SecurityFocus Microsoft Newsletter #294
----------------------------------------
This issue is sponsored by: SPI Dynamics
EASY TARGETS: Hacking Web Applications- A Step-by-Step Attack Analysis
The speed with which Web Applications are developed make them prime targets for
attackers, often these applications were developed so quickly that they are not
coded properly or subjected to any security testing. Hackers know this and use
it as their weapon. Download *FREE* white paper from SPI Dynamics for a
complete guide to protection!
https://download.spidynamics.com/1/ad/web.asp?cs1_ContSupRef=70130000000CRxF
------------------------------------------------------------------
I. FRONT AND CENTER
1. Browsers, phishing, and user interface design
2. Standards in desktop firewall policies
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft June Advance Notification Multiple Vulnerabilities
2. Microsoft NetMeeting Remote Memory Corruption Denial of Service
Vulnerability
3. Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability
4. TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability
5. TIBCO Hawk Configuration Interface Local Buffer Overflow Vulnerability
6. GD Graphics Library Remote Denial of Service Vulnerability
7. Microsoft Internet Explorer Frameset Denial of Service Vulnerability
8. Drupal Multiple Input Validation Vulnerabilities
9. Avast! Antivirus CHM Unpacker Unspecified Vulnerability
10. ASPNuke Article.ASP SQL Injection Vulnerability
11. F-Secure Multiple Products Web Console Buffer Overflow Vulnerability
12. Snort URIContent Rules Detection Evasion Vulnerability
13. Microsoft Internet Explorer MHTML URI Buffer Overflow Vulnerability
14. Etype Eserv Multiple Input Validation Vulnerabilities
15. Multiple Browser Marquee Denial of Service Vulnerability
16. Eitsop My Web Server Remote Denial of Service Vulnerability
17. Alt-N MDaemon Remote Pre-Authentication IMAP Buffer Overflow
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Blackhat Vegas 2006 ISA Training Announcement
2. Windows XP Services Best Practice
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Browsers, phishing, and user interface design
By Scott Granneman
Phishing works for so many reasons, we need to rethink browser and user
interface design to provide some real-life security to the average user who
doesn't see or understand the security cues.
http://www.securityfocus.com/columnists/405
2. Standards in desktop firewall policies
By Phil Kostenbader and Bob Donnelly
The idea of a common desktop firewall policy in any size organization is a very
good thing. It makes responses to external or internal situations such as virus
outbreaks or network-oriented propagation of viruses more predictable. In
addition to providing a level of protection against port scanning, attacks or
software vulnerabilities, it can provide the organizations local security team
a baseline or starting point in dealing with such events.
http://www.securityfocus.com/infocus/1867
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft June Advance Notification Multiple Vulnerabilities
BugTraq ID: 18330
Remote: Yes
Date Published: 2006-06-08
Relevant URL: http://www.securityfocus.com/bid/18330
Summary:
Microsoft has released advance notification that they will be releasing twelve
security bulletins for Windows on June 13, 2006. The highest severity rating
for these issues is 'Critical'.
Further details about these issues are not currently available. Individual BIDs
will be created and this record will be removed when the security bulletins are
released.
2. Microsoft NetMeeting Remote Memory Corruption Denial of Service
Vulnerability
BugTraq ID: 18311
Remote: Yes
Date Published: 2006-06-07
Relevant URL: http://www.securityfocus.com/bid/18311
Summary:
Microsoft NetMeeting is prone to a remote memory-corruption vulnerability. This
issue is due to the application's failure to properly handle malformed network
traffic.
This issue allows remote attackers to crash affected applications or to consume
excessive CPU resources. Due to the nature of this issue, attackers might be
able to exploit this issue to execute arbitrary machine code in the context of
the vulnerable application, but this has not been confirmed.
Microsoft NetMeeting version 3.01 is vulnerable to this issue; other versions
may also be affected.
3. Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability
BugTraq ID: 18308
Remote: Yes
Date Published: 2006-06-06
Relevant URL: http://www.securityfocus.com/bid/18308
Summary:
Multiple web browsers are prone to a JavaScript key-filtering vulnerability.
This issue is due to the failure of the browsers to securely handle keystroke
input from users.
This issue is demonstrated to allow attackers to divert keystrokes from one
input form in a webpage to a hidden file-upload dialog in the same page. This
may allow remote attackers to initiate file uploads from unsuspecting users.
Other attacks may also be possible.
Exploiting this issue requires that users manually type the full path of files
that attackers wish to download. This may require substantial typing from
targeted users, so attackers will likely use keyboard-based games, blogs, or
other similar pages to entice users to enter the required keyboard input to
exploit this issue.
Reportedly, Mozilla Suite, Mozilla Firefox, Mozilla SeaMonkey, Netscape
Navigator, and Microsoft Internet Explorer are all vulnerable to this issue.
4. TIBCO Rendezvous HTTP Interface Remote Buffer Overflow Vulnerability
BugTraq ID: 18301
Remote: Yes
Date Published: 2006-06-06
Relevant URL: http://www.securityfocus.com/bid/18301
Summary:
TIBCO Rendezvous is prone to a remote buffer-overflow vulnerability. This issue
is due to the application's failure to properly check boundaries of
user-supplied command-line argument data before copying it to an insufficiently
sized memory buffer.
Attackers may exploit this issue to execute arbitrary machine code in the
context of the affected application, facilitating the remote compromise of
affected computers. The affected component may be installed as a service with
administrative privileges on Microsoft Windows computers.
TIBCO Hawk versions prior to 4.6.1, TIBCO Runtime Agent versions prior to 5.4,
and TIBCO Rendezvous versions prior to 7.5.1 are vulnerable to this issue.
5. TIBCO Hawk Configuration Interface Local Buffer Overflow Vulnerability
BugTraq ID: 18300
Remote: No
Date Published: 2006-06-06
Relevant URL: http://www.securityfocus.com/bid/18300
Summary:
TIBCO Hawk is susceptible to a local buffer-overflow vulnerability. This issue
is due to the application's failure to properly check boundaries of
user-supplied command-line argument data before copying it to an insufficiently
sized memory buffer.
Attackers may exploit this issue to execute arbitrary machine code with
elevated privileges. This is a vulnerability only if the affected software is
installed with setuid-privileges on UNIX computers or if it is installed as a
service running with administrative privileges on Microsoft Windows computers.
TIBCO Hawk versions prior to 4.6.1 and TIBCO Runtime Agent versions prior to
5.4 are vulnerable to this issue.
6. GD Graphics Library Remote Denial of Service Vulnerability
BugTraq ID: 18294
Remote: Yes
Date Published: 2006-06-06
Relevant URL: http://www.securityfocus.com/bid/18294
Summary:
The GD Graphics Library is prone to a denial-of-service vulnerability.
Attackers can trigger an infinite-loop condition when the library tries to
handle malformed image files.
This issue allows attackers to consume excessive CPU resources on computers
that use the affected software. This may deny service to legitimate users.
GD version 2.0.33 is vulnerable to this issue; other versions may also be
affected.
7. Microsoft Internet Explorer Frameset Denial of Service Vulnerability
BugTraq ID: 18277
Remote: Yes
Date Published: 2006-06-05
Relevant URL: http://www.securityfocus.com/bid/18277
Summary:
Microsoft Internet Explorer is affected by a denial-of-service vulnerability.
This issue arises because the application fails to handle exceptional
conditions in a proper manner.
An attacker may exploit this issue by enticing a user to visit a malicious site
and then to click anywhere on the page. This results in a denial-of-service
condition in the application.
Internet Explorer version 6 is vulnerable to this issue; earlier versions may
also be affected.
8. Drupal Multiple Input Validation Vulnerabilities
BugTraq ID: 18245
Remote: Yes
Date Published: 2006-06-02
Relevant URL: http://www.securityfocus.com/bid/18245
Summary:
Drupal is prone to multiple input-validation vulnerabilities. The issues
include the execution of arbitrary files, cross-site scripting, and
SQL-injection vulnerabilities. These issues are due to a failure in the
application to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to
compromise the application, access or modify data, steal cookie-based
authentication credentials, or even exploit vulnerabilities in the underlying
database implementation. Other attacks are also possible.
9. Avast! Antivirus CHM Unpacker Unspecified Vulnerability
BugTraq ID: 18238
Remote: Yes
Date Published: 2006-06-02
Relevant URL: http://www.securityfocus.com/bid/18238
Summary:
Avast! Antivirus is prone to an unspecified vulnerability. This issue affects
the CHM unpacker.
This issue affects versions 4.7.827 and earlier.
10. ASPNuke Article.ASP SQL Injection Vulnerability
BugTraq ID: 18215
Remote: Yes
Date Published: 2006-06-01
Relevant URL: http://www.securityfocus.com/bid/18215
Summary:
ASPNuke is prone to an SQL-injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before
using it in an SQL query.
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
11. F-Secure Multiple Products Web Console Buffer Overflow Vulnerability
BugTraq ID: 18201
Remote: Yes
Date Published: 2006-06-01
Relevant URL: http://www.securityfocus.com/bid/18201
Summary:
F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper are
vulnerable to a buffer-overflow vulnerability.
The vulnerability presents itself in the application's Web Console. A
successful attack may lead to a denial-of-service condition or to the execution
of arbitrary code in the context of the application.
Note that by default, the Web Console is configured to accept connections from
localhost only. A remote threat would arise only if the application has been
configured to be remotely accessible. A local attacker may potentially exploit
this issue to gain elevated privileges as well.
12. Snort URIContent Rules Detection Evasion Vulnerability
BugTraq ID: 18200
Remote: Yes
Date Published: 2006-05-31
Relevant URL: http://www.securityfocus.com/bid/18200
Summary:
Snort is reportedly prone to a vulnerability that may allow malicious packets
to bypass detection.
A successful attack can allow attackers to bypass intrusion detection and to
carry out attacks against computers protected by Snort.
This vulnerability affects Snort 2.4.4. Other versions may be vulnerable as
well.
13. Microsoft Internet Explorer MHTML URI Buffer Overflow Vulnerability
BugTraq ID: 18198
Remote: Yes
Date Published: 2006-05-31
Relevant URL: http://www.securityfocus.com/bid/18198
Summary:
Microsoft Internet Explorer is susceptible to a remote buffer-overflow
vulnerability in 'INETCOMM.DLL'. The application fails to properly bounds-check
user-supplied input data before copying it into an insufficiently sized memory
buffer.
Remote attackers may exploit this issue to crash applications that use the
affected library. This includes Internet Explorer, Windows Explorer, and
possibly others. Remote code execution may also be possible, but this has not
been confirmed.
14. Etype Eserv Multiple Input Validation Vulnerabilities
BugTraq ID: 18179
Remote: Yes
Date Published: 2006-05-31
Relevant URL: http://www.securityfocus.com/bid/18179
Summary:
Eserv is prone to multiple input-validation vulnerabilities. These issues
include directory-traversal and code-disclosure vulnerabilities.
An attacker can exploit these issues to read other users' email messages,
create and rename directories, delete arbitrary empty directories, and access
the source code of arbitrary script files.
These issues affect version 3.25; other versions may also be vulnerable.
15. Multiple Browser Marquee Denial of Service Vulnerability
BugTraq ID: 18165
Remote: Yes
Date Published: 2006-05-30
Relevant URL: http://www.securityfocus.com/bid/18165
Summary:
Multiple browsers are prone to a denial-of-service vulnerability when parsing
certain HTML content.
Successfully exploiting this issue allows attackers to consume excessive CPU
resources in affected browsers, denying service to legitimate users.
Mozilla Firefox version 1.5.0.3 is vulnerable to this issue; other versions and
products may also be affected.
Internet Explorer 6.0 on Microsoft Windows XP is reported vulnerable to this
issue; other versions may also be affected.
16. Eitsop My Web Server Remote Denial of Service Vulnerability
BugTraq ID: 18144
Remote: Yes
Date Published: 2006-05-29
Relevant URL: http://www.securityfocus.com/bid/18144
Summary:
My Web Server is prone to a remote denial-of-service vulnerability. This issue
is due to a failure in the application to handle exceptional conditions.
This vulnerability allows remote attackers to crash the server, denying further
service to legitimate users.
This issue affects version 1.0; other versions may also be vulnerable.
17. Alt-N MDaemon Remote Pre-Authentication IMAP Buffer Overflow Vulnerability
BugTraq ID: 18129
Remote: Yes
Date Published: 2006-05-29
Relevant URL: http://www.securityfocus.com/bid/18129
Summary:
Alt-N MDaemon IMAP Server is susceptible to a remote buffer-overflow
vulnerability. This issue is due to the application's failure to properly
bounds-check user-supplied input before copying it to an insufficiently sized
memory buffer.
This issue allows remote, unauthenticated attackers to execute arbitrary
machine code in the context of affected servers. This facilitates the complete
compromise of affected computers.
Specific information regarding affected versions is not currently available.
This BID will be updated as further information is disclosed.
UPDATE: The reporter of this issue states that this issue may not be
exploitable. This BID may be retired in the future.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Blackhat Vegas 2006 ISA Training Announcement
http://www.securityfocus.com/archive/88/436042
2. Windows XP Services Best Practice
http://www.securityfocus.com/archive/88/435926
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by: SPI Dynamics
EASY TARGETS: Hacking Web Applications- A Step-by-Step Attack Analysis
The speed with which Web Applications are developed make them prime targets for
attackers, often these applications were developed so quickly that they are not
coded properly or subjected to any security testing. Hackers know this and use
it as their weapon. Download *FREE* white paper from SPI Dynamics for a
complete guide to protection!
https://download.spidynamics.com/1/ad/web.asp?cs1_ContSupRef=70130000000CRxF
---------------------------------------------------------------------------
---------------------------------------------------------------------------
