[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: SecurityFocus Microsoft Newsletter #230
From: Marc Fossi <mfossi () securityfocus ! com>
Date: 2005-03-07 16:40:44
Message-ID: Pine.LNX.4.58.0503070940350.8882 () mail ! securityfocus ! com
[Download RAW message or body]
SecurityFocus Microsoft Newsletter #230
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Do We Need a New SPIM Law?
II. MICROSOFT VULNERABILITY SUMMARY
1. PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabil...
2. Microsoft Internet Explorer Pop-up Window Title Bar Spoofing...
3. Bontago Game Server Remote Nickname Buffer Overrun Vulnerabi...
4. Mambo Open Source Tar.PHP Remote File Include Vulnerability
5. PHPBB Multiple Remote Path Disclosure Vulnerabilities
6. PHPBB Arbitrary File Disclosure Vulnerability
7. VBulletin Misc.PHP Arbitrary PHP Script Code Execution Vulne...
8. PHPBB Arbitrary File Deletion Vulnerability
9. Mono Unicode Character Conversion Multiple Cross-Site Script...
10. Microsoft Windows 2000 Group Policy Bypass Vulnerability
11. Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability
12. PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site S...
13. PHPMyAdmin Multiple Local File Include Vulnerabilities
14. Raven Software Soldier Of Fortune 2 Remote Denial Of Service...
15. PHPWebSite Image File Processing Remote Arbitrary PHP File U...
16. Mozilla Firefox Scrollbar Remote Code Execution Vulnerabilit...
17. PHP4 Readfile Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Terminal Services - Domain Controller - Normal User (Thread)
2. Computer accounts in NTFS permissions (Thread)
3. Domain Controller Best Practice - Thanks! (Thread)
4. Prohibit Folder Compression (Thread)
5. Com+ permissions (Thread)
6. Domain Controller Best Practice (Thread)
7. SecurityFocus Microsoft Newsletter #229 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. SafeLogon 2.0
2. SafeSystem 1.5
3. SQL column finder 0.1
4. Secure Hive 1.0.0.1
5. SigupShield 3.0
6. PE Explorer 1.96
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Do We Need a New SPIM Law?
By Mark Rasch
Existing statutes may not be enough to crack down on Instant Messaging
spammers.
http://www.securityfocus.com/columnists/303
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabil...
BugTraq ID: 12601
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12601
Summary:
PuTTY, PSFTP and PSCP are reported prone to multiple integer overflow \
vulnerabilities. The following individual issues are reported:
The first reported vulnerability, an integer overflow, exists in the \
'fxp_readdir_recv()' function of the 'sftp.c' source file.
A remote malicious server may trigger this vulnerability in order to execute \
arbitrary code in the context of the user that is running the affected client. It \
should be noted that this vulnerability exists in a code path that is executed after \
host key verification occurs, this may hinder exploitation.
The second issue, another integer overflow, is reported to exist in the \
'sftp_pkt_getstring()' of the 'sftp.c' source file.
A remote malicious server may trigger this vulnerability in order to crash the \
affected client or to potentially execute arbitrary code. It should be noted that \
this vulnerability exists in a code path that is executed after host key verification \
occurs, this may also hinder exploitation.
These vulnerabilities are reported to exist in versions of PSFTP and PSCP prior to \
version 0.57.
2. Microsoft Internet Explorer Pop-up Window Title Bar Spoofing...
BugTraq ID: 12602
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12602
Summary:
Internet Explorer is reported prone to a pop-up window title bar spoofing weakness.
The weakness is reported to exist due to a flaw that manifests in script-initiated \
pop-up windows.
This issue may be leveraged by an attacker to display false URI information in the \
title bar of an Internet Explorer pop-up dialog window. This may facilitate phishing \
style attacks; other attacks may also be possible.
3. Bontago Game Server Remote Nickname Buffer Overrun Vulnerabi...
BugTraq ID: 12603
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12603
Summary:
The Bontago game server is reported to be affected by a remote buffer overrun \
vulnerability. The issue is reported to exist due to a lack of sufficient boundary \
checks performed on client-supplied 'nickname' values.
It is conjectured that a remote attacker may exploit this vulnerability to influence \
execution flow of a target game server and have arbitrary supplied instructions \
executed in the context of the affected process.
This vulnerability is reported to exist in Bontago versions up to an including \
version 1.1.
4. Mambo Open Source Tar.PHP Remote File Include Vulnerability
BugTraq ID: 12608
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12608
Summary:
It is reported that Mambo Open Source is affected by a remote PHP file include \
vulnerability. This issue is due in part to the application failing to properly \
sanitize user-supplied input to the 'Tar.php' script.
Remote attackers could potentially exploit this issue to include a remote malicious \
PHP script, which will be executed in the context of the Web server hosting the \
vulnerable software.
This issue reportedly affects Mambo Open Source version 4.5.2 and earlier.
5. PHPBB Multiple Remote Path Disclosure Vulnerabilities
BugTraq ID: 12618
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12618
Summary:
phpBB is affected by multiple remote vulnerabilities.
The vendor has released phpBB 2.0.12 to address multiple path disclosure \
vulnerabilities affecting prior versions. These issues can allow an attacker to \
disclose sensitive data that may be used to launch further attacks against a \
vulnerable computer.
Due to a lack of details, further information is not available at the moment. It is \
possible that some of these issues were previously identified in other BIDS. This is \
not confirmed at the moment. This BID will be updated when more information becomes \
available.
6. PHPBB Arbitrary File Disclosure Vulnerability
BugTraq ID: 12621
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12621
Summary:
phpBB is affected by an arbitrary file disclosure vulnerability. This issue arises \
due to an input validation error allowing an attacker to disclose files in the \
context of a Web server running the application.
This may allow the attacker to gain access to sensitive data that may be used to \
carry out further attacks against a vulnerable computer.
A successful attack requires the attacker to have a user account and the presence of \
some non-default settings allowing for the uploading of remote avatars.
phpBB 2.0.11 and prior versions are affected by this issue.
7. VBulletin Misc.PHP Arbitrary PHP Script Code Execution Vulne...
BugTraq ID: 12622
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12622
Summary:
vBulletin is reported prone to an arbitrary PHP script code execution vulnerability. \
The issue is reported to exist due to a lack of sufficient input sanitization \
performed on user-supplied data before this data is included in a dynamically \
generated script.
This vulnerability is reported to affect vBulletin board versions up to and including \
3.0.6 that are configured with 'Add Template Name in HTML Comments' functionality \
enabled.
8. PHPBB Arbitrary File Deletion Vulnerability
BugTraq ID: 12623
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12623
Summary:
phpBB is affected by an arbitrary file deletion vulnerability. This issue arises due \
to an input validation error allowing an attacker to delete files in the context of a \
Web server running the application
It is reported that this issue allows an attacker to influence calls to the \
'unlink()' function and delete arbitrary files. Due to a lack of input validation, \
an attacker can supply directory traversal sequences followed by an arbitrary file \
name through the 'avatarselect' return value to delete specific files.
phpBB 2.0.11 and prior versions are affected by this issue.
9. Mono Unicode Character Conversion Multiple Cross-Site Script...
BugTraq ID: 12626
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12626
Summary:
It is reported that Mono is prone to various cross-site scripting attacks. These \
issues result from insufficient sanitization of user-supplied data and arise when \
Mono converts Unicode characters ranging from U+ff00-U+ff60 to ASCII.
Mono 1.0.5 is reported vulnerable, however, other versions may be affected as well.
This issue is related to BID 12574 (Microsoft ASP.NET Unicode Character Conversion \
Multiple Cross-Site Scripting Vulnerabilities).
10. Microsoft Windows 2000 Group Policy Bypass Vulnerability
BugTraq ID: 12641
Remote: No
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12641
Summary:
A vulnerability exists in the way Microsoft Windows 2000 group policies are enforced. \
It is reported that drive access restrictions may be bypassed using applications and \
services that are not listed as being restricted in the drive access group policy.
This vulnerability may be leveraged using Microsoft Office XP SP3 applications. \
Additionally it is reported that Windows functionality provided to allow browsing of \
Flash memory drives may also be applied to leverage this issue.
11. Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability
BugTraq ID: 12643
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12643
Summary:
The Trend Micro VSAPI scan engine library is prone to a heap-based buffer overflow \
vulnerability. This vulnerability may be triggered when the library processes a \
malformed ARJ archive.
The vulnerability affects multiple Trend Micro products. It is also noted that \
multiple attack vectors exist, as affected software may scan ARJ files in email \
attachments, and through various file transfer protocols.
12. PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site S...
BugTraq ID: 12644
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12644
Summary:
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues \
are due to a failure of the application to properly sanitize user-supplied input \
prior to including it in dynamically generated Web content.
An attacker may leverage these issues to have arbitrary script code executed in the \
browser of an unsuspecting user. This may facilitate the theft of cookie-based \
authentication credentials as well as other attacks.
13. PHPMyAdmin Multiple Local File Include Vulnerabilities
BugTraq ID: 12645
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12645
Summary:
phpMyAdmin is affected by multiple local file include vulnerabilities. These issues \
are due to a failure of the application to properly sanitize user-supplied input \
prior to using it in a PHP 'include()', 'require()', 'require-once()', or similar \
function call.
An attacker may leverage these issues to execute arbitrary server-side script code \
that resides on an affected computer with the privileges of the Web server process. \
This may potentially facilitate unauthorized access.
It should be noted that these issues may also be leveraged to read arbitrary file on \
an affected computer with the privileges of the Web server.
14. Raven Software Soldier Of Fortune 2 Remote Denial Of Service...
BugTraq ID: 12650
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12650
Summary:
A remote denial of service vulnerability affects Raven Software Soldier Of Fortune 2. \
This issue is due to a failure of the application to handle excessively long values \
derived from network data.
An attacker may leverage this issue to cause an affected server to crash, denying \
service to legitimate users.
15. PHPWebSite Image File Processing Remote Arbitrary PHP File U...
BugTraq ID: 12653
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12653
Summary:
phpWebSite is reported prone to a remote arbitrary PHP file upload vulnerability. The \
issue presents itself due to a lack of sanitization performed on image files that are \
uploaded when submitting an announcement.
A remote attacker may exploit this condition to execute arbitrary PHP code in the \
context of the hosting web server process.
This vulnerability is reported to affect phpWebSite versions up to an including \
version 0.10.0.
16. Mozilla Firefox Scrollbar Remote Code Execution Vulnerabilit...
BugTraq ID: 12655
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12655
Summary:
Reportedly a remote code execution vulnerability affects Mozilla Firefox. This issue \
is due to a failure of the application to properly restrict the access rights of Web \
content.
An attacker may leverage this issue to compromise security of the affected browser; \
by exploiting this issue along with others (BIDs 12465 and 12466) it is possible to \
execute arbitrary code.
It should be noted that although only version 1.0 is reported vulnerable, other \
versions may be vulnerable as well.
17. PHP4 Readfile Denial Of Service Vulnerability
BugTraq ID: 12665
Remote: No
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12665
Summary:
PHP4 is reported prone to a denial of service vulnerability. It is reported that the \
PHP 'readfile()' function may be utilized to trigger this issue.
An attacker that has access to a PHP enabled web host may exploit this vulnerability \
to crash the HTTP server that is incorporating the vulnerable PHP module.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Terminal Services - Domain Controller - Normal User (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391578
2. Computer accounts in NTFS permissions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391574
3. Domain Controller Best Practice - Thanks! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391573
4. Prohibit Folder Compression (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391468
5. Com+ permissions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391464
6. Domain Controller Best Practice (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391387
7. SecurityFocus Microsoft Newsletter #229 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391291
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your \
computer! Now you have the power to record emails, websites, documents, chats, \
instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list \
and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan \
your computer for over 4,000 known spyware and adware applications. SpyBuster \
protects your computer from data stealing programs that can expose your personal \
information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume \
your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy \
ware from executing. Powerful and secure, FreezeX ensures that any new executable, \
program, or application that is downloaded, introduced via removable media or the \
network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting \
of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to \
run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the \
processes' security context -- without requiring a second account as with RunAs and \
RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential \
files or the pictures from the last party. All these will be hidden beyond the reach \
of ANY intruder and you will be the only one able to handle them. And what you want \
to delete will be DELETED. It is the ultimate security tool to protect your sensitive \
information on PC, meeting the three most important security issues: Integrity, \
Confidentiality and Availability. This product gives you the features of a "folder \
locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other \
mean to access it. The information is protected at file system level and it cannot be \
accidentally deleted or overwritten neither in Safe mode nor in other operating \
system. This program doesn't make your operating system unstable as other related \
product do and protects your information from being seen, altered or deleted by an \
unauthorized user with or without his wish. The program allows you to permanently \
erase your sensitive data using secure wiping methods leaving no trace of your \
information. Depending on the selected wiping method your data is unrecoverable using \
software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. SafeLogon 2.0
By: GemiScorp Software Solutions
Relevant URL: http://www.gemiscorp.com/english/slogon/info.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
SafeLogon is a multi-user and password-based access control utility that enhances and \
complements the Windows built-in logon and authentication system. In other words, \
SafeLogon allows you to protect your system at home and office from unauthorized \
access.
SafeLogon is fully configurable and allows its Administrator to:
- Restrict access to Windows to certain users, optionally controlling the days of the \
week and the time of the day the user is allowed to log on and
2. SafeSystem 1.5
By: GemiScorp Software Solutions
Relevant URL: http://www.gemiscorp.com/english/safesystem/info.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
SafeSystem is a security program that allows you to prevent access to your personal \
and important files and folders, as well as protect and guarantee the integrity and \
well functioning of your system. SafeSystem can make your files and folders \
completely invisible, inaccessible or simply read-only. Furthermore, SafeSystem can \
prevent the change of configuration and the accidental (or even intentional) system \
files deletion or alteration, so your PC will be healthy
3. SQL column finder 0.1
By: Rafal Bielecki
Relevant URL: http://sqlcfind.netro.pl/sqlcfind.exe
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Helps you to find exact columns number when using union select query
4. Secure Hive 1.0.0.1
By: Secure Hive
Relevant URL: http://www.securehive.com/Secure%20Hive.htm
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
What Does Secure Hive Enterprise Offer?
Encryption of part, or entire, Word documents, Excel worksheets or PowerPoint \
presentations through Secure Hive's integration with Microsoft Office.
Encryption of part, or entire, content of common documents (such as Notepad, \
WordPad), email messages and instant messages, including mixed text and graphics, \
with Secure Hive's Clipboard Encryption feature.
5. SigupShield 3.0
By: Protecteer, LLC
Relevant URL: http://www.protecteer.com/install3/full/sus.exe
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
A fraud alert (Anti-Phishing) software integrated with a full life-cycle password \
manager & form filler. SignupShield generates unlimited number of unique passwords \
and disposable email addresses for signing-up to web sites. It fills sign-up forms \
and encrypts passwords and email addresses for later use during sign-in.
6. PE Explorer 1.96
By: Heaventools Software
Relevant URL: http://www.heaventools.com/overview.htm
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
PE Explorer is a tool for inspecting and editing the inner workings of Windows 32-bit \
executable files. It offers a look at PE file structure and all of the resources in \
the file, and reports multiple details about a PE file (EXE, DLL, ActiveX controls, \
and several other Windows executable formats). Once inside, file structure can be \
analyzed and optimized, hostile code detected, spyware tracked down, problems \
diagnosed, changes made and resources repaired.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com \
from the subscribed address. The contents of the subject or message body do not \
matter. You will receive a confirmation request message to which you will have to \
answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and \
unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be \
manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic