SecurityFocus Microsoft Newsletter #272
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Zero-day holiday
II. MICROSOFT VULNERABILITY SUMMARY
1. Sun Solaris PC NetLink Insecure Permissions Vulnerability
2. Golden FTP Server APPE Command Buffer Overflow Vulnerability
3. Bugzilla Syncshadowdb Insecure Temporary File Creation Vulnerability
4. Dev Web Management System Multiple Input Validation Vulnerabilities
5. BZFlag Unterminated Callsign Denial Of Service Vulnerability
6. Microsoft Internet Explorer HTML Parsing Denial of Service
Vulnerabilities
7. Microsoft Windows Graphics Rendering Engine WMF SetAbortProc Code
Execution Vulnerability
8. Microsoft Internet Explorer MSHTML.DLL HTML Parsing Denial of Service
Vulnerability
9. ImageMagick Image Filename Remote Command Execution Vulnerability
10. VBulletin Event Title HTML Injection Vulnerability
11. Drupal URL-Encoded Input HTML Injection Vulnerability
12. EFileGo Multiple Input Validation Vulnerabilities
13. Intel Graphics Accelerator Driver Remote Denial Of Service
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Security events with same timestamp
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Zero-day holiday
By Kelly Martin
A few hundred million Windows XP machines lay vulnerable on the Web today, a
week after a zero-day exploit was discovered. Meanwhile, new approaches and
ideas from the academic world - that focus exclusively on childen - may give us
hope for the future after all.
http://www.securityfocus.com/columnists/377
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Sun Solaris PC NetLink Insecure Permissions Vulnerability
BugTraq ID: 16059
Remote: No
Date Published: 2005-12-26
Relevant URL: http://www.securityfocus.com/bid/16059
Summary:
PC NetLink is susceptible to an insecure permissions vulnerability. This issue
is due to a flaw in the 'slsadmin' and 'slsmgr' scripts.
This issue allows local attackers to improperly access files on the local
filesystem. Malicious users may write to the local filesystem with the
privileges of the user running the affected scripts.
2. Golden FTP Server APPE Command Buffer Overflow Vulnerability
BugTraq ID: 16060
Remote: Yes
Date Published: 2005-12-26
Relevant URL: http://www.securityfocus.com/bid/16060
Summary:
Golden FTP Server is prone to a remote buffer overflow vulnerability.
An attacker can exploit this issue to crash the server resulting in a denial of
service to legitimate users. Arbitrary code execution may also be possible,
which may facilitate a complete compromise of the underlying system.
3. Bugzilla Syncshadowdb Insecure Temporary File Creation Vulnerability
BugTraq ID: 16061
Remote: No
Date Published: 2005-12-26
Relevant URL: http://www.securityfocus.com/bid/16061
Summary:
Bugzilla creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well.
4. Dev Web Management System Multiple Input Validation Vulnerabilities
BugTraq ID: 16063
Remote: Yes
Date Published: 2005-12-27
Relevant URL: http://www.securityfocus.com/bid/16063
Summary:
Dev Web Management System is prone to multiple input validation
vulnerabilities. These issues may allow SQL injection and cross-site scripting
attacks.
Dev Web Management System versions 1.5 and earlier are prone to these issues.
5. BZFlag Unterminated Callsign Denial Of Service Vulnerability
BugTraq ID: 16066
Remote: Yes
Date Published: 2005-12-25
Relevant URL: http://www.securityfocus.com/bid/16066
Summary:
BZFlag is prone to a denial of service vulnerability.
This vulnerability may be triggered by a malformed callsign message.
6. Microsoft Internet Explorer HTML Parsing Denial of Service Vulnerabilities
BugTraq ID: 16070
Remote: Yes
Date Published: 2005-12-27
Relevant URL: http://www.securityfocus.com/bid/16070
Summary:
Microsoft Internet Explorer is affected by multiple denial of service
vulnerabilities.
An attacker may exploit these issues by enticing a user to visit a malicious
site resulting in a denial of service condition in the application.
7. Microsoft Windows Graphics Rendering Engine WMF SetAbortProc Code Execution
Vulnerability
BugTraq ID: 16074
Remote: Yes
Date Published: 2005-12-28
Relevant URL: http://www.securityfocus.com/bid/16074
Summary:
Microsoft Windows WMF graphics rendering engine is affected by a remote code
execution vulnerability. This issue affects the 'SetAbortProc' function.
The problem presents itself when a user views a malicious WMF formatted file,
triggering the vulnerability when the engine attempts to parse the file.
The issue may be exploited remotely or by a local attacker. Any remote code
execution that occurs will be with the privileges of the user viewing a
malicious image. An attacker may gain SYSTEM privileges if an administrator
views the malicious file.
Local code execution may facilitate a complete compromise.
8. Microsoft Internet Explorer MSHTML.DLL HTML Parsing Denial of Service
Vulnerability
BugTraq ID: 16079
Remote: Yes
Date Published: 2005-12-29
Relevant URL: http://www.securityfocus.com/bid/16079
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability.
An attacker may exploit this issue by enticing a user to visit a malicious site
resulting in a denial of service condition in the application.
9. ImageMagick Image Filename Remote Command Execution Vulnerability
BugTraq ID: 16093
Remote: Yes
Date Published: 2005-12-30
Relevant URL: http://www.securityfocus.com/bid/16093
Summary:
ImageMagick is prone to a remote shell command execution vulnerability.
Successful exploitation can allow arbitrary commands to be executed in the
context of the affected user. It should be noted that this issue could also be
exploited through other applications that use ImageMagick as the default image
viewer.
ImageMagick 6.2.4.5 is reportedly vulnerable. Other versions may be affected
as well.
10. VBulletin Event Title HTML Injection Vulnerability
BugTraq ID: 16116
Remote: Yes
Date Published: 2006-01-01
Relevant URL: http://www.securityfocus.com/bid/16116
Summary:
vBulletin is prone to an HTML injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before
using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based
authentication credentials. An attacker could also exploit this issue to
control how the site is rendered to the user; other attacks are also possible.
This issue is reported to affect vBulletin 3.5.2. Earlier versions may also be
affected.
11. Drupal URL-Encoded Input HTML Injection Vulnerability
BugTraq ID: 16117
Remote: Yes
Date Published: 2006-01-01
Relevant URL: http://www.securityfocus.com/bid/16117
Summary:
Drupal is prone to an HTML injection vulnerability when handling URL-encoded
HTML and script code in message content. This issue is due to a failure in the
application to properly sanitize user-supplied input before using it in
dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the
affected Web site, potentially allowing for theft of cookie-based
authentication credentials. An attacker could also exploit this issue to
control how the site is rendered to the user; other attacks are also possible.
12. EFileGo Multiple Input Validation Vulnerabilities
BugTraq ID: 16124
Remote: Yes
Date Published: 2006-01-03
Relevant URL: http://www.securityfocus.com/bid/16124
Summary:
eFileGo is prone to multiple input validation vulnerabilities. These issues are
due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to retrieve arbitrary files, upload files
to arbitrary locations, cause denial of service conditions and execute
arbitrary commands.
Successful exploitation may facilitate a remote compromise of the computer
running the affected software.
13. Intel Graphics Accelerator Driver Remote Denial Of Service Vulnerability
BugTraq ID: 16127
Remote: Yes
Date Published: 2006-01-03
Relevant URL: http://www.securityfocus.com/bid/16127
Summary:
The Intel Graphics Accelerator driver is susceptible to a remote denial of
service vulnerability. This issue is demonstrated to occur when the affected
driver attempts to display an overly long text in a text area.
This issue allows attackers to crash the display manager on Microsoft Windows
XP, or cause a complete system crash on computers running Microsoft Windows
2000. Other operating systems where the affected display driver is available
are also likely affected.
Version 6.14.10.4308 of the Intel Graphics Accelerator driver is considered
vulnerable to this issue. Other versions may also be affected.
This issue will be updated as further information becomes available. This issue
may be related to the one described in BID 10913 (Microsoft Windows Large Image
Processing Remote Denial Of Service Vulnerability), but this has not been
confirmed.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Security events with same timestamp
http://www.securityfocus.com/archive/88/420316
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
---------------------------------------------------------------------------
---------------------------------------------------------------------------
