Focus on Microsoft
SecurityFocus Microsoft Newsletter #418 Oct 30 2008 03:50PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #418
----------------------------------------

This issue is sponsored by HP:

Download a FREE trial of HP WebInspect

Application attacks are growing more prevalent. New attacks are in the news each day.
Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.

https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStar
t&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/We
bInspect_Eval_Secutiy_Focus/3-1QN6MII_3-UTM2ZJ/20081015&origin_id=3-1QN6
MII

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Clicking to the Past
2. The Vice of Vice Presidential E-Mail
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer ' ' Address Bar URI Spoofing Vulnerability
2. PumpKIN Mode Field Remote Denial of Service Vulnerability
3. TUGZip ZIP File Remote Buffer Overflow Vulnerability
4. SilverSHielD 'opendir()' Remote Denial of Service Vulnerability
5. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
6. freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability
7. Multiple EMC NetWorker Products 'nsrexecd.exe' RPC Request Denial of Service Vulnerability
8. Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass Vulnerability
9. IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
10. Multiple Vendor Web Browser FTP Client Cross Site Scripting Weakness
11. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
12. Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #417
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Clicking to the Past
By Chris Wysopal
When the first details trickled out about a new attack, dubbed .clickjacking. by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker.s behalf is one of the oldest attack vectors in the book.
http://www.securityfocus.com/columnists/483

2a .The Vice of Vice Presidential E-Mail
By Mark Rasch
Is it a crime to read someone else's e-mail without their consent? Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/482

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer ' ' Address Bar URI Spoofing Vulnerability
BugTraq ID: 31960
Remote: Yes
Date Published: 2008-10-27
Relevant URL: http://www.securityfocus.com/bid/31960
Summary:
Internet Explorer is affected by a URI-spoofing vulnerability because it fails to adequately handle specific combinations of the non-breaking space character (' ').

An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Internet Explorer 6 is affected by this issue.

2. PumpKIN Mode Field Remote Denial of Service Vulnerability
BugTraq ID: 31922
Remote: Yes
Date Published: 2008-10-25
Relevant URL: http://www.securityfocus.com/bid/31922
Summary:
PumpKIN is prone to a remote denial-of-service vulnerability because the server fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to become unresponsive, denying service to legitimate users.

The issue affects PumpKIN 2.7.2.0; other versions may also be vulnerable.

3. TUGZip ZIP File Remote Buffer Overflow Vulnerability
BugTraq ID: 31913
Remote: Yes
Date Published: 2008-10-25
Relevant URL: http://www.securityfocus.com/bid/31913
Summary:
TUGZip is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

TUGZip 3.00 is vulnerable; other versions may also be affected.

4. SilverSHielD 'opendir()' Remote Denial of Service Vulnerability
BugTraq ID: 31884
Remote: Yes
Date Published: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31884
Summary:
SilverSHielD is prone to a denial-of-service vulnerability because the application fails to handle excessive user input.

An attacker may exploit this issue to crash the vulnerable application, resulting in a denial-of-service condition.

SilverSHielD 1.0.2.34 is vulnerable; other versions may also be affected.

5. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
BugTraq ID: 31874
Remote: Yes
Date Published: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31874
Summary:
Microsoft Windows is prone to a remote-code execution vulnerability that affects RPC (Remote Procedure Call) handling in the Server service.

An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of vulnerable computers. This issue may be prone to widespread automated exploits. Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue.

This vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

6. freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability
BugTraq ID: 31872
Remote: Yes
Date Published: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31872
Summary:
freeSSHd is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects freeSSHd 1.2.1; other versions may also be affected.

7. Multiple EMC NetWorker Products 'nsrexecd.exe' RPC Request Denial of Service Vulnerability
BugTraq ID: 31866
Remote: Yes
Date Published: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31866
Summary:
Multiple EMC NetWorker products are prone to a denial-of-service vulnerability.

Attackers can exploit this issue by sending malicious RPC requests, causing affected applications to consume resources until they become unresponsive. Repeated requests can lead to a denial-of-service condition.

8. Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass Vulnerability
BugTraq ID: 31864
Remote: Yes
Date Published: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31864
Summary:
Cisco PIX and ASA is prone to an authentication-bypass vulnerability.

Remote attackers can exploit this issue to gain unauthorized access to the affected devices. Successfully exploiting this issue will lead to other attacks.

This issue is being monitored by Cisco Bug ID CSCsj25896.

9. IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
BugTraq ID: 31856
Remote: Yes
Date Published: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31856
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities.

Successful exploits may allow attackers to obtain sensitive information or cause a denial-of-service condition.

Versions prior to DB2 9.1 Fixpak 6 are affected.

10. Multiple Vendor Web Browser FTP Client Cross Site Scripting Weakness
BugTraq ID: 31855
Remote: Yes
Date Published: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31855
Summary:
Multiple vendors' web browsers are prone a cross-site scripting weakness that arises because the software fails to handle specially crafted files served using the FTP protocol.

Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an FTP session. This may allow the attacker to perform malicious actions in a user's browser or redirect the user to a malicious site; other attacks are also possible.

11. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 31838
Remote: Yes
Date Published: 2008-10-20
Relevant URL: http://www.securityfocus.com/bid/31838
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issue may allow attackers to crash the application or cause the application to crash, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.10.3 up to and including 1.0.3.

12. Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation Vulnerability
BugTraq ID: 31766
Remote: No
Date Published: 2008-10-20
Relevant URL: http://www.securityfocus.com/bid/31766
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to bypass security settings and gain privileged access. Successfully exploiting this issue will result in the complete compromise of affected computers.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #417
http://www.securityfocus.com/archive/88/497792

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP:

Download a FREE trial of HP WebInspect

Application attacks are growing more prevalent. New attacks are in the news each day.
Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.

https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStar
t&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/We
bInspect_Eval_Secutiy_Focus/3-1QN6MII_3-UTM2ZJ/20081015&origin_id=3-1QN6
MII

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus