SecurityFocus Microsoft Newsletter #292
----------------------------------------
This issue is sponsored by: Lancope
"Revolutionize the way you view your network security"
How do you protect what you can't see? Stop protecting while blind. Gain
network visibility now. Learn how Cisco NetFlow gives visibility and enables
cost-effective security across distributed enterprise networks. StealthWatch,
the veteran Network Behavior Analysis (NBA) and Response solution, leverages
Cisco NetFlow to provide scalable, internal network security.
ALERT: Download FREE White Paper "Network Behavior Analysis (NBA) in the
Enterprise."
http://www.lancope.com/resource/
------------------------------------------------------------------
I. FRONT AND CENTER
1. Protection from prying NSA eyes
2. Malicious cryptography, part two
II. MICROSOFT VULNERABILITY SUMMARY
1. BitZipper Remote Directory Traversal Vulnerability
2. Sun Java Runtime Environment Nested Array Objects Denial Of Service
Vulnerability
3. Invision Power Board Multiple Arbitrary PHP Code Execution
Vulnerabilities
4. Microsoft Word Unspecified Remote Code Execution Vulnerability
5. Novell eDirectory Server Long URI iMonitor Buffer Overflow
Vulnerability
6. Ipswitch WhatsUp Professional 2006 Authentication Bypass
Vulnerability
7. MP3Info Unspecified Buffer Overflow Vulnerability
8. Hitachi EUR Unspecified SQL Injection Vulnerability
9. Microsoft Windows Impersonation Privilege Escalation Weakness
10. Caucho Resin Viewfile Information Disclosure Vulnerability
11. Pragma FortressSSH SSH_MSG_KEXINIT Remote Buffer Overflow
Vulnerability
12. Raydium Multiple Remote Buffer Overflow and Denial Of Service
Vulnerabilities
13. FileZilla Client Unspecified Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #291
2. Restricting Remote Registry Access
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Protection from prying NSA eyes
By Mark Rasch
From the U.S. Fourth Amendment, the Stored Communications Act and U.S. wiretap
laws to the Pen-register statute, Mark Rasch looks at legal protections
available to the telecommunication companies and individual Americans in the
wake of the NSA's massive spying program.
http://www.securityfocus.com/columnists/403
2. Malicious cryptography, part two
By Frederic Raynal
This two-part article series looks at how cryptography is a double-edged sword:
it is used to make us safer, but it is also being used for malicious purposes
within sophisticated viruses. Part two continues the discussion of armored
viruses and then looks at a Bradley worm - a worm that uses cryptography in
such a way that it cannot be analyzed. Then it is shown how Skype can be used
for malicious purposes, with a crypto-virus that is very difficult to detect.
http://www.securityfocus.com/infocus/1866
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. BitZipper Remote Directory Traversal Vulnerability
BugTraq ID: 18065
Remote: Yes
Date Published: 2006-05-22
Relevant URL: http://www.securityfocus.com/bid/18065
Summary:
Reportedly, an attacker can carry out attacks similar to directory traversals.
These issues present themselves when the application processes malicious
archives.
A successful attack can allow the attacker to place potentially malicious files
and overwrite files on a computer in the context of the user running the
affected application. Successful exploits may aid in further attacks.
2. Sun Java Runtime Environment Nested Array Objects Denial Of Service
Vulnerability
BugTraq ID: 18058
Remote: Yes
Date Published: 2006-05-22
Relevant URL: http://www.securityfocus.com/bid/18058
Summary:
The Sun Java Runtime Environment is vulnerable to a denial-of-service
vulnerability. This issue is due to the software's failure to handle
exceptional conditions.
This issue is reported to affect Java Runtime Environment versions up to
1.4.2_11 and 1.5.0_06. This issue will crash Internet browsers running an
affected Java plug-in.
An attacker may exploit this issue to cause a vulnerable application -- as well
as all processes spawned from the application -- to crash, denying service to
legitimate users. Due to the scope of the crash, data loss may occur.
3. Invision Power Board Multiple Arbitrary PHP Code Execution Vulnerabilities
BugTraq ID: 18040
Remote: Yes
Date Published: 2006-05-19
Relevant URL: http://www.securityfocus.com/bid/18040
Summary:
Invision Power Board is prone to multiple remote code-execution
vulnerabilities. These issues may allow an attacker to gain unauthorized access
to a vulnerable computer by executing arbitrary PHP code.
These issues affect versions 2.1.6 and 2.0.4; earlier versions are also
vulnerable.
4. Microsoft Word Unspecified Remote Code Execution Vulnerability
BugTraq ID: 18037
Remote: Yes
Date Published: 2006-05-19
Relevant URL: http://www.securityfocus.com/bid/18037
Summary:
Microsoft Word is prone to an unspecified remote code-execution vulnerability.
Reports indicate that this issue can allow remote attackers to execute
arbitrary code on a vulnerable computer by supplying a malicious Word document
to a user. This issue is being actively exploited in the wild to place a
backdoor named Backdoor.Ginwui on targeted computers through a trojan named
Trojan.Mdropper.H.
Due to a lack of details, further information is not available at the moment.
This BID will be updated as more details become available.
5. Novell eDirectory Server Long URI iMonitor Buffer Overflow Vulnerability
BugTraq ID: 18026
Remote: Yes
Date Published: 2006-05-18
Relevant URL: http://www.securityfocus.com/bid/18026
Summary:
The Novell eDirectory Server iMonitor is prone to a buffer-overflow
vulnerability. Successfully exploiting this issue could allow arbitrary code
execution with administrative privileges.
iMonitor version 2.4, which is included with eDirectory version 8.8, is
vulnerable to this issue; other versions may also be affected.
6. Ipswitch WhatsUp Professional 2006 Authentication Bypass Vulnerability
BugTraq ID: 18019
Remote: Yes
Date Published: 2006-05-17
Relevant URL: http://www.securityfocus.com/bid/18019
Summary:
Ipswitch WhatsUp Professional 2006 is susceptible to a remote
authentication-bypass vulnerability.
This issue allows remote attackers to gain administrative access to the
web-based administrative interface of the application. This will aid them in
further network attacks.
7. MP3Info Unspecified Buffer Overflow Vulnerability
BugTraq ID: 18016
Remote: Yes
Date Published: 2006-05-17
Relevant URL: http://www.securityfocus.com/bid/18016
Summary:
MP3Info is prone to a buffer-overflow vulnerability. The application fails to
properly bounds-check user-supplied data before copying it into an
insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the context of
users running the affected application.
Version 0.8.4 of MP3Info is vulnerable to this issue; other versions may also
be affected.
8. Hitachi EUR Unspecified SQL Injection Vulnerability
BugTraq ID: 18015
Remote: Yes
Date Published: 2006-05-17
Relevant URL: http://www.securityfocus.com/bid/18015
Summary:
Hitachi EUR is prone to an SQL-injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before
using it in an SQL query.
A successful attack could allow an attacker to compromise the application,
access or modify data, gain administrative access to the application, or
exploit vulnerabilities in the underlying database implementation.
9. Microsoft Windows Impersonation Privilege Escalation Weakness
BugTraq ID: 18008
Remote: Yes
Date Published: 2006-05-16
Relevant URL: http://www.securityfocus.com/bid/18008
Summary:
Microsoft Windows is susceptible to a weakness that may allow attackers to gain
elevated privileges. This issue is due to the ability of services to
impersonate clients after they have authenticated.
Microsoft encourages the use of the 'Local Service' and 'Network Service'
accounts to mitigate the consequences of exploiting vulnerabilities in
services. Attackers exploiting latent vulnerabilities in services running with
these low-privilege accounts may take advantage of this weakness to gain
elevated privileges.
Under certain circumstances, this issue may aid attackers who can exploit
latent vulnerabilities in low-privileged services in gaining elevated
privileges, allowing them to fully compromise targeted computers.
This issue is similar to the one documented in BID 8276 (Microsoft SQL Server /
MSDE Named Pipes Privilege Escalation
Vulnerability).LoadDocument.aspx?guid=4E4FB9BA810E48B186E99FAFC7E3462C
10. Caucho Resin Viewfile Information Disclosure Vulnerability
BugTraq ID: 18007
Remote: Yes
Date Published: 2006-05-16
Relevant URL: http://www.securityfocus.com/bid/18007
Summary:
Resin is prone to an information-disclosure vulnerability. This issue is due to
a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve the contents of
arbitrary files from the vulnerable system in the context of the affected
application. Information obtained may aid attackers in further attacks.
11. Pragma FortressSSH SSH_MSG_KEXINIT Remote Buffer Overflow Vulnerability
BugTraq ID: 17991
Remote: Yes
Date Published: 2006-05-16
Relevant URL: http://www.securityfocus.com/bid/17991
Summary:
A remote buffer-overflow vulnerability exits in FortressSSH.
This issue may permit remote code execution in vulnerable servers. A complete
compromise leading to SYSTEM level access may be possible.
FortressSSH 4.0.7.20 is reported vulnerable. Other versions may be affected as
well.
12. Raydium Multiple Remote Buffer Overflow and Denial Of Service
Vulnerabilities
BugTraq ID: 17986
Remote: Yes
Date Published: 2006-05-15
Relevant URL: http://www.securityfocus.com/bid/17986
Summary:
Raydium is susceptible to multiple remote vulnerabilities:
- Multiple buffer-overflow vulnerabilities in both client and server instances.
- A format-string vulnerability in both client and server instances.
- A NULL-pointer dereference denial-of-service vulnerability in both client and
server instances.
- A buffer-overflow vulnerability in client instances.
These vulnerabilities allow remote attackers to execute arbitrary machine code
in the context of affected client and server instances of games that use the
affected game engine software. Attackers may also crash vulnerable instances,
denying service to legitimate users.
13. FileZilla Client Unspecified Remote Buffer Overflow Vulnerability
BugTraq ID: 17972
Remote: Yes
Date Published: 2006-05-15
Relevant URL: http://www.securityfocus.com/bid/17972
Summary:
FileZilla client is prone to a remote buffer-overflow vulnerability. This issue
is due to the application's failure to properly bounds-check user-supplied
input before copying it to an insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the
context of the affected application. Failed exploit attempts will likely crash
the application, denying further service to legitimate users.
FileZilla versions prior to 2.2.23 are vulnerable to this issue.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #291
http://www.securityfocus.com/archive/88/434273
2. Restricting Remote Registry Access
http://www.securityfocus.com/archive/88/433671
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by: Lancope
"Revolutionize the way you view your network security"
How do you protect what you can't see? Stop protecting while blind. Gain
network visibility now. Learn how Cisco NetFlow gives visibility and enables
cost-effective security across distributed enterprise networks. StealthWatch,
the veteran Network Behavior Analysis (NBA) and Response solution, leverages
Cisco NetFlow to provide scalable, internal network security.
ALERT: Download FREE White Paper "Network Behavior Analysis (NBA) in the
Enterprise."
http://www.lancope.com/resource/
---------------------------------------------------------------------------
---------------------------------------------------------------------------
