SecurityFocus Microsoft Newsletter #283

Marc Fossi Wed, 22 Mar 2006 06:35:54 -0800

SecurityFocus Microsoft Newsletter #283
----------------------------------------


This Issue is Sponsored By: RedCannon

Extend Citrix Access and enforce enterprise policy using ultra-thin clients -read Steve Kaplan's latest white paper and learn how ultra-thin USB clientsfrom RedCannon extend and enforce security policies to any untrusted WindowsPCs INSTANTLY. Secure any point, anywhere prior to permitting remote access.


http://www.RedCannon.com/Kaplan321/

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Encryption for the masses
       2. Social engineering reloaded
II.  MICROSOFT VULNERABILITY SUMMARY
       1. MailEnable Unspecified POP Authentication Bypass Vulnerability

2. MailEnable Enterprise/Professional Editions Webmail Denial of ServiceVulnerability

       3. PHPWebSite Multiple SQL Injection Vulnerabilities
       4. PHPMyAdmin Set_Theme Cross-Site Scripting Vulnerability
       5. Monotone MT File Arbitrary Code Execution Vulnerability
       6. Microsoft Commerce Server 2002 Authentication Bypass Vulnerability

7. Microsoft Internet Explorer Script Action Handler Buffer OverflowVulnerability

       8. Dwarf HTTP Server Multiple Input Validation Vulnerabilities

9. Microsoft Excel Malformed Formula Size Remote Code ExecutionVulnerability

       10. Macromedia Flash Multiple Unspecified Security Vulnerabilities
       11. Unalz Hostile Destination Path Vulnerability
       12. Drupal Multiple Input Validation Vulnerabilities
       13. Microsoft Excel Malformed Record Remote Code Execution Vulnerability
       14. Firebird Local Inet_Server Buffer Overflow Vulnerability
       15. Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities

16. Free-AV AntiVir Personal Edition Classic Local Privilege EscalationVulnerability

       17. SafeDisc Secdrv.SYS Local Privilege Escalation Vulnerability

18. Microsoft Office Routing Slip Processing Remote Buffer OverflowVulnerability

III. MICROSOFT FOCUS LIST SUMMARY
       1. virtual memory protection using AWE
       2. SecurityFocus Microsoft Newsletter #282
       3. Moderation in moderation
       4. EFS disaster!
       5. trouble using SSL on WSUS
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Encryption for the masses
By Kelly Martin

File and disk encryption needs to be simple and easy if it's going to be used.This article looks at Apple's FileVault and takes a sneak peak at what's comingin Windows Vista.

http://www.securityfocus.com/columnists/393

2. Social engineering reloaded
By Sarah Granger

The purpose of this article is to go beyond the basics and explore how socialengineering, employed as technology, has evolved over the past few years. Acase study of a typical Fortune 1000 company will be discussed, puttingemphasis on the importance of education about social engineering for everycorporate security program.

http://www.securityfocus.com/infocus/1860


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. MailEnable Unspecified POP Authentication Bypass Vulnerability
BugTraq ID: 17162
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17162
Summary:
MailEnable is prone to an unspecified authentication-bypass vulnerability.

This vulnerability affects the POP service of various MailEnable versions. Verylittle information beyond that is available at this time. This BID will beupdated as further information becomes available.

2. MailEnable Enterprise/Professional Editions Webmail Denial of ServiceVulnerability

BugTraq ID: 17161
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17161
Summary:

MailEnable Enterprise/Professional Editions are prone to a remotedenial-of-service vulnerability.

An attacker can exploit this issue to cause the application to consume allavailable resources, effectively denying service to legitimate users.

This issue is reported to be a seperate issue from that discussed in BID 16525(MailEnable Enterprise Edition Webmail Denial of Service Vulnerability).


3. PHPWebSite Multiple SQL Injection Vulnerabilities
BugTraq ID: 17150
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17150
Summary:

phpWebSite is prone to multiple SQL-injection vulnerabilities. These issues aredue to a failure in the application to properly sanitize user-supplied inputbefore using it in SQL queries.

A successful exploit could allow an attacker to compromise the application,access or modify data, or exploit vulnerabilities in the underlying databaseimplementation.


4. PHPMyAdmin Set_Theme Cross-Site Scripting Vulnerability
BugTraq ID: 17142
Remote: Yes
Date Published: 2006-03-17
Relevant URL: http://www.securityfocus.com/bid/17142
Summary:

phpMyAdmin is prone to a cross-site scripting vulnerability. This issue is dueto a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed inthe browser of an unsuspecting user in the context of the affected site. Thismay facilitate the theft of cookie-based authentication credentials as well asother attacks.


5. Monotone MT File Arbitrary Code Execution Vulnerability
BugTraq ID: 17139
Remote: Yes
Date Published: 2006-03-17
Relevant URL: http://www.securityfocus.com/bid/17139
Summary:

Monotone is prone to an arbitrary code-execution vulnerability. This issue isdue to a design error in the application.

An attacker can exploit this issue to have arbitrary Lua code executed in thecontext of the victim user running the affected application.

This issue affects Monotone only on case-insensitive filesystems such asMicrosoft Windows and Apple Mac OS X.


6. Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
BugTraq ID: 17134
Remote: Yes
Date Published: 2006-03-16
Relevant URL: http://www.securityfocus.com/bid/17134
Summary:

Microsoft Commerce Server 2002 is prone to an authentication-bypassvulnerability. This issue is due to a failure in the application to correctlyauthenticate users due to the possible existence of sample files.

An attacker can exploit this issue to bypass the authentication mechanism andgain access to the affected application as any pre-existing user.

Microsoft Commerce Server 2002 prior to Service Pack 2 are affected by thisissue.

7. Microsoft Internet Explorer Script Action Handler Buffer OverflowVulnerability

BugTraq ID: 17131
Remote: Yes
Date Published: 2006-03-16
Relevant URL: http://www.securityfocus.com/bid/17131
Summary:

Microsoft Internet Explorer is susceptible to a remote buffer-overflowvulnerability in 'MSHTML.DLL'. This issue is due to a failure of theapplication to properly bounds check user-supplied input data prior to copyingit into an insufficiently-sized memory buffer.

This issue may be exploited by remote attackers to crash affected web browsers.Remote code execution may also be possible, but this has not been confirmed.

Internet Explorer 6 is vulnerable to this issue; other versions may also beaffected.


8. Dwarf HTTP Server Multiple Input Validation Vulnerabilities
BugTraq ID: 17123
Remote: Yes
Date Published: 2006-03-15
Relevant URL: http://www.securityfocus.com/bid/17123
Summary:

Dwarf HTTP Server is prone to multiple input-validation vulnerabilities. Theseissues are due to a lack of proper sanitization of user-supplied input.

An attacker may conduct cross-site scripting attacks and disclose sensitiveinformation.


Versions 1.3.2. and prior are vulnerable; other versions may also be affected.

9. Microsoft Excel Malformed Formula Size Remote Code Execution Vulnerability
BugTraq ID: 17108
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17108
Summary:

Microsoft Excel is prone to a remote code execution vulnerability. This issuemay be triggered when an Excel document with a malformed formula size isopened.


10. Macromedia Flash Multiple Unspecified Security Vulnerabilities
BugTraq ID: 17106
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17106
Summary:

The Macromedia Flash plug-in is susceptible to multiple unspecifiedvulnerabilities.

An attacker can potentially exploit these vulnerabilities to execute arbitrarycode. The most likely vector of attack is through a malicious SWF file that hasbeen designed to trigger the vulnerability and has been placed on a website. Adenial-of-service condition may also occur.

Versions of the Flash Player prior to 7.0.63.0 and 8.0.24.0 are vulnerable tothese issues.


11. Unalz Hostile Destination Path Vulnerability
BugTraq ID: 17105
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17105
Summary:

The 'unalz' tool contains a vulnerability in the handling of pathnames forarchived files.

By specifying a path for an archived item that points outside the expecteddestination directory, the creator of the archive can cause the file to beextracted to arbitrary locations on the filesystem, possibly including pathscontaining system binaries and other sensitive or confidential information.

Presumably, an attacker could use this to create or overwrite binaries in anydesired location, using the privileges of the invoking user.


Version 0.53 is vulnerable; other versions may also be affected.

12. Drupal Multiple Input Validation Vulnerabilities
BugTraq ID: 17104
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17104
Summary:

Drupal is prone to multiple input-validation vulnerabilities. These issues aredue to a failure in the application to properly sanitize user-supplied input.


An attacker may leverage these issues to:

- have arbitrary script code executed in the browser of an unsuspecting userin the context of the affected site

- access sensitive information
- hijack user sessions
- use a vulnerable Drupal installation as an email relay.

13. Microsoft Excel Malformed Record Remote Code Execution Vulnerability
BugTraq ID: 17101
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17101
Summary:

Microsoft Excel is prone to a remote code execution vulnerability. This issuemay be triggered when a Excel document with malformed record data is opened.


14. Firebird Local Inet_Server Buffer Overflow Vulnerability
BugTraq ID: 17077
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17077
Summary:

Firebird is susceptible to a local buffer-overflow vulnerability. This issue isdue to the application's failure to properly check boundaries of user-suppliedcommand-line argument data before copying it to an insufficiently sized memorybuffer.

Attackers may exploit this issue to execute arbitrary machine code withelevated privileges, because the affected binaries are often installed withsetuid privileges.


15. Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities
BugTraq ID: 17074
Remote: Yes
Date Published: 2006-03-11
Relevant URL: http://www.securityfocus.com/bid/17074
Summary:

An integer overflow and heap-based buffer overflow vulnerability have beenreported in Apple QuickTime and iTunes. These issues affect both Mac OS X andMicrosoft Windows releases of the software.

A successful exploit will result in execution of arbitrary code in the contextof the currently logged in user.

16. Free-AV AntiVir Personal Edition Classic Local Privilege EscalationVulnerability

BugTraq ID: 17071
Remote: No
Date Published: 2006-03-11
Relevant URL: http://www.securityfocus.com/bid/17071
Summary:

AntiVir Personal Edition Classic is prone to a local privilege-escalationvulnerability.

A local attacker can exploit this issue to launch other applications withSYSTEM privileges. This may facilitate a complete compromise of the affectedcomputer.

AntiVir Personal Edition Classic version 7 is vulnerable; other versions mayalso be affected.


17. SafeDisc Secdrv.SYS Local Privilege Escalation Vulnerability
BugTraq ID: 17070
Remote: No
Date Published: 2006-03-11
Relevant URL: http://www.securityfocus.com/bid/17070
Summary:

SafeDisc is prone to a local privilege-escalation vulnerability. This issue isdue to the failure of the application to restrict access to the configurationparameters of an installed service.

This vulnerability allows local attackers to execute arbitrary malicious codewith SYSTEM-level privileges, facilitating the complete compromise of affectedcomputers.

18. Microsoft Office Routing Slip Processing Remote Buffer OverflowVulnerability

BugTraq ID: 17000
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17000
Summary:
Microsoft Office is prone to a remote buffer overflow vulnerability.

This vulnerability presents itself when a specially crafted document is handledby the application.

A successful attack can result in a remote compromise in the context of anaffected user.


III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. virtual memory protection using AWE
http://www.securityfocus.com/archive/88/428309

2. SecurityFocus Microsoft Newsletter #282
http://www.securityfocus.com/archive/88/427942

3. Moderation in moderation
http://www.securityfocus.com/archive/88/427941

4. EFS disaster!
http://www.securityfocus.com/archive/88/427915

5. trouble using SSL on WSUS
http://www.securityfocus.com/archive/88/427610

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------

To unsubscribe send an e-mail message to[EMAIL PROTECTED] from the subscribed address. Thecontents of the subject or message body do not matter. You will receive aconfirmation request message to which you will have to answer. Alternativelyyou can also visit http://www.securityfocus.com/newsletters and unsubscribe viathe website.

If your email address has changed email [EMAIL PROTECTED] and ask tobe manually removed.


V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: RedCannon


http://www.RedCannon.com/Kaplan321/




---------------------------------------------------------------------------
---------------------------------------------------------------------------

SecurityFocus Microsoft Newsletter #283

Reply via email to