[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: SecurityFocus Microsoft Newsletter #233
From: Marc Fossi <mfossi () securityfocus ! com>
Date: 2005-03-23 14:58:57
Message-ID: Pine.LNX.4.58.0503230758460.8671 () mail ! securityfocus ! com
[Download RAW message or body]
SecurityFocus Microsoft Newsletter #233
----------------------------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: Hackers New Trick: Mass Automation of Web App Worms
Web Application Worms utilize a known exploit, apply worm methodology and
then leverage the power of search engines to accelerate effectiveness.
These attacks mark the beginning of a new generation of worms targeted at
web applications. Are your web apps vulnerable? Easily test your
applications for over 5,100 web app vulnerabilities and attack
methodologies with our complimentary WebInspect 15-day product trial, which
delivers a comprehensive risk report!
http://www.securityfocus.com/sponsor/SPIDynamics_ms-secnews_050322
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Computer Ethics, From the Grandstands
2. A Method for Forensic Previews
3. Defeating Honeypots: System Issues, Part 1
II. MICROSOFT VULNERABILITY SUMMARY
1. PAFileDB Multiple SQL Injection And Cross-Site Scripting Vul...
2. Wine Local Insecure File Creation Vulnerability
3. Spinworks Application Server Remote Denial Of Service Vulner...
4. PABox Post Icon HTML Injection Vulnerability
5. Phorum Multiple Subject and Attachment HTML Injection Vulner...
6. Lime Wire Multiple Remote Unauthorized Access Vulnerabilitie...
7. MaxDB WebAgent Input Validation Multiple Remote Denial Of Se...
8. GoodTech Systems Telnet Server for Windows NT/2000/XP/2003 R...
9. Citrix MetaFrame Multiple Vulnerabilities
10. Woodstone Servers Alive Local Privilege Escalation Vulnerabi...
11. Microsoft InfoPath 2003 Insecure Information Storage Vulnera...
12. ThePoolClub IPool/ISnooker Insecure Local Credential Storage...
13. McAfee Antivirus Library LHA Archive Handler Stack Based Buf...
14. MailEnable Remote Format String Vulnerability
15. Microsoft Windows Graphical Device Interface Library Denial ...
16. Webroot My Firewall Local Insecure File Creation Vulnerabili...
17. NotifyLink Enterprise Server Multiple Vulnerabilities
18. Sun Java Web Start System Property Tags Remote Unauthorized ...
III. MICROSOFT FOCUS LIST SUMMARY
1. UF_PASSWD_NOTREQD user account flag (Thread)
2. Disabling USB mass storage (Thread)
3. SecurityFocus Microsoft Newsletter #232 (Thread)
4. Basic question (Thread)
5. CONTENT FILTERING (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. TextKeeper 5.0
2. DeSPAM Tunnel 3.0.0
3. Mac Makeup 1.71d
4. Healthmonitor 2.1
5. Kr4ck3r 1.0.0
6. WinArpSpoofer 0.5.3
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Computer Ethics, From the Grandstands
By Mark Rasch
The recent security breach that exposed an individual's application status
at top business schools raises moral and ethical questions about cyberspace.
http://www.securityfocus.com/columnists/309
2. A Method for Forensic Previews
By Timothy E. Wright
This article explains the forensic preview process, whereby a production
machine is left as undisturbed as possible while it is evaluated for
potential intrusion and compromise.
http://www.securityfocus.com/infocus/1825
3. Defeating Honeypots: System Issues, Part 1
By Thorsten Holz and Frederic Raynal
This two-part paper discusses how hackers discover, interact with, and
sometimes disable honeypots at the system level and application layer.
http://www.securityfocus.com/infocus/1826
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. PAFileDB Multiple SQL Injection And Cross-Site Scripting Vul...
BugTraq ID: 12788
Remote: Yes
Date Published: Mar 12 2005
Relevant URL: http://www.securityfocus.com/bid/12788
Summary:
Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. \
These issues are reported to exist in the 'viewall.php' and 'category.php' scripts.
Exploitation of these issues may allow for compromise of the software, session \
hijacking, or attacks against the underlying database.
2. Wine Local Insecure File Creation Vulnerability
BugTraq ID: 12791
Remote: No
Date Published: Mar 14 2005
Relevant URL: http://www.securityfocus.com/bid/12791
Summary:
A local insecure file creation vulnerability affects Wine. This issue is due to a \
design error that fails to securely write to files in world-accessible directories.
An attacker may leverage this issue to use a symbolic link file named after the \
offending temporary file to write to arbitrary files with an unsuspecting user's \
privileges. Furthermore and attacker may gain access to potentially sensitive \
information contained within the temporary file.
3. Spinworks Application Server Remote Denial Of Service Vulner...
BugTraq ID: 12794
Remote: Yes
Date Published: Mar 14 2005
Relevant URL: http://www.securityfocus.com/bid/12794
Summary:
A remote denial of service vulnerability affects Spinworks Application Server. This \
issue is due to a failure of the application to properly handle malformed requests.
An attacker may leverage this issue to trigger a denial of service condition in the \
affected software.
4. PABox Post Icon HTML Injection Vulnerability
BugTraq ID: 12796
Remote: Yes
Date Published: Mar 14 2005
Relevant URL: http://www.securityfocus.com/bid/12796
Summary:
paBox is reportedly affected by a HTML injection vulnerability. This issue is due to \
a failure in the application to properly sanitize user-supplied input before using it \
in dynamically generated content.
The attacker-supplied HTML and script code would be able to access properties of the \
site, potentially allowing for theft of cookie-based authentication credentials. An \
attacker could also exploit this issue to control how the site is rendered to the \
user; other attacks are also possible.
This issue is reported to affect paBox 2.0; earlier versions may also be vulnerable.
5. Phorum Multiple Subject and Attachment HTML Injection Vulner...
BugTraq ID: 12800
Remote: Yes
Date Published: Mar 14 2005
Relevant URL: http://www.securityfocus.com/bid/12800
Summary:
Phorum is reportedly affected by multiple HTML injection vulnerabilities. These \
issues are due to a failure in the application to properly sanitize user-supplied \
input before using it in dynamically generated content.
The attacker-supplied HTML and script code would be able to access properties of the \
site, potentially allowing for theft of cookie-based authentication credentials. An \
attacker could also exploit this issue to control how the site is rendered to the \
user; other attacks are also possible.
These issues are reported to affect Phorum 5.0.14; earlier versions may also be \
affected.
6. Lime Wire Multiple Remote Unauthorized Access Vulnerabilitie...
BugTraq ID: 12802
Remote: Yes
Date Published: Mar 14 2005
Relevant URL: http://www.securityfocus.com/bid/12802
Summary:
Multiple remote unauthorized access vulnerabilities affect Lime Wire. These issues \
are due to the application failing to securely service malicious requests.
Two issues have been reported; both issues are due to a failure of the application to \
ensure that file requests for files outside of the application's shared directory are \
denied.
An attacker may leverage these issues to gain access to potentially sensitive files \
with the permissions of the unsuspecting user that activated the affected \
application.
7. MaxDB WebAgent Input Validation Multiple Remote Denial Of Se...
BugTraq ID: 12805
Remote: Yes
Date Published: Mar 14 2005
Relevant URL: http://www.securityfocus.com/bid/12805
Summary:
MaxDB WebAgent is prone to multiple remote denial of service vulnerabilities. These \
issues arise as the application fails to sufficiently sanitize user-supplied \
parameter input.
A remote attacker may exploit this vulnerability to deny service to legitimate users.
This vulnerability is reported to affect MySQL MaxDB 7.5.00 for Microsoft Windows \
platforms; other versions might also be affected.
8. GoodTech Systems Telnet Server for Windows NT/2000/XP/2003 R...
BugTraq ID: 12815
Remote: Yes
Date Published: Mar 15 2005
Relevant URL: http://www.securityfocus.com/bid/12815
Summary:
A remote buffer overflow vulnerability affects GoodTech Systems Telnet Server for \
Windows NT/2000/XP/2003. This issue is due to a failure of the application to \
securely copy network-derived data into sensitive process buffers.
An attacker may leverage this issue to execute arbitrary code with SYSTEM privileges \
on a computer running a vulnerable version of the affected software.
9. Citrix MetaFrame Multiple Vulnerabilities
BugTraq ID: 12821
Remote: Yes
Date Published: Mar 16 2005
Relevant URL: http://www.securityfocus.com/bid/12821
Summary:
Citrix MetaFrame is reported prone to multiple vulnerabilities. The following \
individual issues are reported to exist:
The first issue is reported to affect the Citrix MetaFrame Conferencing Manager \
application. It is reported that users that are partaking in a conference may have \
keyboard and mouse control over the conference host even when the conference host has \
specified that keyboard and mouse control is not permitted.
The second issue is reported to affect the Citrix MetaFrame Password Manager. It is \
reported that the secondary password may be viewed even if it has been configured as \
inaccessible.
A local attacker may exploit this vulnerability to view the secondary password \
assigned to them.
This vulnerability is reported to affect Citrix MetaFrame Password Manager version \
2.5 and previous versions.
10. Woodstone Servers Alive Local Privilege Escalation Vulnerabi...
BugTraq ID: 12822
Remote: No
Date Published: Mar 16 2005
Relevant URL: http://www.securityfocus.com/bid/12822
Summary:
A local privilege escalation vulnerability affects Woodstone Servers Alive. This \
issue is due to a design error that fails to implement proper access restrictions.
A local attacker may leverage this issue to gain SYSTEM privilege access to an \
affected computer.
11. Microsoft InfoPath 2003 Insecure Information Storage Vulnera...
BugTraq ID: 12824
Remote: No
Date Published: Mar 16 2005
Relevant URL: http://www.securityfocus.com/bid/12824
Summary:
Microsoft InfoPath is reported prone to an insecure data storage vulnerability. It is \
reported that the issue manifests when functionality that was introduced with service \
pack one is employed.
An attacker that can access the 'Manifest.xsf' file may employ stored data to aid in \
further attacks.
12. ThePoolClub IPool/ISnooker Insecure Local Credential Storage...
BugTraq ID: 12830
Remote: No
Date Published: Mar 17 2005
Relevant URL: http://www.securityfocus.com/bid/12830
Summary:
iPool and iSnooker are reported prone to a design flaw. It is reported that the \
applications store username and passwords in plaintext in a folder that is accessible \
by all local users.
An attacker with local interactive access to the affected computer may exploit this \
issue to retrieve iPool and iSnooker credentials, this data may aid in further \
exploit attempts.
iSnooker and iPool versions up to an including version 1.6.8 are reported prone to \
this issue.
13. McAfee Antivirus Library LHA Archive Handler Stack Based Buf...
BugTraq ID: 12832
Remote: Yes
Date Published: Mar 17 2005
Relevant URL: http://www.securityfocus.com/bid/12832
Summary:
McAfee Antivirus Library is reported prone to a buffer overflow vulnerability. The \
issue is reported to exist in the LHA archive parser. The affected library does not \
perform sufficient bounds checking on LHA type two header file name fields before \
copying the data into a finite process buffer.
Although unclear, it is reported that the LHA archive must be especially malformed \
and conform to an alternate non-archive file format in order to trigger the \
vulnerability.
A remote attacker may exploit this vulnerability to execute arbitrary code with \
SYSTEM privileges on a computer that is running the affected software.
14. MailEnable Remote Format String Vulnerability
BugTraq ID: 12833
Remote: Yes
Date Published: Mar 17 2005
Relevant URL: http://www.securityfocus.com/bid/12833
Summary:
MailEnable is reported prone to a remote format string vulnerability.
Reportedly this issue arises when the application handles malicious data passed \
through a malformed SMTP request.
A successful attack may result in crashing the server or lead to arbitrary code \
execution. This may facilitate unauthorized access or privilege escalation in the \
context the server.
MailEnable 1.8 is reported vulnerable, however, it is possible that other versions \
are affected as well.
15. Microsoft Windows Graphical Device Interface Library Denial ...
BugTraq ID: 12834
Remote: Yes
Date Published: Mar 17 2005
Relevant URL: http://www.securityfocus.com/bid/12834
Summary:
Reportedly, a denial of service vulnerability affects Microsoft Windows GDI library \
'gdi32.dll'. This issue is due to a failure of the application to securely copy data \
from malformed EMF image files.
An attacker may leverage this issue to trigger a denial of service condition in \
software implementing the vulnerable library. Other attacks may also be possible.
16. Webroot My Firewall Local Insecure File Creation Vulnerabili...
BugTraq ID: 12842
Remote: No
Date Published: Mar 18 2005
Relevant URL: http://www.securityfocus.com/bid/12842
Summary:
A local insecure file creation vulnerability affects Webroot My Firewall. This issue \
is due to an access validation issue that allows an unprivileged user to create files \
with escalated privileges.
This issue may be exploited by a local attacker to corrupt arbitrary files on an \
affected computer with SYSTEM privileges.
17. NotifyLink Enterprise Server Multiple Vulnerabilities
BugTraq ID: 12843
Remote: Yes
Date Published: Mar 18 2005
Relevant URL: http://www.securityfocus.com/bid/12843
Summary:
NotifyLink Enterprise Server is reported prone to multiple vulnerabilities. These \
issues can allow an attacker to disclose sensitive information, gain unauthorized \
access to certain functions, carry out SQL injection attacks and potentially disclose \
encrypted email messages.
The following specific issues were identified:
It is reported that the server is affected by a weakness that can allow an \
administrative user to disclose the NotifyLink server and mail server passwords of \
other users.
Another vulnerability can allow a user to bypass security restrictions and gain \
access to restricted functions.
The application is also affected by multiple remote SQL injection vulnerabilities.
Another weakness in the application may allow an attacker to potentially disclose \
encrypted emails.
NotifyLink Enterprise Server versions prior to 3.0 are affected by these issues.
18. Sun Java Web Start System Property Tags Remote Unauthorized ...
BugTraq ID: 12847
Remote: Yes
Date Published: Mar 18 2005
Relevant URL: http://www.securityfocus.com/bid/12847
Summary:
A remote unauthorized access vulnerability affects Java Web Start. This issue is due \
to a failure of the application to properly validate user-supplied input prior to \
considering it as trusted.
An attacker may leverage this issue to gain unauthorized read and write access to \
affected computers. Other attacks may also be possible. It should be noted that \
unauthorized access granted in this way will be with the privileges of the \
unsuspecting user that visits a malicious website.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. UF_PASSWD_NOTREQD user account flag (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/393618
2. Disabling USB mass storage (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/393556
3. SecurityFocus Microsoft Newsletter #232 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/393401
4. Basic question (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/393392
5. CONTENT FILTERING (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/393377
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your \
computer! Now you have the power to record emails, websites, documents, chats, \
instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list \
and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan \
your computer for over 4,000 known spyware and adware applications. SpyBuster \
protects your computer from data stealing programs that can expose your personal \
information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume \
your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy \
ware from executing. Powerful and secure, FreezeX ensures that any new executable, \
program, or application that is downloaded, introduced via removable media or the \
network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting \
of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to \
run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the \
processes' security context -- without requiring a second account as with RunAs and \
RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential \
files or the pictures from the last party. All these will be hidden beyond the reach \
of ANY intruder and you will be the only one able to handle them. And what you want \
to delete will be DELETED. It is the ultimate security tool to protect your sensitive \
information on PC, meeting the three most important security issues: Integrity, \
Confidentiality and Availability. This product gives you the features of a "folder \
locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other \
mean to access it. The information is protected at file system level and it cannot be \
accidentally deleted or overwritten neither in Safe mode nor in other operating \
system. This program doesn't make your operating system unstable as other related \
product do and protects your information from being seen, altered or deleted by an \
unauthorized user with or without his wish. The program allows you to permanently \
erase your sensitive data using secure wiping methods leaving no trace of your \
information. Depending on the selected wiping method your data is unrecoverable using \
software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. TextKeeper 5.0
By: HardwareCrasher
Relevant URL: http://members.lycos.co.uk/textkeeper/tkup.zip
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Encrypts text using numeric combinations and two algorithms, One of the algorithms \
uses 5 different numeric combinations.
2. DeSPAM Tunnel 3.0.0
By: The German Computer Freaks (Du-Nu)
Relevant URL: http://www.gcf.de/projects/despam.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
This program is a tunnel for pop3 connections and filters spam during the \
pop3-download of emails automatically. To determine whether an email is UCE it \
evaluates the content of each email that passes the tunnel statistically. Its \
intelligent wordparsing filter "backMatch" even matches buzzwords that contain \
characters which have been replaced by similar looking special chars to avoid being \
filtered.
3. Mac Makeup 1.71d
By: Marcello Gorlani
Relevant URL: http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp
Platforms: Windows 2000, Windows XP
Summary:
Did you ever get bored with your old MAC address? If you did, this is the solution! \
Mac MakeUp let?s you change the MAC address of any of the interfaces present on your \
Windows 2000/XP/2003 box. Sometimes this is referred as MAC address spoofing.
4. Healthmonitor 2.1
By: Vittorio Pavesi
Relevant URL: http://healthmonitor.sourceforge.net
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
HealthMonitor is a free powerful and featureful monitoring tool for Windows.
It works as a Windows Service and check system status (event viewer, disk free space, \
services status, performance....) and notify the administration by E-Mail, SMS and by \
NET SEND; a database logging feature is also available. It is under constant \
development, and releases are usually frequent. The latest news regarding \
HealthMonitor can be found on Sourceforge.
5. Kr4ck3r 1.0.0
By: Black List Software
Relevant URL: http://hackinoutthebox.com/sub4.index.php
Platforms: Windows XP
Summary:
This is the ultimate MD5 cracker having both a built-in brute-force and dictionary \
attack functionality.
6. WinArpSpoofer 0.5.3
By: Gordon Ahn
Relevant URL: http://www.nextsecurity.net/downloads/winarpspoof/WinArpSpoof.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Windows ARP Spoofer (WinArpSpoof) is a program that can scan the computers including \
network devices and can spoof their ARP tables on local area network and can act as a \
router while pulling all packets on LAN. In addition, traffic information through \
this program is measured.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com \
from the subscribed address. The contents of the subject or message body do not \
matter. You will receive a confirmation request message to which you will have to \
answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and \
unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be \
manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: Hackers New Trick: Mass Automation of Web App Worms
Web Application Worms utilize a known exploit, apply worm methodology and
then leverage the power of search engines to accelerate effectiveness.
These attacks mark the beginning of a new generation of worms targeted at
web applications. Are your web apps vulnerable? Easily test your
applications for over 5,100 web app vulnerabilities and attack
methodologies with our complimentary WebInspect 15-day product trial, which
delivers a comprehensive risk report!
http://www.securityfocus.com/sponsor/SPIDynamics_ms-secnews_050322
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic