compuware DriverStudio Remote Control Null Session Authentication
Bypass Vulnerability
7. Compuware DriverStudio Unauthorized Remote Reboot Vulnerability
8. Hosting Controller Unspecified Information Disclosure Vulnerability
9. Microsoft Internet Explorer Unspecified Code Execution Vulnerability
10. VBulletin Multiple Moderator And Administrator SQL Injection
Vulnerabilities
11. VBulletin Multiple Cross-Site Scripting Vulnerabilities
12. Opera Web Browser Mail Client Multiple Vulnerabilities
13. Opera Web Browser Unspecified Drag And Drop File Upload Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. CC and Windows evaluation
2. SecurityFocus Microsoft Newsletter #256
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Crime? What crime?
By Kelly Martin
If there's one thing I've learned in the past few years as editor of
SecurityFocus, it's that there is absolutely no saving grace in the security
world.
http://www.securityfocus.com/columnists/355
2. Cisco SNMP configuration attack with a GRE tunnel
By Mati Aharoni, William M. Hidalgo
Throughout our education as system administrators, SNMP is often a topic that
eludes us.
http://www.securityfocus.com/infocus/1847
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Veritas Storage Exec Multiple Remote DCOM Buffer Overflow Vulnerabilities
BugTraq ID: 14801
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14801
Summary:
Veritas Storage Exec is susceptible to multiple remote buffer overflow
vulnerabilities. These issues are due to the lack of proper bounds checking of
user-supplied data prior to copying it to fixed size memory buffers.
These issues are located in multiple DCOM servers in the affected product. Both
stack-based, and heap-based overflows are identified. By calling associated
ActiveX controls, attackers may exploit these overflows to execute arbitrary
machine code.
These vulnerabilities may be exploited by visiting malicious Web sites, or
viewing HTML email containing malicious script code.
2. COOL! Remote Control Remote Denial Of Service Vulnerability
BugTraq ID: 14802
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14802
Summary:
COOL! Remote Control is vulnerable to a remote denial of service vulnerability.
Successful exploitation will permit remote attackers to deny service to
legitimate users or cause the client to crash.
COOL! Remote Control 1.12 is affected by this issue. Other versions may be
vulnerable as well.
3. PunBB BBCode URL Tag HTML Injection Vulnerability
BugTraq ID: 14808
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14808
Summary:
PunBB is prone to an HTML injection vulnerability. This is due to a lack of
proper sanitization of user-supplied input.
Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based
authentication credentials. An attacker could also exploit this issue to
control how the site is rendered to the user; other attacks are also possible.
4. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
BugTraq ID: 14811
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14811
Summary:
Snort is reported prone to a remote denial of service vulnerability. The
vulnerability is reported to exist in the 'PrintTcpOptions()' function of
'log.c', and is a result of a failure to sufficiently handle malicious TCP
packets.
A remote attacker may trigger this vulnerability to crash a remote Snort server
and in doing so may prevent subsequent malicious attacks from being detected.
It should be noted that the vulnerable code path is only executed when Snort is
run with the '-v' (verbose) flag. Due to the performance penalty of running the
Snort application in verbose mode, it is likely that most production
installations of the application are not vulnerable to this issue.
Update: Further messages have stated that other paths to the vulnerable code
may be possible. Using the 'frag3' preprocessor, ASCII mode logging, the '-A
fast' command-line option, and possibly other options may expose Snort to this
vulnerability. Please see the referenced messages for further information.
5. MIVA Merchant 5 Merchant.MVC Cross-Site Scripting Vulnerability
BugTraq ID: 14828
Remote: Yes
Date Published: 2005-09-14
Relevant URL: http://www.securityfocus.com/bid/14828
Summary:
MIVA Merchant 5 is prone to a cross-site scripting vulnerability.This issue is
due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.
6. Compuware DriverStudio Remote Control Null Session Authentication Bypass
Vulnerability
BugTraq ID: 14837
Remote: Yes
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14837
Summary:
Compuware DriverStudio is prone to an issue that may permit remote attackers to
bypass authentication. This issue exists in the DriverStudio Remote Control
Service.
If the attack is successful, it is possible to launch further attacks that
could result in execution of arbitrary code on the vulnerable computer.
7. Compuware DriverStudio Unauthorized Remote Reboot Vulnerability
BugTraq ID: 14838
Remote: Yes
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14838
Summary:
Compuware DriverStudio is prone to a vulnerability that may let unauthorized
remote users to reboot the system it is running on.
Remote attackers may exploit this issue by sending a specially crafted UDP
datagram to the DriverStudio Remote Control Service.
This issue could be exploited in combination with BID 14837 "Compuware
DriverStudio Remote Control Null Session Authentication Bypass Vulnerability"
to create circumstances that allow for remote code execution on the affected
computer.
8. Hosting Controller Unspecified Information Disclosure Vulnerability
BugTraq ID: 14840
Remote: Yes
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14840
Summary:
Hosting Controller is prone to an unspecified information disclosure
vulnerability.
This vulnerability could permit a remote attacker to view directory listings
and download arbitrary files.
This issue was reported in Hosting Controller 6.1 Hotfix 2.3 and fixed in
Hotfix 2.4. Earlier versions could also be affected.
9. Microsoft Internet Explorer Unspecified Code Execution Vulnerability
BugTraq ID: 14856
Remote: Yes
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14856
Summary:
Microsoft Internet Explorer is affected by an unspecified remote code execution
vulnerability.
This issue affects Internet Explore 6.0, 6.0 SP1, and 6.0 SP2. Other versions
may also be vulnerable.
Due to a lack of information, further details cannot be described at the
moment. This BID will be updated when more information becomes available.
10. VBulletin Multiple Moderator And Administrator SQL Injection
Vulnerabilities
BugTraq ID: 14872
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14872
Summary:
vBulletin is prone to multiple SQL injection vulnerabilities. These issues are
due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.
Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.
11. VBulletin Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14874
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14874
Summary:
vBulletin is prone to multiple cross-site scripting vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site. This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.
12. Opera Web Browser Mail Client Multiple Vulnerabilities
BugTraq ID: 14880
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14880
Summary:
Opera Web Browser Mail client is affected by multiple vulnerabilities. These
issues could allow remote attackers to spoof attachment names and carry out
script injection attacks.
These vulnerabilities may also be combined to carry out various attacks.
Opera Web Browser 8.02 is reportedly vulnerable, however, it is likely that
other versions are affected as well.
13. Opera Web Browser Unspecified Drag And Drop File Upload Vulnerability
BugTraq ID: 14884
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14884
Summary:
Opera Web Browser is affected by an unspecified drag and drop file upload
vulnerability.
The cause of this issue was not specified, however, it may allow remote
attackers to upload arbitrary files to a computer. This can lead to various
attacks including arbitrary code execution in the context of the user running
the browser.
Due to lack of information, further details cannot be provided at the moment.
This BID will be update when more information becomes available.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. CC and Windows evaluation
http://www.securityfocus.com/archive/88/411183
2. SecurityFocus Microsoft Newsletter #256
http://www.securityfocus.com/archive/88/410591
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Crime? What crime?
2. Cisco SNMP configuration attack with a GRE tunnel
II. MICROSOFT VULNERABILITY SUMMARY
1. Veritas Storage Exec Multiple Remote DCOM Buffer Overflow
Vulnerabilities
2. COOL! Remote Control Remote Denial Of Service Vulnerability
3. PunBB BBCode URL Tag HTML Injection Vulnerability
4. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
5. MIVA Merchant 5 Merchant.MVC Cross-Site Scripting Vulnerability
6. Compuware DriverStudio Remote Control Null Session Authentication
Bypass Vulnerability
7. Compuware DriverStudio Unauthorized Remote Reboot Vulnerability
8. Hosting Controller Unspecified Information Disclosure Vulnerability
9. Microsoft Internet Explorer Unspecified Code Execution Vulnerability
10. VBulletin Multiple Moderator And Administrator SQL Injection
Vulnerabilities
11. VBulletin Multiple Cross-Site Scripting Vulnerabilities
12. Opera Web Browser Mail Client Multiple Vulnerabilities
13. Opera Web Browser Unspecified Drag And Drop File Upload Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. CC and Windows evaluation
2. SecurityFocus Microsoft Newsletter #256
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Crime? What crime?
By Kelly Martin
If there's one thing I've learned in the past few years as editor of
SecurityFocus, it's that there is absolutely no saving grace in the security
world.
http://www.securityfocus.com/columnists/355
2. Cisco SNMP configuration attack with a GRE tunnel
By Mati Aharoni, William M. Hidalgo
Throughout our education as system administrators, SNMP is often a topic that
eludes us.
http://www.securityfocus.com/infocus/1847
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Veritas Storage Exec Multiple Remote DCOM Buffer Overflow Vulnerabilities
BugTraq ID: 14801
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14801
Summary:
Veritas Storage Exec is susceptible to multiple remote buffer overflow
vulnerabilities. These issues are due to the lack of proper bounds checking of
user-supplied data prior to copying it to fixed size memory buffers.
These issues are located in multiple DCOM servers in the affected product. Both
stack-based, and heap-based overflows are identified. By calling associated
ActiveX controls, attackers may exploit these overflows to execute arbitrary
machine code.
These vulnerabilities may be exploited by visiting malicious Web sites, or
viewing HTML email containing malicious script code.
2. COOL! Remote Control Remote Denial Of Service Vulnerability
BugTraq ID: 14802
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14802
Summary:
COOL! Remote Control is vulnerable to a remote denial of service vulnerability.
Successful exploitation will permit remote attackers to deny service to
legitimate users or cause the client to crash.
COOL! Remote Control 1.12 is affected by this issue. Other versions may be
vulnerable as well.
3. PunBB BBCode URL Tag HTML Injection Vulnerability
BugTraq ID: 14808
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14808
Summary:
PunBB is prone to an HTML injection vulnerability. This is due to a lack of
proper sanitization of user-supplied input.
Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based
authentication credentials. An attacker could also exploit this issue to
control how the site is rendered to the user; other attacks are also possible.
4. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
BugTraq ID: 14811
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14811
Summary:
Snort is reported prone to a remote denial of service vulnerability. The
vulnerability is reported to exist in the 'PrintTcpOptions()' function of
'log.c', and is a result of a failure to sufficiently handle malicious TCP
packets.
A remote attacker may trigger this vulnerability to crash a remote Snort server
and in doing so may prevent subsequent malicious attacks from being detected.
It should be noted that the vulnerable code path is only executed when Snort is
run with the '-v' (verbose) flag. Due to the performance penalty of running the
Snort application in verbose mode, it is likely that most production
installations of the application are not vulnerable to this issue.
Update: Further messages have stated that other paths to the vulnerable code
may be possible. Using the 'frag3' preprocessor, ASCII mode logging, the '-A
fast' command-line option, and possibly other options may expose Snort to this
vulnerability. Please see the referenced messages for further information.
5. MIVA Merchant 5 Merchant.MVC Cross-Site Scripting Vulnerability
BugTraq ID: 14828
Remote: Yes
Date Published: 2005-09-14
Relevant URL: http://www.securityfocus.com/bid/14828
Summary:
MIVA Merchant 5 is prone to a cross-site scripting vulnerability.This issue is
due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.
6. Compuware DriverStudio Remote Control Null Session Authentication Bypass
Vulnerability
BugTraq ID: 14837
Remote: Yes
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14837
Summary:
Compuware DriverStudio is prone to an issue that may permit remote attackers to
bypass authentication. This issue exists in the DriverStudio Remote Control
Service.
If the attack is successful, it is possible to launch further attacks that
could result in execution of arbitrary code on the vulnerable computer.
7. Compuware DriverStudio Unauthorized Remote Reboot Vulnerability
BugTraq ID: 14838
Remote: Yes
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14838
Summary:
Compuware DriverStudio is prone to a vulnerability that may let unauthorized
remote users to reboot the system it is running on.
Remote attackers may exploit this issue by sending a specially crafted UDP
datagram to the DriverStudio Remote Control Service.
This issue could be exploited in combination with BID 14837 "Compuware
DriverStudio Remote Control Null Session Authentication Bypass Vulnerability"
to create circumstances that allow for remote code execution on the affected
computer.
8. Hosting Controller Unspecified Information Disclosure Vulnerability
BugTraq ID: 14840
Remote: Yes
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14840
Summary:
Hosting Controller is prone to an unspecified information disclosure
vulnerability.
This vulnerability could permit a remote attacker to view directory listings
and download arbitrary files.
This issue was reported in Hosting Controller 6.1 Hotfix 2.3 and fixed in
Hotfix 2.4. Earlier versions could also be affected.
9. Microsoft Internet Explorer Unspecified Code Execution Vulnerability
BugTraq ID: 14856
Remote: Yes
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14856
Summary:
Microsoft Internet Explorer is affected by an unspecified remote code execution
vulnerability.
This issue affects Internet Explore 6.0, 6.0 SP1, and 6.0 SP2. Other versions
may also be vulnerable.
Due to a lack of information, further details cannot be described at the
moment. This BID will be updated when more information becomes available.
10. VBulletin Multiple Moderator And Administrator SQL Injection
Vulnerabilities
BugTraq ID: 14872
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14872
Summary:
vBulletin is prone to multiple SQL injection vulnerabilities. These issues are
due to a failure in the application to properly sanitize user-supplied input
before using it in SQL queries.
Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.
11. VBulletin Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14874
Remote: Yes
Date Published: 2005-09-19
Relevant URL: http://www.securityfocus.com/bid/14874
Summary:
vBulletin is prone to multiple cross-site scripting vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the affected
site. This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.
12. Opera Web Browser Mail Client Multiple Vulnerabilities
BugTraq ID: 14880
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14880
Summary:
Opera Web Browser Mail client is affected by multiple vulnerabilities. These
issues could allow remote attackers to spoof attachment names and carry out
script injection attacks.
These vulnerabilities may also be combined to carry out various attacks.
Opera Web Browser 8.02 is reportedly vulnerable, however, it is likely that
other versions are affected as well.
13. Opera Web Browser Unspecified Drag And Drop File Upload Vulnerability
BugTraq ID: 14884
Remote: Yes
Date Published: 2005-09-20
Relevant URL: http://www.securityfocus.com/bid/14884
Summary:
Opera Web Browser is affected by an unspecified drag and drop file upload
vulnerability.
The cause of this issue was not specified, however, it may allow remote
attackers to upload arbitrary files to a computer. This can lead to various
attacks including arbitrary code execution in the context of the user running
the browser.
Due to lack of information, further details cannot be provided at the moment.
This BID will be update when more information becomes available.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. CC and Windows evaluation
http://www.securityfocus.com/archive/88/411183
2. SecurityFocus Microsoft Newsletter #256
http://www.securityfocus.com/archive/88/410591
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]