|
SecurityFocus Microsoft Newsletter #252
----------------------------------------
New Partnership Announcement: SecurityFocus and ITinfosecure
SecurityFocus and ITinfosecure have teamed up to provide its customers with the most comprehensive vendor-neutral IT security resource on the web! Users will now be able to visit SecurityFocus.com to access information on the latest IT security products through their partnership with ITinfosecure.com with their Product Search feature. Combining this tool with SecurityFocus.s comprehensive information of the latest IT security news and vulnerability information ensures SecurityFocus remains the most comprehensive and trusted source of security information on the Internet.
Visit SecurityFocus today at http://www.securityfocus.com
------------------------------------------------------------------
I. FRONT AND CENTER
1. Jose Nazario discusses worms
2. Packet forensics using TCP
II. MICROSOFT VULNERABILITY SUMMARY
1. Wine WineLauncher.IN Local Insecure File Creation Vulnerability
2. Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability
3. Microsoft Internet Explorer Web Folder Behaviors Cross-Domain Scripting Vulnerability
4. Microsoft Windows Plug and Play Buffer Overflow Vulnerability
5. Microsoft Windows Print Spooler Buffer Overflow Vulnerability
6. Microsoft Internet Explorer Unspecified SharePoint Portal Services Log Sink ActiveX Vulnerability
7. Microsoft Windows Telephony Service Buffer Overflow Vulnerability
8. Microsoft Windows Kerberos Denial Of Service Vulnerability
9. Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability
10. AWStats Referrer Arbitrary Command Execution Vulnerability
11. MidiCart ASP Item_Show.ASP Code_No Parameter SQL Injection Vulnerability
12. Gallery PostNuke Integration Access Validation Vulnerability
13. Novell eDirectory Server iMonitor Buffer Overflow Vulnerability
14. McAfee ePolicy Orchestrator Local Information Disclosure Vulnerability
15. Veritas Backup Exec For Windows And NetWare Arbitrary File Download Vulnerability
16. PHPBB BBCode IMG Tag Script Injection Vulnerability
17. FUDForum Tree View Access Validation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #251
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Jose Nazario discusses worms
By Federico Biancuzzi
Federico Biancuzzi interviews Jose Nazario to discuss modern computer worms and the design goals behind them.
http://www.securityfocus.com/columnists/347
2. Packet forensics using TCP
By Don Parker and Mike Sues
This article looks at TCP packet forensics and examines why sequence and acknowledgement numbers can be useful during an investigation.
http://www.securityfocus.com/infocus/1845
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Wine WineLauncher.IN Local Insecure File Creation Vulnerability
BugTraq ID: 14496
Remote: No
Date Published: 2005-08-08
Relevant URL: http://www.securityfocus.com/bid/14496
Summary:
A local insecure file creation vulnerability affects Wine. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it.
The details available regarding this issue are not sufficient to provide an in depth technical description. This BID will be updated when more information becomes available.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
This issue is reported in version 20050725; other version may also be affected.
2. Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability
BugTraq ID: 14511
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14511
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability.
This issue is exposed when certain COM objects are instantiated as ActiveX controls. A malicious Web page could pass content to these objects that will trigger memory corruption.
Successful exploitation could let remote attackers execute arbitrary code in the context of the currently logged in user.
3. Microsoft Internet Explorer Web Folder Behaviors Cross-Domain Scripting Vulnerability
BugTraq ID: 14512
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14512
Summary:
Microsoft Internet Explorer is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain or browser security zone. This issue is the result of a security flaw in the browser security model when handling URIs when a Web folder view is rendered.
If exploited to access a foreign domain, this could allow script code embedded in a malicious Web page to access the properties of another site that the victim of the attack may trust. This would likely be exploited to steal credentials or sensitive information from the victim. The issue could also be exploited to execute arbitrary code by running malicious script code in a browser security zone with lowered security settings, such as the Local Machine, Trusted Sites or Intranet zone. Code execution would occur in the context of the currently logged in user.
4. Microsoft Windows Plug and Play Buffer Overflow Vulnerability
BugTraq ID: 14513
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14513
Summary:
Microsoft Windows Plug and Play is prone to a buffer overflow vulnerability.
This issue takes place when the PnP service handles malformed messages containing excessive data.
This vulnerability facilitates local privilege escalation and unauthorized remote access depending on the underlying operating system. A successful attack may result in arbitrary code execution resulting in an attacker gaining SYSTEM privileges.
5. Microsoft Windows Print Spooler Buffer Overflow Vulnerability
BugTraq ID: 14514
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14514
Summary:
Microsoft Windows Print Spooler service is prone to a buffer overflow vulnerability.
Specifically, this issue takes place when the Print Spooler service handles malformed messages containing excessive data.
This vulnerability facilitates local privilege escalation and unauthorized remote access depending on the underlying operating system. A successful attack may result in arbitrary code execution, which can allow an attacker to gain SYSTEM privileges.
6. Microsoft Internet Explorer Unspecified SharePoint Portal Services Log Sink ActiveX Vulnerability
BugTraq ID: 14515
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14515
Summary:
Microsoft Internet Explorer is prone to an unspecified vulnerability in the SharePoint Portal Service Log Sink ActiveX control.
The vendor has not released any further information about this vulnerability other than to state the "kill bit" has been set on unsupported versions of the control.
This issue may be related to BID 12646.
7. Microsoft Windows Telephony Service Buffer Overflow Vulnerability
BugTraq ID: 14518
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14518
Summary:
Microsoft Windows Telephony Service is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data.
A successful attack can result in overflowing a finite sized buffer and ultimately leading to arbitrary code execution in the context of the affected service. This may allow the attacker to execute arbitrary code remotely or locally to gain elevated privileges.
Remote code execution is only possible on Windows 2000 Server and Windows Server 2003; other vulnerable platforms the attacker must have local interactive access.
8. Microsoft Windows Kerberos Denial Of Service Vulnerability
BugTraq ID: 14519
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14519
Summary:
Microsoft Windows is susceptible to a remote Kerberos denial of service vulnerability. By sending unspecified packets to the Kerberos service on TCP or UDP port 88, attackers may cause the affected service to crash.
This vulnerability allows remote attackers to crash the affected authentication service, denying further domain authentication to legitimate users. It should be noted that exploitation requires that attackers have valid logon credentials.
9. Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability
BugTraq ID: 14520
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14520
Summary:
The PKINIT implementation in Microsoft Windows is susceptible to a man in the middle vulnerability. This issue is due to a failure of the software to properly validate network data. This issue is only exploitable by attackers that have access to valid logon credentials.
Attackers exploit this issue to spoof the domain controller/KDC during the initial authentication process. By spoofing the domain controller/KDC, attackers may gain access to the cleartext contents of encrypted network traffic in arbitrary Kerberos-enabled services. Other attacks may also be possible.
Microsoft implements draft 9 of the IETF PKINIT specification, and states that the vulnerability is in the protocol specification itself. Other implementations of PKINIT may therefore also be vulnerable to this issue.
10. AWStats Referrer Arbitrary Command Execution Vulnerability
BugTraq ID: 14525
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14525
Summary:
AWStats is affected by an arbitrary command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of this vulnerability will permit an attacker to execute arbitrary Perl code on the system hosting the affected application in the security context of the Web server process. This may aid in further attacks against the underlying system; other attacks are also possible.
It should be noted this vulnerability is only possible if the affected application has at least one URLPlugin enabled.
11. MidiCart ASP Item_Show.ASP Code_No Parameter SQL Injection Vulnerability
BugTraq ID: 14544
Remote: Yes
Date Published: 2005-08-11
Relevant URL: http://www.securityfocus.com/bid/14544
Summary:
MidiCart ASP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
12. Gallery PostNuke Integration Access Validation Vulnerability
BugTraq ID: 14547
Remote: Yes
Date Published: 2005-08-11
Relevant URL: http://www.securityfocus.com/bid/14547
Summary:
Gallery is prone to an access validation issue when integrated with PostNuke. This issue could allow any user with any level of admin privileges in PostNuke to also have admin privileges over the entire Gallery.
This issue has been addressed in Gallery 1.5.1-RC2.
13. Novell eDirectory Server iMonitor Buffer Overflow Vulnerability
BugTraq ID: 14548
Remote: Yes
Date Published: 2005-08-11
Relevant URL: http://www.securityfocus.com/bid/14548
Summary:
The Novell eDirectory Server iMonitor is prone to a buffer overflow. Successful exploitation could allow arbitrary code execution with Local System privileges.
eDirectory 8.7.3 iMonitor is vulnerable to this issue. Earlier versions may also be affected.
14. McAfee ePolicy Orchestrator Local Information Disclosure Vulnerability
BugTraq ID: 14549
Remote: No
Date Published: 2005-08-11
Relevant URL: http://www.securityfocus.com/bid/14549
Summary:
Network Associates McAfee ePolicy Orchestrator is susceptible to a local information disclosure vulnerability. This issue is due to incorrectly configured directory permissions in the default installation process of the application.
This vulnerability allows local attackers to access arbitrary files located in the same partition as the affected directory with SYSTEM privileges. This will aid them in further attacks.
15. Veritas Backup Exec For Windows And NetWare Arbitrary File Download Vulnerability
BugTraq ID: 14551
Remote: Yes
Date Published: 2005-08-12
Relevant URL: http://www.securityfocus.com/bid/14551
Summary:
Veritas Backup Exec for Windows Servers, Veritas Backup Exec for NetWare Servers, NetBackup for NetWare Media Server Option, and Remote Agents for Windows, Unix/Linux, and NetWare servers are prone to a vulnerability regarding the unauthorized downloading of arbitrary files.
A remote attacker can exploit this vulnerability to download arbitrary files, aiding them in further attack.
A Metasploit Framework exploit is available and there are reports of this vulnerability currently being exploited in the wild.
16. PHPBB BBCode IMG Tag Script Injection Vulnerability
BugTraq ID: 14555
Remote: Yes
Date Published: 2005-08-12
Relevant URL: http://www.securityfocus.com/bid/14555
Summary:
phpBB is prone to a script injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input in bbcode '[IMG]' tags included in a user signature.
Successful exploitation of this vulnerability could permit the injection of arbitrary HTML or script code into the browser of an unsuspecting user in the context of the affected site.
This issue is reported to affect phpBB version 2.0.17; earlier versions may also be vulnerable.
17. FUDForum Tree View Access Validation Vulnerability
BugTraq ID: 14556
Remote: Yes
Date Published: 2005-08-12
Relevant URL: http://www.securityfocus.com/bid/14556
Summary:
FUDforum is prone to an access validation vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to private forums.
An attacker can exploit this vulnerability to obtain posts from private forums. This may result in a loss of confidentiality. Information obtained may also be used in further attacks.
This issue is reported to affect FUDforum version 2.6.15; earlier versions may also be vulnerable.
It should be noted this issue is only possible if the 'Tree View' feature is enabled.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #251
http://www.securityfocus.com/archive/88/407760
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
New Partnership Announcement: SecurityFocus and ITinfosecure
SecurityFocus and ITinfosecure have teamed up to provide its customers with the most comprehensive vendor-neutral IT security resource on the web! Users will now be able to visit SecurityFocus.com to access information on the latest IT security products through their partnership with ITinfosecure.com with their Product Search feature. Combining this tool with SecurityFocus.s comprehensive information of the latest IT security news and vulnerability information ensures SecurityFocus remains the most comprehensive and trusted source of security information on the Internet.
Visit SecurityFocus today at http://www.securityfocus.com
|