[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: SecurityFocus Microsoft Newsletter #246
From: Marc Fossi <mfossi () securityfocus ! com>
Date: 2005-06-29 17:37:29
Message-ID: Pine.LNX.4.58.0506291137130.18764 () mail ! securityfocus ! com
[Download RAW message or body]
SecurityFocus Microsoft Newsletter #246
----------------------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow.s threats today. Free of \
vendor pitches, the Briefings are designed to be pragmatic regardless of your \
security environment. Featuring 29 hands-on training courses and 10 conference \
tracks, networking opportunities with over 2,000 delegates from 30+ nations.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050628
------------------------------------------------------------------
I. FRONT AND CENTER
1. Where's the threat?
2. Software Firewalls: Made of Straw? Part 2 of 2
II. MICROSOFT VULNERABILITY SUMMARY
1. Novell NetMail Patch Packaging Insecure File Permissions Vulnerability
2. Microsoft Internet Explorer Dialog Box Origin Spoofing Vulnerability
3. Veritas Backup Exec Server Remote Registry Access Vulnerability
4. Veritas Backup Exec Remote Agent Null Pointer Dereference Denial Of Service \
Vulnerability
5. Veritas Backup Exec Admin Plus Pack Option Remote Heap Overflow \
Vulnerability
6. Veritas Backup Exec Web Administration Console Remote Buffer Overflow \
Vulnerability
7. Veritas Backup Exec Remote Agent for Windows Servers Privilege Escalation \
Vulnerability 8. DUware DUforum Multiple SQL Injection Vulnerabilities
9. Ipswitch WhatsUp Professional LOGIN.ASP SQL Injection Vulnerability
10. Simple Machines Msg Parameter SQL Injection Vulnerability
11. Sendmail Milter Remote Denial Of Service Weakness
12. PHP-Nuke Avatar HTML Injection Vulnerability
13. IBM DB2 Universal Database Unspecified Authorization Bypass Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Local admin password
2. Windows firewall spontaneously changes profiles
3. disable shell: command on Windows 2000
4. ISA 2004 FTP SSL
5. Windows 98 autoupdate
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Where's the threat?
By Matthew Tanase
I'm sure everyone remembers the story of Goldilocks and the three bears
http://www.securityfocus.com/columnists/335
2. Software Firewalls: Made of Straw? Part 2 of 2
By Israel G. Lugo, Don Parker
In part two we look at how easily the firewall's operation can be circumvented by \
inserting a malicious Trojan into the network stack itself. \
http://www.securityfocus.com/infocus/1840
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Novell NetMail Patch Packaging Insecure File Permissions Vulnerability
BugTraq ID: 14005
Remote: No
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14005
Summary:
Novell NetMail is susceptible to an insecure file permissions vulnerability. This \
issue is due to a flaw in the patch packaging system used to update NetMail. This \
vulnerability only presents itself on Linux installations of NetMail.
This vulnerability allows local attackers to modify or replace NetMail binaries. This \
will result in the compromise of the NetMail account.
Computers running versions 3.52A, 3.52B, or 3.52C on Linux are affected by this \
issue.
2. Microsoft Internet Explorer Dialog Box Origin Spoofing Vulnerability
BugTraq ID: 14007
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14007
Summary:
Microsoft Internet Explorer is prone to a dialog box origin spoofing vulnerability.
An attacker may exploit this vulnerability to spoof an interface of a trusted web \
site. This issue may allow a remote attacker to carry out phishing style attacks.
3. Veritas Backup Exec Server Remote Registry Access Vulnerability
BugTraq ID: 14020
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14020
Summary:
VERITAS Backup Exec for Windows Servers is prone to an access validation \
vulnerability.
The issue may be leveraged by a remote attacker to gain 'Administrator' access to the \
vulnerable computer's registry. This access may be further leveraged to gain \
unfettered access to the target computer.
4. Veritas Backup Exec Remote Agent Null Pointer Dereference Denial Of Service \
Vulnerability BugTraq ID: 14021
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14021
Summary:
VERITAS Backup Exec Remote Agent is prone to a remotely exploitable denial of service \
vulnerability. This could cause a denial of service on the computer hosting the \
application.
This issue only affects the application on Microsoft Windows platforms.
5. Veritas Backup Exec Admin Plus Pack Option Remote Heap Overflow Vulnerability
BugTraq ID: 14023
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14023
Summary:
Veritas Backup Exec is affected by a remote heap overflow vulnerability.
This issue affects servers using the Admin Plus Pack Option. A remote attacker can \
exploit this issue by crafting and sending malicious data to the service and \
executing arbitrary code.
It is conjectured that successful exploitation may result in a superuser compromise.
This issue affects Backup Exec running on Microsoft Windows platforms.
6. Veritas Backup Exec Web Administration Console Remote Buffer Overflow \
Vulnerability BugTraq ID: 14025
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14025
Summary:
VERITAS Backup Exec Web Administration Console is prone to a remote buffer overflow \
vulnerability.
An attacker can exploit this issue by crafting a malicious request. This request \
must contain excessive string data that triggers this issue, replacement memory \
addresses, and executable instructions. When the Web Administration Console \
processes this request, the attacker-supplied instructions may be executed on the \
vulnerable computer.
7. Veritas Backup Exec Remote Agent for Windows Servers Privilege Escalation \
Vulnerability BugTraq ID: 14026
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14026
Summary:
Veritas Backup Exec Remote Agent for Windows Servers is affected by a privilege \
escalation vulnerability. This issue can allow remote users to gain elevated \
privileges and completely compromise an affected computer.
A successful attack allows non-privileged users to gain SYSTEM level privileges.
8. DUware DUforum Multiple SQL Injection Vulnerabilities
BugTraq ID: 14035
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14035
Summary:
DUforum is prone to multiple SQL injection vulnerabilities. These issues are due to \
a failure in the application to properly sanitize user-supplied input before using it \
in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure \
or modification of data, or may permit an attacker to exploit vulnerabilities in the \
underlying database implementation.
9. Ipswitch WhatsUp Professional LOGIN.ASP SQL Injection Vulnerability
BugTraq ID: 14039
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14039
Summary:
WhatsUp Professional is prone to an SQL injection vulnerability affecting its \
Web-based front end. This issue is due to a failure in the application to properly \
sanitize user-supplied input to the 'login.asp' script before using it in an SQL \
query.
Successful exploitation could result in a compromise of the application, disclosure \
or modification of data, or may permit an attacker to exploit vulnerabilities in the \
underlying database implementation. It should be noted that by supplying a 'or' value \
through the 'password' parameter, an attacker can gain unauthorized access to an \
affected site.
10. Simple Machines Msg Parameter SQL Injection Vulnerability
BugTraq ID: 14043
Remote: Yes
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14043
Summary:
Simple Machines is prone to an SQL injection vulnerability. This issue is due to a \
failure in the application to properly sanitize user-supplied input before using it \
in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure \
or modification of data, or may permit an attacker to exploit vulnerabilities in the \
underlying database implementation.
This issue is reported to affect Simple Machines version 1.0.4; earlier versions may \
also be vulnerable.
11. Sendmail Milter Remote Denial Of Service Weakness
BugTraq ID: 14047
Remote: Yes
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14047
Summary:
Sendmail is susceptible to a remote denial of service weakness in its milter \
interface. This issue is due to overly long default timeouts configured for milters.
This issue is demonstrated with ClamAV versions prior to 0.86. Any other milter that \
utilizes similar operating methods as the older ClamAV milter will also expose this \
vulnerability in Sendmail.
Depending on the configuration of the milter interface, attackers may either exploit \
this issue to bypass milters, or to deny further email delivery on affected sites.
12. PHP-Nuke Avatar HTML Injection Vulnerability
BugTraq ID: 14056
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14056
Summary:
PHP-Nuke is prone to an HTML injection vulnerability. This issue is due to a failure \
in the application to properly sanitize user-supplied input before using it in \
dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the \
affected Web site, potentially allowing for theft of cookie-based authentication \
credentials. An attacker could also exploit this issue to control how the site is \
rendered to the user; other attacks are also possible.
This issue is reported to affect all versions of PHP-Nuke up to version 7.7, this has \
not been confirmed.
13. IBM DB2 Universal Database Unspecified Authorization Bypass Vulnerability
BugTraq ID: 14057
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14057
Summary:
IBM DB2 Universal Database is susceptible to an authorization bypass vulnerability. \
This issue is due to a failure of the application to properly enforce authorization \
restrictions for database users.
Users with SELECT privileges on in a database may bypass authorization checks to \
execute INSERT, UPDATE, or DELETE statements. Further details are not available at \
this time. This BID will be updated as more information is disclosed.
This vulnerability allows attackers to modify or destroy data without having proper \
authorization to do so.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Local admin password
http://www.securityfocus.com/archive/88/403594
2. Windows firewall spontaneously changes profiles
http://www.securityfocus.com/archive/88/403542
3. disable shell: command on Windows 2000
http://www.securityfocus.com/archive/88/403498
4. ISA 2004 FTP SSL
http://www.securityfocus.com/archive/88/403301
5. Windows 98 autoupdate
http://www.securityfocus.com/archive/88/403192
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com \
from the subscribed address. The contents of the subject or message body do not \
matter. You will receive a confirmation request message to which you will have to \
answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and \
unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be \
manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow.s threats today. Free of \
vendor pitches, the Briefings are designed to be pragmatic regardless of your \
security environment. Featuring 29 hands-on training courses and 10 conference \
tracks, networking opportunities with over 2,000 delegates from 30+ nations.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050628
---------------------------------------------------------------------------
---------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic