SecurityFocus Microsoft Newsletter #279

[Marc Fossi]

SecurityFocus Microsoft Newsletter #279
----------------------------------------
This Issue is Sponsored By: Cambia

Automate IT Security Compliance Now
Free white paper demonstrates how you can eliminate manual, time-consuming 
project-based compliance using continuous security compliance software. Save 
time leveraging this FREE white paper.

http://a.gklmedia.com/sfmn/nl/125

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Strict liability for data breaches?
       2. Privacy and anonymity
II.  MICROSOFT VULNERABILITY SUMMARY
       1. SquirrelMail Multiple Cross-Site Scripting and IMAP Injection 
Vulnerabilities
       2. Bugzilla User Credentials Information Disclosure Vulnerability
       3. True North Software IA EMailServer Remote Buffer Overflow 
Vulnerability
       4. Bugzilla Whinedays SQL Injection Vulnerability
       5. Mozilla Thunderbird Address Book Import Remote Denial of Service 
Vulnerability
       6. Snort Frag3 Processor Fragmented Packet Detection Evasion 
Vulnerability
       7. Macallan Mail Solution IMAP Commands Directory Traversal 
Vulnerability
       8. Microsoft Internet Explorer Script Engine Buffer Overflow 
Vulnerability
       9. Rockliffe MailSite Multiple Unspecified Remote LDAP Vulnerabilities
       10. PostgreSQL Set Session Authorization Denial of Service Vulnerability
       11. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
       12. Microsoft Windows IGMPv3 Denial of Service Vulnerability
       13. Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability
       14. Microsoft Windows Korean Input Method Editor Privilege Escalation 
Vulnerability
       15. SSH Tectia Server Remote Format String Vulnerability
       16. Microsoft Windows Web Client Buffer Overflow Vulnerability
       17. Isode M-Vault Server LDAP Memory Corruption Vulnerability
       18. Microsoft PowerPoint 2000 Remote Information Disclosure 
Vulnerability
       19. Microsoft Windows Media Player Bitmap Handling Buffer Overflow 
Vulnerability
       20. eStara Softphone Multiple Denial of Service Vulnerabilities
       21. AttachmateWRQ Reflection for Secure IT Remote Format String 
Vulnerability
       22. Nullsoft Winamp M3U File Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. Retriving ACL's on 60 thousand folders
       2. SecurityFocus Microsoft Newsletter #278
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Strict liability for data breaches?
By Mark Rasch
A recent case involving a stolen laptop containing 550,000 people's full credit 
information sheds new night on what "reasonable" protections a company must 
make to secure its customer data - and what customers need to prove in order to 
sue for damages.
http://www.securityfocus.com/columnists/387

2. Privacy and anonymity
By Kelly Martin
Privacy and anonymity on the Internet are as important as they are difficult to 
achieve. Here are some of the the current issues we face, along with a few 
suggestions on how we can become a little more anonymous on the Web.
http://www.securityfocus.com/columnists/386


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. SquirrelMail Multiple Cross-Site Scripting and IMAP Injection 
Vulnerabilities
BugTraq ID: 16756
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16756
Summary:
SquirrelMail is susceptible to multiple cross-site scripting and IMAP injection 
vulnerabilities. These issues are due to a failure of the application to 
properly sanitize user-supplied input.

An attacker may leverage any of the cross-site scripting issues to have 
arbitrary script code executed in the browser of an unsuspecting user in the 
context of the affected site. This may facilitate the theft of cookie-based 
authentication credentials as well as other attacks.

An attacker may leverage the IMAP injection issue to execute arbitrary IMAP 
commands on the configured IMAP server. This may aid the attacker in further 
attacks as well as allow them to exploit latent vulnerabilities in the IMAP 
server.

2. Bugzilla User Credentials Information Disclosure Vulnerability
BugTraq ID: 16745
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16745
Summary:
Bugzilla is prone to an information disclosure vulnerability. This issue is due 
to a design error in the application.

An attacker can exploit this issue by tricking a victim user into following a 
malicious URI and retrieve the victim user's login credentials.

Successful exploitation of this issue requires the name of the path where the 
login page resides, resolves to a computer on the local network of the victim 
user.

3. True North Software IA EMailServer Remote Buffer Overflow Vulnerability
BugTraq ID: 16744
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16744
Summary:
True North Software IA eMailServer is prone to a remote buffer overflow 
vulnerability. This issue is due to a failure of the application to properly 
bounds check user-supplied data prior to copying it to an insufficiently sized 
memory buffer.

This issue allows remote attackers to execute arbitrary machine code in the 
context of the affected service. Failed exploitation attempts likely result in 
the service crashing.

IA eMailServer version 5.3.4 is prone to this issue; previous versions may also 
be affected.

4. Bugzilla Whinedays SQL Injection Vulnerability
BugTraq ID: 16738
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16738
Summary:
Bugzilla is prone to an SQL-injection vulnerability. This issue is due to a 
failure in the application to properly sanitize user-supplied input before 
using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, 
access or modify data, or exploit vulnerabilities in the underlying database 
implementation.

Exploitation of this issue requires the attacker to have administrative access 
to the affected application.

5. Mozilla Thunderbird Address Book Import Remote Denial of Service 
Vulnerability
BugTraq ID: 16716
Remote: Yes
Date Published: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16716
Summary:
Mozilla Thunderbird is prone to a remote denial-of-service vulnerability.

The issue presents itself when the application handles a specially crafted 
address book file.

Mozilla Thunderbird 1.5 is reportedly affected by this issue. Other versions 
may be vulnerable as well.

6. Snort Frag3 Processor Fragmented Packet Detection Evasion Vulnerability
BugTraq ID: 16705
Remote: Yes
Date Published: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16705
Summary:
Snort is reportedly prone to a vulnerability that may allow malicious packets 
to bypass detection.

Reports indicate that the Frag3 preprocessor fails to properly analyze certain 
packets.

A successful attack can allow attackers to bypass intrusion detection and to 
carry out attacks against computers protected by Snort.

This vulnerability affects Snort 2.4.3. Other versions may be vulnerable as 
well.

7. Macallan Mail Solution IMAP Commands Directory Traversal Vulnerability
BugTraq ID: 16704
Remote: Yes
Date Published: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16704
Summary:
Macallan Mail Solution is prone to a directory-traversal vulnerability exposed 
through IMAP commands. Successful exploitation could allow a remote attacker to 
view files, rename directories, and delete empty directories.

Macallan Mail Solution 4.8.03.025 is vulnerable; earlier versions may also be 
affected.

8. Microsoft Internet Explorer Script Engine Buffer Overflow Vulnerability
BugTraq ID: 16687
Remote: Yes
Date Published: 2006-02-16
Relevant URL: http://www.securityfocus.com/bid/16687
Summary:
The Internet Explorer VBScript and JScript engines are prone to a remote 
buffer-overflow vulnerability. Successful exploitation causes the browser to 
fail. The possibility of arbitrary code execution has not been confirmed.

This vulnerability affects Internet Explorer 6 running on Windows 2000 SP4, 
Windows XP Professional, and Windows 98SE. Other versions of Internet Explorer 
and Windows may also be affected.

9. Rockliffe MailSite Multiple Unspecified Remote LDAP Vulnerabilities
BugTraq ID: 16675
Remote: Yes
Date Published: 2006-02-15
Relevant URL: http://www.securityfocus.com/bid/16675
Summary:
Rockliffe MailSite is prone to multiple unspecified vulnerabilities. These 
issues may be triggered by malformed LDAP data.

The exact impact of these vulnerabilities is not known at this time. Although 
the issues are known to crash the server, the possibility of remote code 
execution is unconfirmed.

This BID will be updated as further information is made available.

10. PostgreSQL Set Session Authorization Denial of Service Vulnerability
BugTraq ID: 16650
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause a loss of service to other database 
users. Repeated attacks will result in a prolonged denial-of-service condition.

Successful exploitation of this issue requires that the application be compiled 
with 'Asserts' enabled; this is not the default setting.

11. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
BugTraq ID: 16649
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16649
Summary:
PostgreSQL is susceptible to a remote privilege-escalation vulnerability. This 
issue is due to a flaw in the error path of the 'SET ROLE' function.

This issue allows remote attackers with database access to gain administrative 
access to affected database servers. Since such access also allows filesystem 
access, other attacks against the underlying operating system may also be 
possible.

12. Microsoft Windows IGMPv3 Denial of Service Vulnerability
BugTraq ID: 16645
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16645
Summary:
A vulnerability in the handling of IGMPv3 (Internet Group Management Protocol) 
packets could result in a denial of service.

An attacker can exploit this issue through a broadcast attack to cause 
vulnerable computers on the subnet to become unresponsive, effectively denying 
service to legitimate users.

13. Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability
BugTraq ID: 16644
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16644
Summary:
The Microsoft Windows Media Player plugin for non-Microsoft browsers is prone 
to a buffer-overflow vulnerability. This issue is due to a failure in the 
application to do proper boundary checks on user-supplied data before using it 
in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code on the victim 
userâ??s computer in the context of the victim user. This may facilitate a 
compromise of the affected computer.

This issue is exploitable only through non-Microsoft browsers that have the 
Media Player plugin installed. Possible browsers include Firefox .9 and later 
and Netscape 8; other browsers with the plugin installed may also be affected.

14. Microsoft Windows Korean Input Method Editor Privilege Escalation 
Vulnerability
BugTraq ID: 16643
Remote: No
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16643
Summary:
Microsoft Windows Korean Input Method Editor is prone to a local 
privilege-escalation vulnerability.

Successful exploitation can allow local attackers to completely compromise a 
vulnerable computer.

15. SSH Tectia Server Remote Format String Vulnerability
BugTraq ID: 16640
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16640
Summary:
A remote format-string vulnerability affects SSH Tectia Server. The application 
fails to properly sanitize user-supplied input data before using it in a 
formatted-printing function.

A remote attacker may leverage this issue to execute arbitrary machine code, 
possibly allowing for privilege escalation and for the bypassing of SFTP-only 
access controls on affected SSH servers.

16. Microsoft Windows Web Client Buffer Overflow Vulnerability
BugTraq ID: 16636
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16636
Summary:
Microsoft Windows Web Client is prone to a buffer overflow. Successful 
exploitation could allow arbitrary code execution with System privileges.

17. Isode M-Vault Server LDAP Memory Corruption Vulnerability
BugTraq ID: 16635
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16635
Summary:
Isode M-Vault Server is prone to a memory corruption. This issue may be 
triggered by malformed LDAP data.

The exact impact of this vulnerability is not known at this time. Although the 
issue is known to crash the server, the possibility of remote code execution is 
unconfirmed.

The vulnerability was reported for version 11.3 on the Linux platform; other 
versions and platforms may also be affected.

This vulnerability will be updated as further information is made available.

18. Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
BugTraq ID: 16634
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16634
Summary:
Microsoft PowerPoint 2000 is prone to a remote information-disclosure 
vulnerability. Information gathered may be used to launch further attacks 
against a vulnerable computer.

19. Microsoft Windows Media Player Bitmap Handling Buffer Overflow 
Vulnerability
BugTraq ID: 16633
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16633
Summary:
Microsoft Windows Media Player is prone to a remote buffer-overflow 
vulnerability.

The vulnerability arises when the application handles a skin file containing a 
specially crafted bitmap image. This issue can also be triggered by just 
supplying a malicious bitmap to the application. Note, however, that Windows 
Media Player is not the default handler for bitmap files.

A successful attack can corrupt process memory and result in arbitrary code 
execution. This may facilitate a remote compromise in the context of the 
vulnerable user.

20. eStara Softphone Multiple Denial of Service Vulnerabilities
BugTraq ID: 16629
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16629
Summary:
eStara Smartphone is prone to multiple denial-of-service vulnerabilities when 
processing malformed VOIP headers. Successful exploitation will cause the 
device to crash.

21. AttachmateWRQ Reflection for Secure IT Remote Format String Vulnerability
BugTraq ID: 16625
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16625
Summary:
A remote format-string vulnerability affects AttachmateWRQ Reflection for 
Secure IT. The application fails to properly sanitize user-supplied input data 
before using it in a formatted-printing function.

A remote attacker may leverage this issue to execute arbitrary machine code, 
possibly allowing for privilege escalation and for the bypassing of SFTP-only 
access controls on affected SSH servers. Attackers may also cause a 
denial-of-service condition against the affected SSH server.

22. Nullsoft Winamp M3U File Denial of Service Vulnerability
BugTraq ID: 16623
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16623
Summary:
Winamp is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the application, effectively 
denying service to legitimate users. An attacker may be able to exploit this 
issue to execute arbitrary code on the victim user's computer; this has not 
been confirmed.

This issue is reported to affect version 5.13; other versions may also be 
vulnerable.

This issue may be related to BID 9923 (NullSoft Winamp Malformed File Name 
Denial of Service Vulnerability).

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Retriving ACL's on 60 thousand folders
http://www.securityfocus.com/archive/88/425192

2. SecurityFocus Microsoft Newsletter #278
http://www.securityfocus.com/archive/88/425033

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
[EMAIL PROTECTED] from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email [EMAIL PROTECTED] and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Cambia

Automate IT Security Compliance Now
Free white paper demonstrates how you can eliminate manual, time-consuming 
project-based compliance using continuous security compliance software. Save 
time leveraging this FREE white paper.

http://a.gklmedia.com/sfmn/nl/125



---------------------------------------------------------------------------
---------------------------------------------------------------------------