SecurityFocus Microsoft Newsletter #308
----------------------------------------
This issue is Sponsored by: SPI Dynamics
ALERT: Test and assess your Web Applications- FREE WebInspect Trial
Hackers are exploiting web apps with attacks such as; SQL Injection,XSS and
Session Hijacking, all undetectable by Firewalls and IDS!
Are you vulnerable? Run a FREE Test of your Web Apps via our FREE 15 Day
Product Trial that delivers a comprehensive Vulnerability Report
https://download.spidynamics.com/1/ad/fwi.asp?Campaign_ID=70160000000Cb6B
------------------------------------------------------------------
I. FRONT AND CENTER
1. Disclosure survey
2. Analyzing malicious SSH login attempts
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer
Overflow Variant Vulnerability
2. Adobe ColdFusion Flash Remoting Gateway Denial of Service
Vulnerability
3. Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
4. CCHost Index.PHP SQL Injection Vulnerability
5. IBM Lotus Domino Web Access Session Hijacking Vulnerability
6. Paul Smith Computer Services VCAP Calendar Server Remote Denial of
Service Vulnerability
7. Paul Smith Computer Services VCAP Calendar Server Directory Traversal
Vulnerability
8. Microsoft Publisher Font Parsing Remote Code Execution Vulnerability
9. CMS.R. Index.PHP SQL Injection Vulnerability
10. RETIRED: Invision Power Board Index.PHP ST Parameter SQL Injection
Vulnerability
11. Microsoft Indexing Service Query Validation Cross-Site Scripting
Vulnerability
12. Multithreaded TFTP Server Remote Denial Of Service Vulnerability
13. Microsoft PGM Remote Buffer Overflow Vulnerability
14. RaidenHTTPD Check.PHP Remote File Include Vulnerability
15. IBM Director Multiple Remote Input Validation Vulnerabilities
16. ICQ MCRegEx__Search Remote Heap Buffer Overflow Vulnerability
17. Microsoft September Advance Notification Multiple Vulnerabilities
18. Avira AntiVir Personal Edition Classic Update.EXE Local Privilege
Escalation Vulnerability
19. Ipswitch IMail Server and Collaboration Suite SMTP Daemon Stack
Overflow Vulnerability
20. AuditWizard Log File Information Disclosure Vulnerability
21. J River Media Center Mediacenter.EXE Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. windump on browsing of shared folders across vpn in winxp
2. Don't Get Too Comfortable - Sept. '06 Patches
3. IP address assignment problem
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Disclosure survey
By Federico Biancuzzi
Federico Biancuzzi surveys statements from some of the world's largest software
companies about vulnerability disclosure, interviews two security companies who
pay for vulnerabilities, and then talks with three prominent, independent
researchers about their thoughts on choosing a responsible disclosure process.
In three parts.
http://www.securityfocus.com/columnists/415
2. Analyzing malicious SSH login attempts
By Christian Seifert
Malicious SSH login attempts have been appearing in some administrators' logs
for several years. This article takes a new look at the use of honeypots to
analyze malicious SSH login attempts and see what can be learned about this
activity. The article then offers recommendations on how to secure one's system
against these attacks.
http://www.securityfocus.com/infocus/1876
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer
Overflow Variant Vulnerability
BugTraq ID: 19987
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19987
Summary:
Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability.
A successful exploit may result in arbitrary code-execution in the context of
the user running the browser.
This issue was introduced with the rereleased patches of Microsoft advisory
MS06-042.
This issue is nearly identical to that discussed in BID 19667 (Microsoft
Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow
Vulnerability), but is a separate vulnerability.
2. Adobe ColdFusion Flash Remoting Gateway Denial of Service Vulnerability
BugTraq ID: 19984
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19984
Summary:
Adobe ColdFusion is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying
service to legitimate users.
3. Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 19980
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19980
Summary:
Adobe Flash Player is prone to multiple remote code-execution vulnerabilities
because it fails to properly sanitize user-supplied input.
An attacker could exploit this issue by creating a media file containing large,
dynamically generated string data and submitting it to be processed by the
media player.
These issues allow remote attackers to execute arbitrary machine code in the
context of the user running the application. Other attacks are also possible.
Adobe Flash Player 8.0.24.0 and prior, Adobe Flash Professional 8, Flash Basic,
Adobe Flash MX, and 2004Adobe Flex 1.5 are affected.
4. CCHost Index.PHP SQL Injection Vulnerability
BugTraq ID: 19978
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19978
Summary:
ccHost is prone to an SQL-injection vulnerability because it fails to properly
sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
5. IBM Lotus Domino Web Access Session Hijacking Vulnerability
BugTraq ID: 19966
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19966
Summary:
IBM Lotus Domino Web Access is prone to a session-hijacking vulnerability.
An attacker can exploit this issue to authenticate to the application as any
user provided that the user's authentication credentials are still on the
server. This may lead to other attacks.
Version 7.0.1 is vulnerable to this issue; other versions may also be affected.
6. Paul Smith Computer Services VCAP Calendar Server Remote Denial of Service
Vulnerability
BugTraq ID: 19959
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19959
Summary:
vCAP Calendar Server is prone to a remote denial-of-service vulnerability. This
issue is due to a design error.
An attacker can exploit this issue to crash the application, effectively
denying service.
vCAP Calendar Server 1.9.0 Beta and prior versions are vulnerable to this
issue.
7. Paul Smith Computer Services VCAP Calendar Server Directory Traversal
Vulnerability
BugTraq ID: 19958
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19958
Summary:
vCAP Calendar Server is prone to a directory-traversal vulnerability because it
fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the
vulnerable system in the context of the affected application. Information
obtained may aid in further attacks.
vCAP Calendar Server 1.9.0 Beta and prior versions are vulnerable to this
issue.
8. Microsoft Publisher Font Parsing Remote Code Execution Vulnerability
BugTraq ID: 19951
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19951
Summary:
Microsoft Publisher is prone to a code-execution vulnerability. This is due to
a flaw when handling malformed PUB files.
Successfully exploiting this issue allows attackers to corrupt process memory
and to execute arbitrary code in the context of targeted users.
9. CMS.R. Index.PHP SQL Injection Vulnerability
BugTraq ID: 19950
Remote: Yes
Date Published: 2006-09-11
Relevant URL: http://www.securityfocus.com/bid/19950
Summary:
CMS.R. is prone to an SQL-injection vulnerability because it fails to properly
sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
10. RETIRED: Invision Power Board Index.PHP ST Parameter SQL Injection
Vulnerability
BugTraq ID: 19946
Remote: Yes
Date Published: 2006-09-11
Relevant URL: http://www.securityfocus.com/bid/19946
Summary:
Invision Power Board is prone to an SQL-injection vulnerability because the
application fails to properly sanitize user-supplied input before using it in
an SQL query.
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
Update: The vendor states that this is not a vulnerability, because the
affected parameter is passed through PHP's 'intval' prior to its use. This BID
is therefore being retired.
11. Microsoft Indexing Service Query Validation Cross-Site Scripting
Vulnerability
BugTraq ID: 19927
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19927
Summary:
Microsoft Indexing Service is prone to a cross-site scripting vulnerability
because the application fails to properly sanitize user-supplied input before
it is rendered to other users.
An attacker may leverage this issue to have arbitrary script code execute in
the browser of an unsuspecting user, in the context of the victim's session.
This could allow the attacker to perform actions on behalf of the victim, such
as spoofing content or hijacking their session.
Microsoft Indexing Service is not installed or enabled by default. Even if
installed, it is not accessible from Internet Information Services (IIS). This
vulnerability affects only systems that have IIS and Indexing Service installed
and that have the Indexing Service configured to be accessible from IIS through
a web-based interface.
12. Multithreaded TFTP Server Remote Denial Of Service Vulnerability
BugTraq ID: 19925
Remote: Yes
Date Published: 2006-09-08
Relevant URL: http://www.securityfocus.com/bid/19925
Summary:
Multithreaded TFTP Server is prone to a remote denial-of-service vulnerability
because the application fails to handle a excessively long FTP command.
A remote attacker may exploit this issue to crash the affected service, denying
further service to legitimate users.
13. Microsoft PGM Remote Buffer Overflow Vulnerability
BugTraq ID: 19922
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19922
Summary:
Microsoft Pragmatic General Multicast (PGM) is prone to a remote
buffer-overflow vulnerability because the application fails to properly
bounds-check externally supplied data.
An attacker can exploit this issue to execute arbitrary code, facilitating a
complete system compromise.
This issue affects systems only when Microsoft Message Queuing (MSMQ) 3.0 is
installed; this is not the default.
14. RaidenHTTPD Check.PHP Remote File Include Vulnerability
BugTraq ID: 19918
Remote: Yes
Date Published: 2006-09-08
Relevant URL: http://www.securityfocus.com/bid/19918
Summary:
RaidenHTTPD is prone to a remote file-include vulnerability because it fails to
properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file
containing malicious PHP code and execute it in the context of the webserver
process. This may allow the attacker to compromise the application and the
underlying system; other attacks are also possible.
This issue affects version 1.1.49; other versions may also be vulnerable.
15. IBM Director Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 19915
Remote: Yes
Date Published: 2006-09-08
Relevant URL: http://www.securityfocus.com/bid/19915
Summary:
IBM Director is prone to multiple input-validation vulnerabilities.
An attacker can exploit these issues to cause denial-of-service conditions,
effectively denying service to legitimate users, and to access cookie and
authentication data that may aid in further attacks.
16. ICQ MCRegEx__Search Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 19897
Remote: Yes
Date Published: 2006-09-07
Relevant URL: http://www.securityfocus.com/bid/19897
Summary:
ICQ is prone to a remote heap buffer-overflow vulnerability.
This issue may allow attackers to execute arbitrary machine code within the
context of the vulnerable application or to cause a denial-of-service
condition.
This issue affects ICQ Pro 2003b Build #3916; other versions may also be
vulnerable.
17. Microsoft September Advance Notification Multiple Vulnerabilities
BugTraq ID: 19895
Remote: Yes
Date Published: 2006-09-07
Relevant URL: http://www.securityfocus.com/bid/19895
Summary:
Microsoft has released advance notification that the vendor will be releasing
three security bulletins for Windows and Office on September 12, 2006. The
highest severity rating for these issues is 'Critical'.
Further details about these issues are not currently available. Individual BIDs
will be created and this record will be removed when the security bulletins are
released.
18. Avira AntiVir Personal Edition Classic Update.EXE Local Privilege
Escalation Vulnerability
BugTraq ID: 19889
Remote: No
Date Published: 2006-09-07
Relevant URL: http://www.securityfocus.com/bid/19889
Summary:
AntiVir Personal Edition Classic is prone to a local privilege-escalation
vulnerability.
A local attacker can exploit this issue to execute arbitrary code with SYSTEM
privileges. This may facilitate a complete compromise of the affected computer.
AntiVir Personal Edition Classic version 7 is vulnerable; other versions may
also be affected.
19. Ipswitch IMail Server and Collaboration Suite SMTP Daemon Stack Overflow
Vulnerability
BugTraq ID: 19885
Remote: Yes
Date Published: 2006-09-07
Relevant URL: http://www.securityfocus.com/bid/19885
Summary:
Ipswitch IMail Server and Collaboration Suite are prone to a stack-overflow
vulnerability. Updates are available.
This vulnerability may lead to remote arbitrary code execution or
denial-of-service conditions.
Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail
Plus, and IMail Secure are vulnerable.
20. AuditWizard Log File Information Disclosure Vulnerability
BugTraq ID: 19860
Remote: No
Date Published: 2006-09-05
Relevant URL: http://www.securityfocus.com/bid/19860
Summary:
AuditWizard is prone to an information-disclosure vulnerability because the
application fails to properly ensure that sensitive information is not
disclosed to local users.
This issue allows local attackers to gain access to sensitive administrative
account-authentication credentials.
Reportedly, the vendor may have reissued version 6.3.2 with fixes that address
this issue; Symantec has not confirmed this.
21. J River Media Center Mediacenter.EXE Buffer Overflow Vulnerability
BugTraq ID: 19853
Remote: Yes
Date Published: 2006-09-05
Relevant URL: http://www.securityfocus.com/bid/19853
Summary:
Media Center and various Media Center plugins are prone to a buffer-overflow
vulnerability.
This issue occurs because the application fails to bounds-check data before
copying it into a finite-sized buffer.
This issue allows remote attackers to cause the application to crash, denying
service to the legitimate user. Arbitrary code execution may be possible, but
this has not been confirmed.
Version 11.0.309 is vulnerable to this issue; other versions may also be
affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. windump on browsing of shared folders across vpn in winxp
http://www.securityfocus.com/archive/88/446048
2. Don't Get Too Comfortable - Sept. '06 Patches
http://www.securityfocus.com/archive/88/445921
3. IP address assignment problem
http://www.securityfocus.com/archive/88/444349
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics
ALERT: Test and assess your Web Applications- FREE WebInspect Trial
Hackers are exploiting web apps with attacks such as; SQL Injection,XSS and
Session Hijacking, all undetectable by Firewalls and IDS!
Are you vulnerable? Run a FREE Test of your Web Apps via our FREE 15 Day
Product Trial that delivers a comprehensive Vulnerability Report
https://download.spidynamics.com/1/ad/fwi.asp?Campaign_ID=70160000000Cb6B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
