Focus on Microsoft
SecurityFocus Microsoft Newsletter #398 Jun 12 2008 04:13PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #398

----------------------------------------

This issue is sponsored by IBM® Rational® AppScan

Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities.
Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Racing Against Reversers
2.Anti-Social Networking
II. MICROSOFT VULNERABILITY SUMMARY
1. RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
2. IBM DB2 Universal Database Prior to 9.1 Fixpak 5 Multiple Vulnerabilities
3. Microsoft Windows WINS Server Local Privilege Escalation Vulnerability
4. ALFTP FTP Client 'LIST' Command Directory Traversal Vulnerability
5. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
6. Microsoft DirectX MJPEG Video Streaming Stack Based Buffer Overflow Vulnerability
7. Microsoft DirectX SAMI File Parsing Stack Based Buffer Overflow Vulnerability
8. RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
9. Microsoft Internet Explorer HTML Objects 'substringData()' Remote Code Execution Vulnerability
10. Sleipnir 'favorite search' Function Script Code Execution Vulnerability
11. Sun Java ASP Server Information Disclosure Vulnerability
12. Sun Java ASP Server Multiple Directory Traversal Vulnerabilities
13. Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability
14. Microsoft Windows PGM Invalid Fragment Remote Denial Of Service Vulnerability
15. Microsoft Windows PGM Invalid Length Remote Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. default for requiring authentication 2003
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Racing Against Reversers
By Federico Biancuzzi
Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs.
http://www.securityfocus.com/columnists/474

2.Anti-Social Networking
By Mark Rasch
On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions.
http://www.securityfocus.com/columnists/473

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 29619
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29619
Summary:
Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code.

These issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, 'file:' URIs, and AAC-encoded media. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user; failed exploits will cause denial-of-service conditions.

Versions prior to QuickTime 7.5 are affected.

NOTE: This BID is being retired; the following individual records have been created to better document the issues:

29649 Apple QuickTime 'PICT' Image 'PixData' Structures Handling Heap Overflow Vulnerability
29650 Apple QuickTime 'file:' URI File Execution Vulnerability
29654 Apple QuickTime 'AAC-encoded' Media Memory Corruption Vulnerability
29648 Apple QuickTime 'PICT' Image Buffer Overflow Vulnerability
29652 Apple QuickTime Indo Video Codec Buffer Overflow Vulnerability

2. IBM DB2 Universal Database Prior to 9.1 Fixpak 5 Multiple Vulnerabilities
BugTraq ID: 29601
Remote: Yes
Date Published: 2008-06-02
Relevant URL: http://www.securityfocus.com/bid/29601
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities, including buffer-overflow issues, local privilege-escalation issues, and an unspecified issue.

An attacker may exploit these issues to execute arbitrary code, gain elevated privileges, or crash the affected application, denying service to legitimate users.

These vulnerabilities affect versions prior to DB2 9.1 Fixpak 5.

3. Microsoft Windows WINS Server Local Privilege Escalation Vulnerability
BugTraq ID: 29588
Remote: No
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29588
Summary:
Microsoft Windows WINS server is prone to a local privilege-escalation vulnerability that may be triggered by malicious WINS network packets.

Successful exploits allow local attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising the affected computer.

4. ALFTP FTP Client 'LIST' Command Directory Traversal Vulnerability
BugTraq ID: 29585
Remote: Yes
Date Published: 2008-06-06
Relevant URL: http://www.securityfocus.com/bid/29585
Summary:
ALFTP is prone to a directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client.

Exploiting these issues will allow an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

ALFTP 4.1 beta 2 (English) and 5.0 (Korean) are vulnerable; other versions may also be affected.

5. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
BugTraq ID: 29584
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29584
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory, ADAM (Active Directory Application Mode), and AD LDS (Active Directory Lightweight Directory Service) fail to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue by sending a specially crafted LDAP request to the affected computer. This would cause the affected system to temporarily stop responding to LDAP requests, thus denying further service to legitimate users.

Note that the attacker requires valid logon credentials to exploit this issue on Windows Server 2003 and on any system that has ADAM installed.

This issue affects these components:

- Active Directory on Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008
- ADAM on Windows XP Professional and Windows Server 2003
- AD LDS on Windows Server 2008

Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

6. Microsoft DirectX MJPEG Video Streaming Stack Based Buffer Overflow Vulnerability
BugTraq ID: 29581
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29581
Summary:
Microsoft DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

7. Microsoft DirectX SAMI File Parsing Stack Based Buffer Overflow Vulnerability
BugTraq ID: 29578
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29578
Summary:
Microsoft DirectX is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling malformed SAMI files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

8. RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 29576
Remote: Yes
Date Published: 2008-06-05
Relevant URL: http://www.securityfocus.com/bid/29576
Summary:
Microsoft has released advance notification that the vendor will be releasing seven security bulletins on June 10, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

NOTE: The following individual records have been created to document these vulnerabilities:

29522 Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability
29556 Microsoft Internet Explorer HTML Objects 'substringData()' Remote Code Execution Vulnerability
28379 Microsoft Internet Explorer 'setRequestHeader()' Multiple Vulnerabilities
22359 Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability
29558 Backweb 'LiteInstActivator.dll' ActiveX Control Remote Code Execution Vulnerability
29581 Microsoft DirectX MJPEG Video Streaming Remote Code Execution Vulnerability
29578 Microsoft DirectX SAMI File Parsing Remote Code Execution Vulnerability
29588 Microsoft Windows WINS Server Local Privilege Escalation Vulnerability
29584 Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
29508 Microsoft Windows PGM Invalid Length Remote Denial of Service Vulnerability
29509 Microsoft Windows PGM Invalid Fragment Remote Denial of Service Vulnerability

9. Microsoft Internet Explorer HTML Objects 'substringData()' Remote Code Execution Vulnerability
BugTraq ID: 29556
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29556
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to perform adequate boundary checks when handling certain HTML object data.

Attackers can leverage this issue to execute arbitrary code with the privileges of the user running the application. Successful exploits will compromise affected computers. Failed attacks may cause denial-of-service conditions.

10. Sleipnir 'favorite search' Function Script Code Execution Vulnerability
BugTraq ID: 29555
Remote: Yes
Date Published: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29555
Summary:
Sleipnir is prone to a vulnerability that lets remote attackers execute arbitrary script code because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code within the context of the affected application.

Sleipnir 2.7.1 is vulnerable; prior versions may also be affected.

11. Sun Java ASP Server Information Disclosure Vulnerability
BugTraq ID: 29540
Remote: Yes
Date Published: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29540
Summary:
Sun Java ASP Server is prone to an information-disclosure issue because it fails to restrict access to potentially sensitive information.

Attackers can exploit this issue to obtain information that will aid in further attacks.

Java ASP Server 4.0.2 and prior versions are vulnerable.

NOTE: This issue does not affect instances of the server when running on Microsoft Windows.

12. Sun Java ASP Server Multiple Directory Traversal Vulnerabilities
BugTraq ID: 29538
Remote: Yes
Date Published: 2008-06-04
Relevant URL: http://www.securityfocus.com/bid/29538
Summary:
Sun Java ASP Server is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues using directory-traversal sequences ('../') to view or delete arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks.

Versions prior to Sun Java ASP Server 4.0.3 are vulnerable.

13. Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability
BugTraq ID: 29522
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29522
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because its implementation of the Bluetooth stack fails to adequately handle a flood of specially crafted SDP (Service Discovery Protocol) requests.

To exploit this issue, an attacker must be within close physical proximity of the affected computer.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.

This issue affects only computers with Bluetooth capability.

14. Microsoft Windows PGM Invalid Fragment Remote Denial Of Service Vulnerability
BugTraq ID: 29509
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29509
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted PGM (Pragmatic General Multicast) network traffic.

Attackers can exploit this issue to cause affected computers to stop responding until all the malformed packets have been processed. Successful attacks will deny service to legitimate users.

On computers running Windows XP and Windows Server 2003, PGM is enabled only when Microsoft Message Queuing (MSMQ) 3.0 is installed. The MSMQ service is not installed by default.

On computers running Windows Vista or Windows Server 2008, PGM is enabled only when Microsoft Message Queuing (MSMQ) 4.0 is installed and when PGM is specifically enabled. The MSMQ service is not installed by default. When MSMQ is installed, PGM processing is not enabled by default.

15. Microsoft Windows PGM Invalid Length Remote Denial Of Service Vulnerability
BugTraq ID: 29508
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29508
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted PGM (Pragmatic General Multicast) network traffic.

Attackers can exploit this issue to cause an affected computer to stop responding until it is manually restarted. Successful attacks will deny service to legitimate users.

NOTE: PGM is enabled only when Microsoft Message Queuing (MSMQ) 3.0 is installed on computers running Windows XP and Windows Server 2003. The MSMQ service is not installed by default. Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. default for requiring authentication 2003
http://www.securityfocus.com/archive/88/493298

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by IBM® Rational® AppScan

Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities.
Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus