SecurityFocus Microsoft Newsletter #310

[mfossi]

SecurityFocus Microsoft Newsletter #310
----------------------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - 
White Paper Blind SQL Injection can deliver total control of your server to a 
hacker giving them the ability to read, write and manipulate all data stored in 
your backend systems! Download this *FREE* white paper from SPI Dynamics for a 
complete guide to protection! 
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000CbYU

------------------------------------------------------------------
I.   FRONT AND CENTER
      1. Liar, Liar, and pretexting
      2. Beginner's guide to wireless auditing
II.  MICROSOFT VULNERABILITY SUMMARY
      1. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
      2. CPanel Unspecified Remote Privilege Escalation Vulnerability
      3. Apple QuickTime Plug-In Arbitrary Script Execution Weakness
      4. ProSysInfo TFTPDWIN Remote Buffer Overflow Vulnerability
      5. RSSReader RSS Feeds Atom Feed Multiple HTML Injection Vulnerabilities
      6. SharpReader Atom Feed Script HTML Injection Vulnerability
      7. Ipswitch WS_FTP PASV Response Remote Buffer Overflow Vulnerability
      8. NewsGator FeedDemon Active Script Code-Execution Vulnerability
      9. Microsoft Internet Explorer Vector Markup Language Buffer Overflow 
Vulnerability
      10. MailEnable SMTP SPF Remote Denial of Service Vulnerability
      11. Retired: Microsoft PowerPoint Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
      1. SecurityFocus Microsoft Newsletter #309
      2. Microsoft Security Clamp
      3. Storing Images in SQL Server (2005)
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Liar, Liar, and pretexting
By Mark Rasch
Mark Rasch details the legality of pretexting by putting it in context with how 
it used, comparing it with legal forms of lying, and by looking at previous 
court cases involving pretexting in the United States. Hewlett Packard's use of 
pretexting also brings up potential charges of criminal fraud, violations of 
consumer protection laws, issues of deception, and the use of spyware. Together 
these issues make for a very interesting legal situation at HP.
http://www.securityfocus.com/columnists/417

2. Beginner's guide to wireless auditing
By David Maynor
This article is designed as a beginner's guide to fuzzing wireless device 
drivers, starting with how to build an auditing environment, how to construct 
fuzzing tools and finally, how to interpret the results. This auditing 
environment can be used for WiFi as well as Bluetooth and infrared devices.
http://www.securityfocus.com/infocus/1877


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Date Published: 2006-09-26
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is susceptible to a remote denial-of-service vulnerability. This issue 
is due to a failure of the application to properly handle incoming duplicate 
blocks.

This issue may be exploited by remote attackers to consume excessive CPU 
resources, potentially denying service to legitimate users.

This issue only occurs when OpenSSH is configured to accept SSH version one 
traffic.

2. CPanel Unspecified Remote Privilege Escalation Vulnerability
BugTraq ID: 20163
Remote: Yes
Date Published: 2006-09-24
Relevant URL: http://www.securityfocus.com/bid/20163
Summary:
cPanel is prone to an unspecified remote privilege-escalation vulnerability.

A remote attacker can exploit this issue to gain administrative access to the 
affected application. This may lead to other attacks.

3. Apple QuickTime Plug-In Arbitrary Script Execution Weakness
BugTraq ID: 20138
Remote: Yes
Date Published: 2006-09-21
Relevant URL: http://www.securityfocus.com/bid/20138
Summary:
Apple QuickTime Plug-In is prone to an arbitrary-script-execution weakness when 
executing QuickTime Media Link files (.qtl).

An attacker can exploit this issue to execute arbitrary script code in the 
context of the affected application and load local content in a user's browser. 
Although this weakness doesn't pose any direct security threat by itself, an 
attacker may use it to aid in further attacks.

Version 7.1.3 is vulnerable; other versions may also be affected.

4. ProSysInfo TFTPDWIN Remote Buffer Overflow Vulnerability
BugTraq ID: 20131
Remote: Yes
Date Published: 2006-09-21
Relevant URL: http://www.securityfocus.com/bid/20131
Summary:
TFTPDWIN server is prone to a remote buffer-overflow vulnerability because the 
application fails to properly bounds-check user-supplied input before copying 
it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary code in the context of 
the TFTP server process.

Version 0.4.2 of the affected software is vulnerable; other versions may be 
affected as well.

5. RSSReader RSS Feeds Atom Feed Multiple HTML Injection Vulnerabilities
BugTraq ID: 20129
Remote: Yes
Date Published: 2006-09-20
Relevant URL: http://www.securityfocus.com/bid/20129
Summary:
RSSReader is prone to multiple HTML-injection vulnerabilities because the 
application fails to properly sanitize user-supplied input before using it in 
dynamically generated content. 
Attacker-supplied HTML and script code would run in the context of the affected 
browser, potentially allowing an attacker to steal cookie-based authentication 
credentials or to control how the site is rendered to the user. Other attacks 
are also possible.

6. SharpReader Atom Feed Script HTML Injection Vulnerability
BugTraq ID: 20128
Remote: Yes
Date Published: 2006-09-20
Relevant URL: http://www.securityfocus.com/bid/20128
Summary:
SharpReader is prone to an HTML-injection vulnerability because the application 
fails to properly sanitize user-supplied input before using it in dynamically 
generated content. 
Attacker-supplied HTML and script code would run in the context of the My 
Computer folder, potentially allowing an attacker to steal cookie-based 
authentication credentials or to control how the site is rendered to the user. 
Other attacks are also possible.

7. Ipswitch WS_FTP PASV Response Remote Buffer Overflow Vulnerability
BugTraq ID: 20121
Remote: Yes
Date Published: 2006-09-20
Relevant URL: http://www.securityfocus.com/bid/20121
Summary:
A remote buffer-overflow vulnerability is reported in the Ipswitch WS_FTP 
client. This issue occurs because the application fails to properly validate 
the length of user-supplied strings prior to copying them into finite process 
buffers. 
An attacker may exploit this issue to cause the affected client to crash. 
Execution of arbitrary code in the context of the FTP client process may also 
be possible.

Version 5.08 of the affected software is vulnerable; other versions may be 
affected as well.

8. NewsGator FeedDemon Active Script Code-Execution Vulnerability
BugTraq ID: 20114
Remote: Yes
Date Published: 2006-09-19
Relevant URL: http://www.securityfocus.com/bid/20114
Summary:
NewsGator FeedDemon is prone to an active script code-execution vulnerability 
because it fails to sufficiently sanitize Atom feed data prior to rendering the 
feed.

Successful exploits may result in active scripting content being executed in 
the context of the application. Note that the application uses the 'Internet 
Zone' to render the remote HTML content, lessening the impact of this issue.

9. Microsoft Internet Explorer Vector Markup Language Buffer Overflow 
Vulnerability
BugTraq ID: 20096
Remote: Yes
Date Published: 2006-09-19
Relevant URL: http://www.securityfocus.com/bid/20096
Summary:
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability. 
The vulnerability arises because of an error in the processing of Vector Markup 
Language documents.

An attacker can exploit this issue to execute arbitrary code within the context 
of the affected application. The method currently used to exploit this issue 
will typically terminate Internet Explorer.

This vulnerability is currently being exploited in the wild as 
'Trojan.Vimalov'.

This vulnerability affects Internet Explorer version 6.0 on a fully patched 
system. Previous versions may also be affected.

Update: Microsoft Outlook 2003 is also an attack vector for this issue, since 
it uses Internet Explorer to render HTML email. Reportedly, attacks are 
possible even when active scripting has been disabled for email viewing.

10. MailEnable SMTP SPF Remote Denial of Service Vulnerability
BugTraq ID: 20091
Remote: Yes
Date Published: 2006-09-18
Relevant URL: http://www.securityfocus.com/bid/20091
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.

This issue allows remote attackers to crash the application, denying further 
service to legitimate users.

11. Retired: Microsoft PowerPoint Remote Code Execution Vulnerability
BugTraq ID: 20059
Remote: Yes
Date Published: 2006-09-16
Relevant URL: http://www.securityfocus.com/bid/20059
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.

This issue can allow remote attackers to execute arbitrary code on a vulnerable 
computer by supplying a malicious PowerPoint document to a user. This issue is 
being actively exploited in the wild as Trojan.PPDropper.E.

This issue is a duplicate of that discussed in BID 17000 (Microsoft Office 
Routing Slip Processing Remote Buffer Overflow Vulnerability) and is therefore 
being retired.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #309
http://www.securityfocus.com/archive/88/446468

2. Microsoft Security Clamp
http://www.securityfocus.com/archive/88/446467

3. Storing Images in SQL Server (2005)
http://www.securityfocus.com/archive/88/446413

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
[EMAIL PROTECTED] from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email [EMAIL PROTECTED] and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - 
White Paper Blind SQL Injection can deliver total control of your server to a 
hacker giving them the ability to read, write and manipulate all data stored in 
your backend systems! Download this *FREE* white paper from SPI Dynamics for a 
complete guide to protection! 
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000CbYU



---------------------------------------------------------------------------
---------------------------------------------------------------------------