Focus on Microsoft
SecurityFocus Microsoft Newsletter #437 Mar 27 2009 09:16PM
Rob Keith (rkeith securityfocus com)

SecurityFocus Microsoft Newsletter #437
----------------------------------------

This issue is sponsored by Entrust

Securing What's at Risk: A Common Sense Approach to Protecting Users Online

This white paper outlines issues with managing online identities across a diverse customer base when faced with increasing threats. It proposes a common sense approach that matches security to the assessed risk for users, actions and applications.

http://dinclinx.com/Redirect.aspx?36;3123;45;189;0;7;259;4e7f07a589d9493
8

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Time to Shield Researchers
2. Contracting For Secure Code
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities
2. Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
3. Sysax Multi Server FTP 'DELE' Directory Traversal Vulnerability
4. Orbit Downloader ActiveX Control 'download()' Method Arbitrary File Delete Vulnerability
5. POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability
6. BS.Player '.bsl' File Hostname Remote Buffer Overflow Vulnerability
7. Internet Explorer Unspecified Remote Code Execution Vulnerability
8. Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability
9. CDex 'ogg' File Buffer Overflow Vulnerability
10. PHPRunner 'SearchField' Parameter SQL Injection Vulnerability
11. Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability
12. JustSystems Ichitaro Unspecified Code Execution Vulnerability
13. WinAsm Studio '.wap' Project File Heap-Based Buffer Overflow Vulnerability
14. Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
15. Rosoft Media Player 'rml' File Buffer Overflow Vulnerability
16. Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability
17. Symantec pcAnywhere Local Format String Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Shield Researchers
By Oliver Day
Research is the backbone of the security industry but the legal climate has become so adverse that researchers have had to worry about injunctions, FBI visits, and even arrest.
http://www.securityfocus.com/columnists/495

2. Contracting For Secure Code
By Chris Wysopal
Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask Kaspersky Lab.
http://www.securityfocus.com/columnists/494

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities
BugTraq ID: 34258
Remote: Yes
Date Published: 2009-03-23
Relevant URL: http://www.securityfocus.com/bid/34258
Summary:
Microsoft Windows Services for UNIX and Subsystem for UNIX-based Applications (SUA) are prone to multiple remote code-execution vulnerabilities.

Exploiting these issues can allow an attacker to execute arbitrary code within the context of the affected applications.

Various versions of Windows 2008, Windows Vista, and Windows Services for UNIX are affected.

2. Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability
BugTraq ID: 34250
Remote: Yes
Date Published: 2009-03-24
Relevant URL: http://www.securityfocus.com/bid/34250
Summary:
Microsoft GDI+ is prone to a stack-based buffer-overflow vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.

Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

NOTE (March 25, 2009): Further investigation reveals that this issue is in fact a new issue and has been assigned its own BID. Information that was added on March 24, 2009 to BID 31019 ('Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability') is now provided in this BID.

3. Sysax Multi Server FTP 'DELE' Directory Traversal Vulnerability
BugTraq ID: 34209
Remote: Yes
Date Published: 2009-03-23
Relevant URL: http://www.securityfocus.com/bid/34209
Summary:
Sysax Multi Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow a remote attacker to access arbitrary files outside of the FTP server root directory. This can expose sensitive information that could help the attacker launch further attacks.

Sysax Multi Server 4.3 is vulnerable; other versions may also be affected.

4. Orbit Downloader ActiveX Control 'download()' Method Arbitrary File Delete Vulnerability
BugTraq ID: 34200
Remote: Yes
Date Published: 2009-03-23
Relevant URL: http://www.securityfocus.com/bid/34200
Summary:
Orbit Downloader ActiveX control is prone to a vulnerability that lets attackers delete arbitrary files on the affected computer in the context of the application using the ActiveX control (typically Internet Explorer). Successful attacks can result in denial-of-service conditions.

Orbit Downloader 2.8.7 is vulnerable; other versions may also be affected.

5. POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability
BugTraq ID: 34192
Remote: Yes
Date Published: 2009-03-20
Relevant URL: http://www.securityfocus.com/bid/34192
Summary:
POP Peeper is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

UPDATE (March 23, 2009): This issue may also be triggered by loading an '.eml' mail file that includes an overly long string as a 'From' mail header.

POP Peeper 3.4.0.0 is vulnerable; other versions may also be affected.

6. BS.Player '.bsl' File Hostname Remote Buffer Overflow Vulnerability
BugTraq ID: 34190
Remote: Yes
Date Published: 2009-03-20
Relevant URL: http://www.securityfocus.com/bid/34190
Summary:
BS.Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

7. Internet Explorer Unspecified Remote Code Execution Vulnerability
BugTraq ID: 34182
Remote: Yes
Date Published: 2009-03-19
Relevant URL: http://www.securityfocus.com/bid/34182
Summary:
Internet Explorer is prone to an unspecified remote code-execution vulnerability.

This issue was demonstrated at the CanSecWest 2009 conference. Technical details are not yet available; we will update this BID as more information emerges.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions.

8. Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34167
Remote: Yes
Date Published: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34167
Summary:
Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Icarus 2.0 is vulnerable; other versions may also be affected.

9. CDex 'ogg' File Buffer Overflow Vulnerability
BugTraq ID: 34164
Remote: Yes
Date Published: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34164
Summary:
CDex is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

CDex 1.70 (Beta 2) is vulnerable; other versions may also be affected.

10. PHPRunner 'SearchField' Parameter SQL Injection Vulnerability
BugTraq ID: 34146
Remote: Yes
Date Published: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34146
Summary:
PHPRunner generates scripts that are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHPRunner 4.2 is vulnerable; other versions may also be affected.

11. Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability
BugTraq ID: 34141
Remote: Yes
Date Published: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34141
Summary:
Talkative IRC is prone to a stack-based buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Talkative IRC 0.4.4.16 is vulnerable; other versions may also be affected.

12. JustSystems Ichitaro Unspecified Code Execution Vulnerability
BugTraq ID: 34138
Remote: Yes
Date Published: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34138
Summary:
Ichitaro is prone to an unspecified remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition.

Ichitaro 2008 and prior versions are vulnerable.

13. WinAsm Studio '.wap' Project File Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 34132
Remote: Yes
Date Published: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34132
Summary:
WinAsm Studio is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

WinAsm Studio 5.1.5.0 is vulnerable; other versions may also be affected.

14. Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
BugTraq ID: 34125
Remote: Yes
Date Published: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34125
Summary:
Serv-U FTP Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue allows an authenticated user to create directories outside the FTP root directory, which may lead to other attacks.

Serv-U FTP Server 7.4.0.1 is vulnerable; other versions may also be affected.

15. Rosoft Media Player 'rml' File Buffer Overflow Vulnerability
BugTraq ID: 34124
Remote: Yes
Date Published: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34124
Summary:
Rosoft Media Player is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

16. Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability
BugTraq ID: 34086
Remote: Yes
Date Published: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34086
Summary:
Autonomy KeyView module is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Exploiting this issue will allow an attacker to corrupt memory and to cause denial-of-service conditions or potentially to execute arbitrary code in the context of the application using the module.

Multiple products using the KeyView module are affected.

17. Symantec pcAnywhere Local Format String Vulnerability
BugTraq ID: 33845
Remote: No
Date Published: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33845
Summary:
Symantec pcAnywhere is prone to a local format-string vulnerability.

A local attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. The attacker may also be able to execute arbitrary code within the context of the application, but this has not been confirmed.

pcAnywhere 12.0, 12.1, and 12.5 are vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Entrust

Securing What's at Risk: A Common Sense Approach to Protecting Users Online

This white paper outlines issues with managing online identities across a diverse customer base when faced with increasing threats. It proposes a common sense approach that matches security to the assessed risk for users, actions and applications.

http://dinclinx.com/Redirect.aspx?36;3123;45;189;0;7;259;4e7f07a589d9493
8

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus