Focus on Microsoft
SecurityFocus Microsoft Newsletter #439 Apr 09 2009 10:45PM
Rob Keith (rkeith securityfocus com)

SecurityFocus Microsoft Newsletter #439
----------------------------------------

This issue is sponsored by Red Hat

Putting open source to the test:The making of JBoss Enterprise Middleware

Through a rigorous productization process, JBoss Enterprise Middleware teams continually harden and
transform cutting-edge open source technology into well-tempered enterprise software products with
unsurpassed quality, performance, and stability - then deliver it with top-notch support and
mission-critical SLAs. Here's how it's done.

http://dinclinx.com/Redirect.aspx?36;4756;20;189;0;1;259;ac28cb88c17443b
5

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest
for our community. We are proud to offer content from Matasano at this time and will be adding more
in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Facebook, Privacy and Contracts
2. Act Locally, Pwn Globally
II. MICROSOFT VULNERABILITY SUMMARY
1. SWF Opener Buffer Overflow Vulnerability
2. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
3. HP ProCurve Manager and ProCurve Manager Plus Unauthorized Access Vulnerability
4. Microsoft April 2009 Advance Notification Multiple Vulnerabilities
5. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
6. OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
7. OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
8. JustSystems Ichitaro RTF File Buffer Overflow Vulnerability
9. Novell NetIdentity Agent 'XTIERRPCPIPE' Remote Code Execution Vulnerability
10. UltraISO '.ui' ISO Project File Buffer Overflow Vulnerability
11. Unsniff Network Analyzer '.usnf' File Heap-Based Buffer Overflow Vulnerability
12. UltraISO CCD and IMG File Buffer Overflow Vulnerability
13. Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability
14. Fortinet FortiClient VPN Connection Name Local Format String Vulnerability
15. SAP Business Objects Crystal Reports 'viewreport.asp' Cross Site Scripting Vulnerability
16. OpenX Prior to 2.8 Multiple Input Validation Vulnerabilities
17. XBMC Multiple Remote Buffer Overflow Vulnerabilities
18. IBM DB2 Content Manager eClient Unspecified Security Vulnerability
19. Apple Safari XML Parser Nested XML Tag Remote Denial of Service Vulnerability
20. Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability
21. Trend Micro Internet Security 2008/9 IOCTL Request Local Privilege Escalation Vulnerability
22. Wireshark PN-DCP Data Format String Vulnerability
23. AtomixMP3 Malformed 'm3u' Playlist File Buffer Overflow Vulnerability
24. RETIRED: Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #438
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Facebook, Privacy and Contracts
On February 4, the social networking site Facebook made a minor change to its terms of service - the
online contract that every user must agree to when they create an account.
Facebook was trying to solve a legitimate problem: People who deleted their accounts did not realize
that information that they shared with other users would persist on their Facebook friends'
accounts. Thus, they needed some way of telling users that the information might remain.
http://www.securityfocus.com/columnists/497

2. Act Locally, Pwn Globally
By Jeffrey Carr
On December 24, 2008, the Pakistani Whackerz Cr3w defaced a part of India's critical infrastructure,
the Eastern Railway system Web site. The defacement appeared on a scroll feed which read: "Cyber war
has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008)."
http://www.securityfocus.com/columnists/496

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. SWF Opener Buffer Overflow Vulnerability
BugTraq ID: 34459
Remote: Yes
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34459
Summary:
SWF Opener is prone to a remote buffer-overflow vulnerability because it fails to adequately
bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user
running the affected application. Failed exploit attempts will likely result in denial-of-service
conditions.

SWF Opener 1.3 is vulnerable; other versions may also be affected.

2. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 34457
Remote: Yes
Date Published: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34457
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application, denying service to legitimate
users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code,
but this has not been confirmed.

Versions prior to Wireshark 1.0.7 are vulnerable.

3. HP ProCurve Manager and ProCurve Manager Plus Unauthorized Access Vulnerability
BugTraq ID: 34451
Remote: Yes
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34451
Summary:
HP ProCurve Manager and ProCurve Manager Plus are prone to an unspecified unauthorized-access
vulnerability. Remote attackers may exploit this issue to gain unauthorized access to data.

The following are vulnerable:

ProCurve Manager 3.2 and earlier
ProCurve Manager Plus 3.2 and eariler

4. Microsoft April 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 34450
Remote: Yes
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34450
Summary:
Microsoft has released advance notification that the vendor will be releasing eight security
bulletins on April 14, 2009. The highest severity rating for these issues is 'Critical'.

These issues affect Windows, Internet Explorer, Office, Excel, and ISA Server.

Successfully exploiting these issues may allow remote or local attackers to compromise affected
computers.

Individual records will be created to document these issues when the bulletins are released.

5. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 34449
Remote: Yes
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34449
Summary:
EMC RepliStor is prone to multiple remote heap-based buffer-overflow vulnerabilities because it
fails to perform adequate boundary checks on user-supplied input.

A remote attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.
Failed exploit attempts will result in a denial-of-service condition.

Versions prior to RepliStor 6.2 SP5 and RepliStor 6.3 SP2 are vulnerable.

6. OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 34407
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34407
Summary:
OpenAFS is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly
bounds-check user-supplied data before copying it to an insufficiently sized memory buffer in the
Unix cache manager. The issue occurs when the application processes RX packets in a client context.

An attacker can exploit this issue to execute arbitrary code in the context of the Unix cache
manager, resulting in a complete compromise of the affected computer. Failed exploit attempts will
likely result in a denial of service.

The issue affects these versions:

OpenAFS Unix clients 1.0 through 1.4.8
OpenAFS Unix clients 1.5.0 through 1.5.58

Note that Mac OS X clients are not affected.

7. OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
BugTraq ID: 34404
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34404
Summary:
OpenAFS file server is prone to a denial-of-service vulnerability that occurs on computers running
the Linux kernel.

Successfully exploiting this issue allows attackers to cause a kernel panic, denying service to
legitimate users.

The issue affects these versions:

OpenAFS 1.0 through 1.4.8
OpenAFS 1.5.0 through 1.5.58

8. JustSystems Ichitaro RTF File Buffer Overflow Vulnerability
BugTraq ID: 34403
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34403
Summary:
Ichitaro is prone to a remote buffer-overflow vulnerability.

Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable
application. Failed attempts will result in a denial-of-service condition.

Ichitaro 2009 and prior versions are vulnerable.

9. Novell NetIdentity Agent 'XTIERRPCPIPE' Remote Code Execution Vulnerability
BugTraq ID: 34400
Remote: Yes
Date Published: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34400
Summary:
Novell NetIdentity Agent is prone to a remote code-execution vulnerability.

Attackers could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Failed
exploit attempts will likely cause denial-of-service conditions.

Novell NetIdentity Agent 1.2.3 is vulnerable; other versions may be affected as well.

10. UltraISO '.ui' ISO Project File Buffer Overflow Vulnerability
BugTraq ID: 34398
Remote: Yes
Date Published: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34398
Summary:
UltraISO is prone to a remote buffer-overflow vulnerability because it fails to adequately
bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user
running the affected application. Failed exploit attempts will likely result in denial-of-service
conditions.

UltraISO 9.3.3.2685 is vulnerable; other versions may also be affected.

11. Unsniff Network Analyzer '.usnf' File Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 34396
Remote: Yes
Date Published: 2009-04-06
Relevant URL: http://www.securityfocus.com/bid/34396
Summary:
Unsniff Network Analyzer is prone to a heap-based buffer-overflow vulnerability because it fails to
perform adequate checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Unsniff Network Analyzer 1.0 is vulnerable; other versions may also be affected.

12. UltraISO CCD and IMG File Buffer Overflow Vulnerability
BugTraq ID: 34363
Remote: Yes
Date Published: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34363
Summary:
UltraISO is prone to a remote buffer-overflow vulnerability because it fails to adequately
bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user
running the affected application. Failed exploit attempts will likely result in denial-of-service
conditions.

UltraISO 9.3.3.2685 is vulnerable; other versions may also be affected.

13. Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability
BugTraq ID: 34351
Remote: Yes
Date Published: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34351
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

14. Fortinet FortiClient VPN Connection Name Local Format String Vulnerability
BugTraq ID: 34343
Remote: No
Date Published: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34343
Summary:
Fortinet FortiClient is prone to a local format-string vulnerability because it fails to adequately
sanitize user-supplied input before passing it to a formatted-printing function.

Successfully exploiting this issue will allow local attackers to execute arbitrary code with
SYSTEM-level privileges, completely compromising the computer. Failed exploit attempts will likely
result in a denial of service.

FortiClient 3.0.614 is vulnerable; other versions may also be affected.

15. SAP Business Objects Crystal Reports 'viewreport.asp' Cross Site Scripting Vulnerability
BugTraq ID: 34341
Remote: Yes
Date Published: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34341
Summary:
SAP Business Objects Crystal Reports is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site and to steal cookie-based authentication
credentials.

NOTE: This issue may be related to the one described in BID 12107 (Business Objects Crystal
Enterprise Report File Cross-Site Scripting Vulnerability). We will update or retire this BID when
more information emerges.

16. OpenX Prior to 2.8 Multiple Input Validation Vulnerabilities
BugTraq ID: 34336
Remote: Yes
Date Published: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34336
Summary:
OpenX is prone to multiple input-validation vulnerabilities:

- Multiple SQL-Injection vulnerabilities
- A cross-site-scripting vulnerability
- An arbitrary-file-deletion vulnerability
- A HTTP-header-injection vulnerability

Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate
users of the site, modify the way the site is rendered, access or modify data, exploit latent
vulnerabilities in the underlying database, or delete arbitrary files on the affected computer.
Other attacks are also possible.

Versions prior to OpenX 2.8 are vulnerable.

17. XBMC Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 34334
Remote: Yes
Date Published: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34334
Summary:
XBMC is prone to multiple buffer-overflow vulnerabilities that occur because the application fails
to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to execute arbitrary code within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

XBMC 8.10 Atlantis is vulnerable; other versions may also be affected.

18. IBM DB2 Content Manager eClient Unspecified Security Vulnerability
BugTraq ID: 34326
Remote: Yes
Date Published: 2009-03-31
Relevant URL: http://www.securityfocus.com/bid/34326
Summary:
IBM DB2 Content Manager is prone to an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information
emerges.

IBM DB2 Content Manager 8.4.1 is vulnerable; other versions may be affected as well.

19. Apple Safari XML Parser Nested XML Tag Remote Denial of Service Vulnerability
BugTraq ID: 34318
Remote: Yes
Date Published: 2009-03-31
Relevant URL: http://www.securityfocus.com/bid/34318
Summary:
Apple Safari is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application, denying service to legitimate
users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this
has not been confirmed.

Apple Safari 3.2.2 and 4 Beta are vulnerable; other versions may also be affected.

20. Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability
BugTraq ID: 34308
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34308
Summary:
Bugzilla is prone to a cross-site request-forgery vulnerability.

An attacker can exploit this issue to submit attachments in the context of the logged-in user.

This issue affects versions prior to Bugzilla 3.2.3 and 3.3.4.

21. Trend Micro Internet Security 2008/9 IOCTL Request Local Privilege Escalation Vulnerability
BugTraq ID: 34304
Remote: No
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34304
Summary:
Trend Micro Internet Security 2008 and 2009 are prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with elevated privileges, which may
allow a complete compromise of the affected computer.

This issue affects Internet Security and Internet Security Pro 2008 and 2009.

22. Wireshark PN-DCP Data Format String Vulnerability
BugTraq ID: 34291
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34291
Summary:
Wireshark is prone to a format-string vulnerability.

Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable
application. Failed attacks will likely cause denial-of-service conditions.

Wireshark 1.0.6 is vulnerable; other versions may also be affected.

23. AtomixMP3 Malformed 'm3u' Playlist File Buffer Overflow Vulnerability
BugTraq ID: 34290
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34290
Summary:
AtomixMP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check
user-supplied data before copying it into an insufficiently sized buffer.

Attackers can execute arbitrary code in the context of the affected application. Failed exploit
attempts will result in a denial-of-service condition.

AtomixMP3 2.3 is vulnerable; other versions may also be affected.

24. RETIRED: Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
BugTraq ID: 34286
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34286
Summary:
Check Point FireWall-1 PKI web service is prone to multiple remote buffer-overflow vulnerabilities
because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user
running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This BID is being retired because the application is not vulnerable as described.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #438
http://www.securityfocus.com/archive/88/502488

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Red Hat

Putting open source to the test:The making of JBoss Enterprise Middleware

Through a rigorous productization process, JBoss Enterprise Middleware teams continually harden and
transform cutting-edge open source technology into well-tempered enterprise software products with
unsurpassed quality, performance, and stability - then deliver it with top-notch support and
mission-critical SLAs. Here's how it's done.

http://dinclinx.com/Redirect.aspx?36;4756;20;189;0;1;259;ac28cb88c17443b
5

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus