Focus on Microsoft
SecurityFocus Microsoft Newsletter #367 Nov 08 2007 04:36PM
rkeith securityfocus com

SecurityFocus Microsoft Newsletter #367
----------------------------------------

This issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored.
This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools.
Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=7017000000093zv

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.E-mail privacy to disappear?
2.Rebinding attacks unbound
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation Vulnerability
2. Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities
3. Apple QuickTime PICT Image Remote Stack Buffer Overflow Vulnerability
4. Apple QuickTime Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability
5. Apple QuickTime STSD Atom Remote Heap Buffer Overflow Vulnerability
6. Apple QuickTime Image Description Atom Remote Memory Corruption Vulnerability
7. Apple QuickTime for Java Multiple Unspecified Remote Privilege Escalation Vulnerabilities
8. Apple QuickTime Color Table Atom Remote Heap Buffer Overflow Vulnerability
9. Novell BorderManager Client Trust Heap Based Buffer Overflow Vulnerability
10. Mono System.Math BigInteger Buffer Overflow Vulnerability
11. Symantec Altiris Deployment Solution Directory Traversal Vulnerability
12. Symantec Altiris Deployment Solution Aclient Local Privilege Escalation Vulnerability
13. Ipswitch IMail SMTP Server IMail Client Remote Buffer Overflow Vulnerability
14. Sony CONNECT SonicStage Player M3U Playlist Processing Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.E-mail privacy to disappear?
On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. At issue is whether the procedure whereby the government can subpoena stored copies of your e-mail -- similar to the way they could simply subpoena any physical mail sitting on your desk -- is unconstitutionally broad.
http://www.securityfocus.com/columnists/456

2.Rebinding attacks unbound
By Federico Biancuzzi
DNS rebinding was discovered in 1996 and affected the Java Virtual Machine (VM). Recently a group of researchers at Stanford found out that this vulnerability is still present in browsers and that the common solution, known as DNS pinning, is not effective anymore.
http://www.securityfocus.com/columnists/455

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation Vulnerability
BugTraq ID: 26359
Remote: No
Date Published: 2007-11-06
Relevant URL: http://www.securityfocus.com/bid/26359
Summary:
Microsoft DebugView is prone to a local privilege-escalation vulnerability because it allows user-supplied data to be copied into memory addresses reserved for the kernel.

An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer. Failed attempts could cause denial-of-service conditions.

Microsoft DebugView 4.64 is vulnerable; other versions may also be affected.

2. Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities
BugTraq ID: 26345
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26345
Summary:
Apple QuickTime is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues by enticing an unsuspecting user to open a specially crafted PICT image file.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

These issues affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

3. Apple QuickTime PICT Image Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 26344
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26344
Summary:
Apple QuickTime is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted image file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

4. Apple QuickTime Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 26342
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26342
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

5. Apple QuickTime STSD Atom Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 26341
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26341
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

6. Apple QuickTime Image Description Atom Remote Memory Corruption Vulnerability
BugTraq ID: 26340
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26340
Summary:
Apple QuickTime is prone to a memory-corruption vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

7. Apple QuickTime for Java Multiple Unspecified Remote Privilege Escalation Vulnerabilities
BugTraq ID: 26339
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26339
Summary:
Apple QuickTime for Java is prone to multiple unspecified privilege-escalation vulnerabilities.

Successfully exploiting these issues allows remote attackers to access potentially sensitive information or to execute arbitrary code with elevated privileges. These issues facilitate the remote compromise of affected computers.

These issues affect QuickTime for Java for both Apple Mac OS X and Microsoft Windows platforms.

8. Apple QuickTime Color Table Atom Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 26338
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26338
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OSX.

9. Novell BorderManager Client Trust Heap Based Buffer Overflow Vulnerability
BugTraq ID: 26285
Remote: Yes
Date Published: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26285
Summary:
Novell BorderManager is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

This issue affects BorderManager 3.8; other versions may also be vulnerable.

10. Mono System.Math BigInteger Buffer Overflow Vulnerability
BugTraq ID: 26279
Remote: Yes
Date Published: 2007-10-31
Relevant URL: http://www.securityfocus.com/bid/26279
Summary:
Mono is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in a denial-of-service condition.

11. Symantec Altiris Deployment Solution Directory Traversal Vulnerability
BugTraq ID: 26266
Remote: No
Date Published: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26266
Summary:
Symantec Altiris Deployment Solution is prone to a directory-traversal vulnerability.

Attackers can exploit this issue to access potentially sensitive information that may aid in further attacks.

12. Symantec Altiris Deployment Solution Aclient Local Privilege Escalation Vulnerability
BugTraq ID: 26265
Remote: No
Date Published: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26265
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary files with 'System' privileges. Successful exploits will completely compromise affected computers.

13. Ipswitch IMail SMTP Server IMail Client Remote Buffer Overflow Vulnerability
BugTraq ID: 26252
Remote: Yes
Date Published: 2007-10-30
Relevant URL: http://www.securityfocus.com/bid/26252
Summary:
IMail Client, which is included in Ipswitch IMail Server, is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects IMail Client 9.22, which is included with IMail Server 2006.22; other versions may also be affected.

14. Sony CONNECT SonicStage Player M3U Playlist Processing Buffer Overflow Vulnerability
BugTraq ID: 26241
Remote: Yes
Date Published: 2007-10-29
Relevant URL: http://www.securityfocus.com/bid/26241
Summary:
Sony CONNECT SonicStage player is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Remote attackers may crash the application or execute arbitrary machine code in the context of the user running the affected application.

This issue affects SonicStage 4.3; other versions may also be vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored.
This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools.
Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=7017000000093zv

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus