SecurityFocus Microsoft Newsletter #280
----------------------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White
Paper It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems! Firewalls and
IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a complete
guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70130000000C543
------------------------------------------------------------------
I. FRONT AND CENTER
1. John the Ripper 1.7, by Solar Designer
II. MICROSOFT VULNERABILITY SUMMARY
1. Alt-N MDaemon IMAP Server Remote Format String Vulnerability
2. MySQL Query Logging Bypass Vulnerability
3. iCal Calendar Text Cross-Site Scripting Vulnerability
4. Simple Machines X-Forwarded-For HTML Injection Vulnerability
5. MTS Professional Open EMail Relay Vulnerability
6. ArGoSoft Mail Server Pro Multiple HTML Injection Vulnerabilities
7. PHPWebSite Topics.PHP SQL Injection Vulnerability
8. ArGoSoft Mail Server Pro IMAP Server Remote Directory Traversal
Vulnerability
9. ArGoSoft Mail Server Pro POP3 Server Remote Information Disclosure
Vulnerability
10. Multiple SpeedProject Applications Remote Directory Traversal
Vulnerability
11. StuffIt and ZipMagic Remote Directory Traversal Vulnerability
12. Winace Remote Directory Traversal Vulnerability
13. The Bat! Remote Buffer Overflow Vulnerability
14. Winace ARJ File Handling Buffer Overflow Vulnerability
15. Nullsoft Winamp M3U File Processing Buffer Overflow Vulnerability
16. Microsoft Word Malformed Document Denial Of Service Vulnerability
17. InfoVista VistaPortal Directory Traversal Vulnerability
18. Ipswitch WhatsUp Professional 2006 Remote Denial Of Service
Vulnerability
19. Mozilla Thunderbird IFRAME JavaScript Execution Vulnerability
20. Safe'n'Sec Path Specification Local Privilege Escalation
Vulnerabilities
21. SquirrelMail Multiple Cross-Site Scripting and IMAP Injection
Vulnerabilities
22. Bugzilla User Credentials Information Disclosure Vulnerability
23. True North Software IA EMailServer Remote Buffer Overflow
Vulnerability
24. Bugzilla Whinedays SQL Injection Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Domain policy getting override on local
2. SecurityFocus Microsoft Newsletter #279
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. John the Ripper 1.7, by Solar Designer
By Federico Biancuzzi
Federico Biancuzzi interviews Solar Designer, creator of the popular John the
Ripper password cracker. Solar Designer discusses what's new in version 1.7,
the advantages of popular cryptographic hashes, the relative speed at which
many passwords can now be cracked, and how one can choose strong passphrases
(forget passwords) that are harder to break.
http://www.securityfocus.com/columnists/388
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Alt-N MDaemon IMAP Server Remote Format String Vulnerability
BugTraq ID: 16854
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16854
Summary:
Alt-N MDaemon IMAP Server is affected by a remote format-string vulnerability.
This issue is due to a failure of the application to properly sanitize
user-supplied input prior to its use in the format-specifier argument to a
formatted printing function.
This vulnerability may be leveraged to consume excessive CPU resources or to
crash the service. Due to the nature of this issue, it is likely that remote
code execution may also be possible, although this has not been confirmed.
Alt-N MDaemon 8.1.1 is reported to be vulnerable. Other versions are likely
affected as well.
2. MySQL Query Logging Bypass Vulnerability
BugTraq ID: 16850
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query logging bypass vulnerability. This issue is due
to a discrepency between the handling of NULL bytes in input data.
This issue allows attackers to bypass the query logging functionality of the
database, so they can cause malicious SQL queries to be improperly logged. This
may aid them in hiding the traces of malicious activity from administrators.
This issue affects MySQL version 5.0.18; other versions may also be affected.
3. iCal Calendar Text Cross-Site Scripting Vulnerability
BugTraq ID: 16845
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16845
Summary:
iCal is prone to a cross-site scripting vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.
4. Simple Machines X-Forwarded-For HTML Injection Vulnerability
BugTraq ID: 16841
Remote: Yes
Date Published: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16841
Summary:
Simple Machines is prone to an HTML injection vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would be executed in the context of the
affected website, potentially allowing for theft of cookie-based authentication
credentials. An attacker could also exploit this issue to control how the site
is rendered to the user; other attacks are also possible.
This issue is reported to affect Simple Machines version 1.0.6 and earlier.
5. MTS Professional Open EMail Relay Vulnerability
BugTraq ID: 16840
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16840
Summary:
MTS Professional is susceptible to a remote open-email-relay vulnerability.
This issue is due to the application failing to properly verify the source of
emails when configured to forward emails.
This issue allows remote attackers to use vulnerable servers to send arbitrary
unsolicited bulk email. Attackers may also forge email messages that originate
from a trusted mail server.
6. ArGoSoft Mail Server Pro Multiple HTML Injection Vulnerabilities
BugTraq ID: 16834
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16834
Summary:
ArGoSoft Mail Server Pro is prone to multiple HTML-injection vulnerabilities.
The application fails to properly sanitize user-supplied input before using it
in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the
affected website, potentially allowing an attacker to steal cookie-based
authentication credentials or to control how the site is rendered to the user;
other attacks are also possible.
ArGoSoft Mail Server Pro 1.8.8.5 and prior versions are vulnerable.
7. PHPWebSite Topics.PHP SQL Injection Vulnerability
BugTraq ID: 16825
Remote: Yes
Date Published: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/16825
Summary:
phpWebSite is prone to an SQL injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before
using it in an SQL query.
Successful exploitation could result in a compromise of the application,
disclosure or modification of data, or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.
8. ArGoSoft Mail Server Pro IMAP Server Remote Directory Traversal
Vulnerability
BugTraq ID: 16809
Remote: Yes
Date Published: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16809
Summary:
The ArGoSoft Mail Server Pro IMAP service is susceptible to a remote
directory-traversal vulnerability. This issue is due to the application's
failure to properly sanitize user-supplied input.
This issue allows remote, authenticated attackers to create and possibly modify
arbitrary files with the privileges of the server process. Since the server
process requires elevated privileges to listen on the IMAP TCP port, attackers
may likely be able to overwrite or modify any file with SYSTEM-level
privileges.
Version 1.8.8.1 is vulnerable to this issue; other versions may also be
affected.
9. ArGoSoft Mail Server Pro POP3 Server Remote Information Disclosure
Vulnerability
BugTraq ID: 16808
Remote: Yes
Date Published: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16808
Summary:
The ArGoSoft Mail Server Pro POP3 service is susceptible to a remote
information-disclosure vulnerability. This issue is due to the application's
failure to require authentication before allowing a command that discloses
potentially sensitive information.
This issue allows remote, unauthenticated attackers to gain access to
potentially sensitive configuration information. Information that the attacker
harvests in this manner may then aid in further attacks.
Version 1.8.8.1 is vulnerable to this issue; other versions may also be
affected.
10. Multiple SpeedProject Applications Remote Directory Traversal Vulnerability
BugTraq ID: 16807
Remote: Yes
Date Published: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16807
Summary:
Reportedly, an attacker can carry out directory traversal type attacks. These
issues present themselves when the applications process malicious archives.
A successful attack can allow the attacker to place potentially malicious files
and overwrite files on a computer in the context of the user running the
affected application. Successful exploitation may aid in further attacks.
11. StuffIt and ZipMagic Remote Directory Traversal Vulnerability
BugTraq ID: 16806
Remote: Yes
Date Published: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16806
Summary:
Reportedly, an attacker can carry out attacks similar to directory traversals.
These issues present themselves when the application processes malicious
archives.
A successful attack can allow the attacker to place potentially malicious files
and overwrite files on a computer in the context of the user running the
affected application. Successful exploitation may aid in further attacks.
12. Winace Remote Directory Traversal Vulnerability
BugTraq ID: 16800
Remote: Yes
Date Published: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16800
Summary:
Reportedly, an attacker can carry out directory-traversal attacks. These issues
present themselves when the application processes malformed archives.
A successful attack can allow the attacker to place potentially malicious files
and overwrite files on a computer in the context of the user running the
affected application. Successful exploitation may aid in further attacks.
13. The Bat! Remote Buffer Overflow Vulnerability
BugTraq ID: 16797
Remote: Yes
Date Published: 2006-02-23
Relevant URL: http://www.securityfocus.com/bid/16797
Summary:
The Bat! is prone to a remote buffer-overflow vulnerability. This issue is due
to a failure in the application to perform proper bounds checking on
user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to control program flow and execute
arbitrary attacker-supplied code in the context of the victim user running the
affected application.
14. Winace ARJ File Handling Buffer Overflow Vulnerability
BugTraq ID: 16786
Remote: Yes
Date Published: 2006-02-23
Relevant URL: http://www.securityfocus.com/bid/16786
Summary:
Winace is prone to a buffer-overflow vulnerability when handling malformed ARJ
archives. Successful exploitation could result in an application crash or
potential arbitrary code execution.
Winace 2.60 is affected by this issue. Earlier versions may also be vulnerable.
15. Nullsoft Winamp M3U File Processing Buffer Overflow Vulnerability
BugTraq ID: 16785
Remote: Yes
Date Published: 2006-02-23
Relevant URL: http://www.securityfocus.com/bid/16785
Summary:
Nullsoft Winamp is prone to a buffer-overflow vulnerability when processing
malformed M3U files. The overrun occurs when the M3U playlist is paused or
stopped.
This issue is reported to affect Winamp versions 5.12 and 5.13. Earlier
versions may also be vulnerable.
16. Microsoft Word Malformed Document Denial Of Service Vulnerability
BugTraq ID: 16782
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16782
Summary:
Microsoft Word is susceptible to a denial-of-service vulnerability. The
specific cause of this issue is currently unknown.
This issue allows attackers to crash affected applications. Due to the
unspecified cause of this issue, attackers may be able to execute arbitrary
code in the context of the affected application, but this has not been
confirmed.
Microsoft Word 2003 is reportedly vulnerable; other versions may also be
affected.
This BID will be updated as further information is disclosed.
17. InfoVista VistaPortal Directory Traversal Vulnerability
BugTraq ID: 16776
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16776
Summary:
VistaPortal is prone to a directory-traversal vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the
vulnerable system in the context of the affected application. Information
obtained may aid in further attacks. Reports indicate VistaPortal is run with
superuser privileges, increasing the impact of successful exploitation.
18. Ipswitch WhatsUp Professional 2006 Remote Denial Of Service Vulnerability
BugTraq ID: 16771
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16771
Summary:
Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service
vulnerability. This issue is due to the application's failure to properly
handle certain HTTP GET requests.
This issue allows remote attackers to consume excessive CPU resources on
targeted computers, denying service to legitimate users.
19. Mozilla Thunderbird IFRAME JavaScript Execution Vulnerability
BugTraq ID: 16770
Remote: Yes
Date Published: 2006-02-22
Relevant URL: http://www.securityfocus.com/bid/16770
Summary:
Mozilla Thunderbird is prone to a script-execution vulnerability.
The vulnerability presents itself when an attacker supplies a specially crafted
email to a user containing malicious script code in an IFRAME and the user
tries to reply to the mail. Arbitrary JavaScript can be executed even if the
user has disabled JavaScript execution in the client.
Mozilla Thunderbird 1.0.7 and prior versions are reportedly affected.
20. Safe'n'Sec Path Specification Local Privilege Escalation Vulnerabilities
BugTraq ID: 16762
Remote: No
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16762
Summary:
Safe'n'Sec is prone to vulnerabilities that could allow arbitrary files to be
executed.
The application tries to execute applications without using properly quoted
paths. Successful exploitation may allow local attackers to gain elevated
privileges.
Safe'n'Sec Personal 2.0 is vulnerable; other versions may also be affected.
21. SquirrelMail Multiple Cross-Site Scripting and IMAP Injection
Vulnerabilities
BugTraq ID: 16756
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16756
Summary:
SquirrelMail is susceptible to multiple cross-site scripting and IMAP-injection
vulnerabilities. These issues are due to the application's failure to properly
sanitize user-supplied input.
An attacker may leverage any of the cross-site scripting issues to have
arbitrary script code executed in the browser of an unsuspecting user in the
context of the affected site. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.
An attacker may leverage the IMAP-injection issue to execute arbitrary IMAP
commands on the configured IMAP server. This may aid attackers in further
attacks as well as allow them to exploit latent vulnerabilities in the IMAP
server.
22. Bugzilla User Credentials Information Disclosure Vulnerability
BugTraq ID: 16745
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16745
Summary:
Bugzilla is prone to an information-disclosure vulnerability. This issue is due
to a design error in the application.
An attacker can exploit this issue by tricking a victim user into following a
malicious URI and then retrieving the victim user's login credentials.
To successfully exploit this issue, the attacker requires the name of the path
where the login page resides and resolves to a computer on the local network of
the victim user.
23. True North Software IA EMailServer Remote Buffer Overflow Vulnerability
BugTraq ID: 16744
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16744
Summary:
True North Software IA eMailServer is prone to a remote buffer-overflow
vulnerability. This issue is due to the application's failure to perform proper
boundary checks on user-supplied data before copying it to an insufficiently
sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the
context of the affected service. Failed exploitation attempts will likely crash
the service.
IA eMailServer version 5.3.4 is prone to this issue; previous versions may also
be affected.
24. Bugzilla Whinedays SQL Injection Vulnerability
BugTraq ID: 16738
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16738
Summary:
Bugzilla is prone to an SQL-injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before
using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
Exploitation of this issue requires the attacker to have administrative access
to the affected application.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Domain policy getting override on local
http://www.securityfocus.com/archive/88/425884
2. SecurityFocus Microsoft Newsletter #279
http://www.securityfocus.com/archive/88/425748
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White
Paper It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems! Firewalls and
IDS will not stop such attacks because SQL Injections are NOT seen as
intruders. Download this *FREE* white paper from SPI Dynamics for a complete
guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70130000000C543
---------------------------------------------------------------------------
---------------------------------------------------------------------------
