[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: SecurityFocus Microsoft Newsletter #183
From: Marc Fossi <mfossi () securityfocus ! com>
Date: 2004-04-06 21:07:59
Message-ID: Pine.LNX.4.58.0404061507420.10628 () mail ! securityfocus ! com
[Download RAW message or body]
SecurityFocus Microsoft Newsletter #183
----------------------------------------
This issue is sponsored by: SPIDynamics
ALERT: Top 14 Web Application Attack Techniques and Methods to Combat
Them - White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation. Also includes step-by-step
vulnerability testing for your own Web Applications and guidelines for
establishing policy standards and secure coding practices.
http://www.securityfocus.com/sponsor/SPIDynamics_ms-secnews_040406
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Dogs of War: Securing Microsoft Groupware Environments with Unix (Part2)
2. Host Integrity Monitoring: Best Practices for Deployment
3. Human Nature vs. Security
II. MICROSOFT VULNERABILITY SUMMARY
1. NetSupport School Weak Password Encryption Vulnerability
2. PHPBB Privmsg.PHP SQL Injection Vulnerability
3. Internet Security Systems BlackICE PC/Server Protection Weak...
4. NessusWX Account Credentials Disclosure Vulnerability
5. Alan Ward A-Cart Multiple Input Validation Vulnerabilities
6. WebCT Campus Edition HTML Injection Vulnerability
7. MPlayer Remote HTTP Header Buffer Overflow Vulnerability
8. Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabili...
9. PHPKit Multiple HTML Injection Vulnerabilities
10. Cactusoft CactuShop SQL Injection Vulnerability
11. CactuSoft CactuShop Cross-Site Scripting Vulnerability
12. Microsoft Internet Explorer HTML Form Status Bar Misrepresen...
13. ADA IMGSVR Remote Directory Listing Vulnerability
14. ADA IMGSVR Remote File Download Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. ISA Server Crash - More Information (Thread)
2. Fw: ISA Server Crash (Thread)
3. ISA Server Crash (Thread)
4. SecurityFocus Microsoft Newsletter #182 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Norton Internet Security 2004
2. East-Tec Eraser 2004
3. Steganos Security Suite 6
4. Airscanner Mobile AntiVirus Pro
5. Symantec?s Norton Internet Security 2004 Professional
6. secure2trust
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. WinBlox v6.0
2. Logrep v1.4.4
3. Securepoint Firewall and VPN Server v4.0 (S4)
4. Telconi Terminal for Cisco IOS v0.5a
5. Cryptonit v0.9.3
6. CryptoHeaven v2.3.2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Dogs of War: Securing Microsoft Groupware Environments with Unix (Part2)
By Bob Rudis
This article discusses the implementation of layered mail security using
Unix as an MTA in front of Microsoft groupware products. Part two
describes the use of Qmail, Qmail-Scanner, Clam AntiVirus and
SpamAssassin.
http://www.securityfocus.com/infocus/1772
2. Host Integrity Monitoring: Best Practices for Deployment
By Brian Wotring
The purpose of this article is to highlight the important steps and
concepts involved in deploying a host integrity monitoring system. These
applications can be very helpful with detecting unauthorized change,
conducting damage assessment, and preventing future attacks.
http://www.securityfocus.com/infocus/1771
3. Human Nature vs. Security
By Daniel Hanson
Social engineering in the latest crop of viruses has people jumping
through hoops to open malicious attachments. How do we change the pattern?
http://www.securityfocus.com/columnists/231
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. NetSupport School Weak Password Encryption Vulnerability
BugTraq ID: 9981
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9981
Summary:
It has been reported that NetSupport School is prone to a password
encryption vulnerability. This issue is due to a failure of the
application to protect passwords with a sufficiently affective encryption
scheme.
This issue may allow a malicious user to gain access to user and
administrator passwords for the affected application.
2. PHPBB Privmsg.PHP SQL Injection Vulnerability
BugTraq ID: 9984
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9984
Summary:
Reportedly the 'privmsg.php' phpBB script is prone to a remote SQL
injection vulnerability. This issue is due to a failure of the
application to properly sanitize user-supplied URI parameters before using
them to construct SQL queries to be issued to the underlying database.
This may allow a remote attacker to manipulate query logic, potentially
leading to access to sensitive information such as the administrator
password hash or corruption of database data. SQL injection attacks may
also potentially be used to exploit latent vulnerabilities in the
underlying database implementation.
3. Internet Security Systems BlackICE PC/Server Protection Weak...
BugTraq ID: 9990
Remote: Yes
Date Published: Mar 27 2004
Relevant URL: http://www.securityfocus.com/bid/9990
Summary:
BlackICE PC/Server Protection has been reported prone to a weak
configuration vulnerability. The issue presents itself due to a
misconfiguration in the default settings of BlackICE PC Protection; the
issue may result in a decrease in the level of protection that the
software provides.
4. NessusWX Account Credentials Disclosure Vulnerability
BugTraq ID: 9993
Remote: No
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9993
Summary:
It has been reported that NessusWX may be prone to an account credentials
disclosure vulnerability that may allow a local attacker to gain access to
accounts for remote services such as FTP, IMAP, POP2, POP3, NNTP, SNMP,
and SMB. The issue exists because the application stores credentials such
as usernames and passwords for remote hosts in plain text format on the
local system.
NessusWX versions 1.4.4 and prior may be prone to this issue.
5. Alan Ward A-Cart Multiple Input Validation Vulnerabilities
BugTraq ID: 9997
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9997
Summary:
Reportedly A-Cart is prone to multiple input validation vulnerabilities.
These issues are due to a failure of the application to properly sanitize
user supplied input prior to its use in SQL queries and generation of
dynamic content.
The SQL injection issue may allow a remote attacker to manipulate SQL
query logic, potentially leading to access to sensitive information such
as the administrator password hash or corruption of database data. SQL
injection attacks may also potentially be used to exploit latent
vulnerabilities in the underlying database implementation.
The cross-site scripting issue could permit a remote attacker to create a
malicious link to the vulnerable application that includes hostile HTML
and script code. If this link were followed, the hostile code may be
rendered in the web browser of the victim user. This would occur in the
security context of the affected web site and may allow for theft of
cookie-based authentication credentials or other attacks.
6. WebCT Campus Edition HTML Injection Vulnerability
BugTraq ID: 9999
Remote: Yes
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9999
Summary:
It has been reported that WebCT Campus Edition may be prone to an HTML
injection vulnerability that may allow a remote attacker to execute
arbitrary HTML or script code in the browser of an unsuspecting user. A
malicious user could supply malicious HTML or script code to the
application via the @import url() function of Microsoft Internet Explorer
when posting a message on a forum, which would then be rendered in the
browser of an unsuspecting user whenever the malicious message is viewed.
WebCT Campus Edition version 4.1 is reported to be affected by this issue.
7. MPlayer Remote HTTP Header Buffer Overflow Vulnerability
BugTraq ID: 10008
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10008
Summary:
It has been reported that MPlayer is prone to a remote HTTP header buffer
overflow vulnerability. This issue is due to a failure of the application
to properly verify buffer bounds on the 'Location' HTTP header during
parsing.
Successful exploitation would immediately produce a denial of service
condition in the affected process. This issue may also be leveraged to
execute code on the affected system within the security context of the
user running the vulnerable process.
8. Liu Die Yu WinBlox My_CreateFileW Buffer Overrun Vulnerabili...
BugTraq ID: 10012
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10012
Summary:
It has been reported that WinBlox may be prone to multiple buffer overflow
vulnerabilities. The issues allegedly exist due to improper bounds
checking of data passed to multiple sprintf() operations in the
'My_CreateFileW' function. WinBlox uses this function to provide a
run-time wrapper for the CreateFileW Windows API function.
It is likely that some applications on a system using WinBlox may present
an attack vector for both local and remote attackers, possibly allowing
for denial of service attacks or execution of arbitrary code in the
context of the application.
9. PHPKit Multiple HTML Injection Vulnerabilities
BugTraq ID: 10013
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10013
Summary:
It has been reported that PHPKIT is prone to multiple HTML injection
vulnerabilities. These issues are due to a failure of the application to
properly sanitize user supplied input.
An attacker may exploit the aforementioned vulnerabilities to execute
arbitrary script code in the browser of an unsuspecting user. It may be
possible to steal cookie-based authentication credentials, as well as
other sensitive information. Other attacks may also be possible.
10. Cactusoft CactuShop SQL Injection Vulnerability
BugTraq ID: 10019
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10019
Summary:
Reportedly CactuShop is prone to a remote SQL injection vulnerability.
This issue is due to a failure to properly sanitize user-supplied URI
input before using it to craft an SQL query.
As a result of this, a malicious user may influence database queries in
order to view or modify sensitive information, potentially compromising
the software or the database. It may be possible for an attacker to
disclose the administrator password hash by exploiting this issue.
11. CactuSoft CactuShop Cross-Site Scripting Vulnerability
BugTraq ID: 10020
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10020
Summary:
Reportedly CactuShop is prone to a remote cross-site scripting
vulnerability. This issue is due to a failure of the application to
properly sanitize user supplied URI input.
This issue could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.
12. Microsoft Internet Explorer HTML Form Status Bar Misrepresen...
BugTraq ID: 10023
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10023
Summary:
A vulnerability has been identified in Microsoft Internet Explorer that
allows an attacker to misrepresent the status bar in the browser, allowing
vulnerable users to be mislead into following a link to a malicious site.
The issue presents itself when an attacker creates an HTML form with the
submit 'value' property set to a legitimate site and the 'action' property
set to the attacker-specified site. The malicious form could also be
embedded in a link using the HTML Anchor tag and specifying the legitimate
site as the 'href' property. This could aid in exploitation of other
known browser vulnerabilities as the attacker now has a means to
surreptitiously lure a victim user to a malicious site.
Microsoft Internet Explorer is vulnerable to this issue, however,
Microsoft Outlook Express can used to carry out a successful attack as
well since it relies on Internet Explorer to interpret HTML. It should
also be noted that although HTML content is rendered in the Restricted
Zone in Outlook Express, limiting the use of many HTML and DHTML tags,
forms are still permitted. This vulnerability would most likely be
exploited through HTML e-mail, though other attack vectors exist such as
HTML injection attacks in third-party web applications.
The issue is reported to affect Internet Explorer 6 and Outlook Express 6.
Other releases could also be affected.
13. ADA IMGSVR Remote Directory Listing Vulnerability
BugTraq ID: 10026
Remote: Yes
Date Published: Apr 01 2004
Relevant URL: http://www.securityfocus.com/bid/10026
Summary:
A vulnerability has been reported in the ImgSvr server software that may
allow a remote user to the disclose root directory listings. This issue
has also been reported to allow for listing of directories that reside
outside the server root as well.
An attacker may leverage this issue to gain access to sensitive
information by disclosing directory listings; information disclosed in
this way could lead to further attacks against the target system.
14. ADA IMGSVR Remote File Download Vulnerability
BugTraq ID: 10027
Remote: Yes
Date Published: Apr 01 2004
Relevant URL: http://www.securityfocus.com/bid/10027
Summary:
A vulnerability has been reported in the ImgSvr server software that may
allow a remote user to the retrieve arbitrary files from the web server
root directory and any subdirectories therein.
An attacker may leverage this issue to gain access to arbitrary scripts
contained within the server root directory.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. ISA Server Crash - More Information (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359285
2. Fw: ISA Server Crash (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359228
3. ISA Server Crash (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/359227
4. SecurityFocus Microsoft Newsletter #182 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/358977
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Norton Internet Security 2004
By: Symantec
Platforms: Windows 95/98
Relevant URL: http://www.symantec.com/sabu/nis/nis_pe/
Summary:
Symantec's Norton Internet Security 2004 provides essential protection
from viruses, hackers, and privacy threats. Powerful yet easy to use, this
award-winning suite now includes advanced spam-fighting software to filter
unwanted mail out of your inbox. Protect yourself, your family, and your
PC online with Norton Internet Security 2004.
2. East-Tec Eraser 2004
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application
for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate
sensitive data from your computer and protect your computer and Internet
privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now
means wiping its contents beyond recovery, scrambling its name and dates
and finally removing it from disk. When you want to get rid of sensitive
files or folders beyond recovery, add them to the Eraser list of doomed
files and ask Eraser to do the job. Eraser offers tight integration with
the Windows shell, so you can drag files and folders from Explorer and
drop them in Eraser, or you can erase them directly from Explorer by
selecting Erase beyond recovery from the context menu.
3. Steganos Security Suite 6
By: Steganos
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.steganos.com/?product=SSS6&language=en
Summary:
With Steganos Data Safe, Internet Trace Destructor 6.5, Password Manager,
steganography function, E-Mail-Encryption, Deep Cleaning Shredder and much
more, The Steganos Security Suite has been one of the best-selling
encryption products for years and is used by 2 million people worldwide.
Only the most modern encryption algorithms, such as the Advanced
Encryption Standard (AES) are used. You can now save up to 128 GB* to its
four virtual drives in real time - enough space for your film archive,
large graphics files and other sensitive data.
4. Airscanner Mobile AntiVirus Pro
By: Airscanner Corp.
Platforms: Windows CE
Relevant URL: http://airscanner.com/downloads/av/av.html
Summary:
Airscanner Mobile AntiVirus Pro will quarantine or eradicate embedded
viruses and malware, has fast, optimized scanning speed based on patent
pending technology, has automatic, online updates of virus signatures and
scanning engine as well as support for PocketPC 2003/Windows Mobile 2003
and easy online updates.
In addition to an accurate virus scanner, Airscanner Mobile AntiVirus
includes these powerful tools for debugging Trojan horses:
- Intercept memory resident viruses with an advanced process discovery
tool.
- Debug Trojan hacks with an easy-to-use registry viewer.
- Uncover denial of service attacks with a rapid system analyzer.
- Enter your own custom virus signatures (for experts).
- Perform fast, recursive, and flexibly multithreaded filesystem
scanning.
5. Symantec?s Norton Internet Security 2004 Professional
By: Symantec
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.symantec.com/smallbiz/nis_pr/
Summary:
Symantec?s Norton Internet Security 2004 Professional protects you and
your business from online threats. It eliminates viruses automatically,
blocks hackers, safeguards your personal information, fights spam,
increases online productivity, recovers lost or damaged files, and
thoroughly deletes confidential data you no longer need. Available in 5
and 10-user Small Office Packs.
6. secure2trust
By: Avoco Secure
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
Summary:
secure2trust gives you the power to create documents that remain under
your corporate control throughout their entire existence. Even if you
allow another party to have a copy of your original document you can be
sure that the copy will always have your original controls as part of its
properties. The digital rights options which will control printing,
copying, viewing, etc give you persistent and secure digital asset
protection and intellectual property control. Digital rights mechanisms
are the only way to ensure document integrity in a persistent way for both
inter and intra company communications.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. WinBlox v6.0
By: liudieyu@umbrella.name
Relevant URL: http://umbrella.name/winblox/
Platforms: UNIX, Windows 2000, Windows NT, Windows XP
Summary:
WinBlox monitors file operation and commandline execution on WINNT(Windows
2000 and later) system. Pattern matching in WinBlox is done by Regular
Expression to ensure flexiblity.
2. Logrep v1.4.4
By: Tevfik Karagülle
Relevant URL: http://logrep.sourceforge.net/
Platforms: Linux, POSIX, Windows 2000, Windows NT
Summary:
Logrep is a secure multi-platform framework for the collection,
extraction, and presentation of information from various log files. It
features HTML reports, multi-dimensional analysis, overview pages, SSH
communication, and graphs, and supports more than 15 popular systems
including Snort, Squid, Postfix, Apache, syslog, iptables/ipchains, NT
event logs, Firewall-1, wtmp, Oracle listener, and Pix.
3. Securepoint Firewall and VPN Server v4.0 (S4)
By: Lutz Hausmann
Relevant URL: http://www.securepoint.cc/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Securepoint Firewall and VPN Server is a high-performance application
designed to offer full protection for network assets. The Security Manager
offers a graphical user interface with many features, different
configurations, and advanced reporting functions. The Securepoint server
is a complete firewall and VPN software system with an operating system
based on a secure Linux. VPN operation supports PPTP and IPSec (X.509
certificates, preshared, RSA signature). You can use the firewall on a
standard PC with 2 to 16 network cards (including Ethernet, ADSL, ISDN).
It is very easy to install and administer. The Securepoint Security
Manager is available in English, German, and Spanish, and works in online
and offline mode.
4. Telconi Terminal for Cisco IOS v0.5a
By: Stywiz
Relevant URL: http://www.telconi.com/
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Telconi Terminal is an unique network management application with
interactive full-screen configuration editing, browsing, help facility
support, debugging, and more. It focuses on common Cisco IOS functionality
present with any hardware or software configuration, and complements the
command line interface with a rich set of features. It is intended for
users with knowledge of Cisco IOS, and is designed to work with any
IOS-based device, such as routers and switches.
5. Cryptonit v0.9.3
By: IDEALX <idx-pki@idealx.org>
Relevant URL: http://cryptonit.org/
Platforms: Linux, MacOS, Windows 2000, Windows NT, Windows XP
Summary:
Cryptonit is a client side cryptographic tool which allows you to
encrypt/decrypt and sign/verify files with PKI (Public Key Infrastructure)
certificates.
6. CryptoHeaven v2.3.2
By: Marcin Kurzawa <marcin@cryptoheaven.com>
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
CryptoHeaven offers secure email and online file sharing/storage. Its main
features are secure and highly encrypted services such as group
collaboration, file sharing, email, online storage, and instant messaging.
It integrates multi-user based security into email, instant messaging, and
file storage and sharing in one unique package. It provides real time
communication for text and data transfers in a multi-user secure
environment. The security and usability of CryptoHeaven is well-balanced;
even the no-so-technically oriented computer users can enjoy this crypto
product with very high level of encryption.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue is sponsored by: SPIDynamics
ALERT: Top 14 Web Application Attack Techniques and Methods to Combat
Them - White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation. Also includes step-by-step
vulnerability testing for your own Web Applications and guidelines for
establishing policy standards and secure coding practices.
http://www.securityfocus.com/sponsor/SPIDynamics_ms-secnews_040406
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic