SecurityFocus Microsoft Newsletter #311
----------------------------------------
This Issue is Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the
development of any web application. What methodology should be followed? What
tools can accelerate the assessment process? See for yourself. Download this
Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YSf
------------------------------------------------------------------
I. FRONT AND CENTER
1. Beginner's guide to wireless auditing
II. MICROSOFT VULNERABILITY SUMMARY
1. Sunbelt Kerio Personal Firewall Multiple Local Denial of Service
Vulnerabilities
2. ProRat Remote Login Authentication Bypass Vulnerability
3. MailEnable SMTP NTLM Authentication Multiple Vulnerabilities
4. Trend Micro OfficeScan ATXCONSOLE.OCX ActiveX Control Format String
Vulnerability
5. Yblog Multiple Cross-Site Scripting Vulnerabilities
6. PHProjekt Include Path Multiple Remote File Include Vulnerabilities
7. NaviCOPA Web Server Remote Buffer Overflow Vulnerability
8. Portable OpenSSH GSSAPI Authentication Abort Information Disclosure
Weakness
9. Zen Cart Multiple Cross-Site Scripting Vulnerabilities
10. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
11. Microsoft PowerPoint Unspecified Remote Code Execution Vulnerability
12. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
13. CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Allow regular user to unlock screensaver locked computer
2. a question of usb token
3. How can this happen with Windows Vista?
4. Security Policy Anomaly
5. SecurityFocus Microsoft Newsletter #310
6. Microsoft Security Clamp
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Beginner's guide to wireless auditing
By David Maynor
This article is designed as a beginner's guide to fuzzing wireless device
drivers, starting with how to build an auditing environment, how to construct
fuzzing tools and finally, how to interpret the results. This auditing
environment can be used for WiFi as well as Bluetooth and infrared devices.
http://www.securityfocus.com/infocus/1877
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Sunbelt Kerio Personal Firewall Multiple Local Denial of Service
Vulnerabilities
BugTraq ID: 20299
Remote: No
Date Published: 2006-10-02
Relevant URL: http://www.securityfocus.com/bid/20299
Summary:
Sunbelt Kerio Personal Firewall is prone to multiple local denial-of-service
vulnerabilities because the application fails to properly sanitize
user-supplied input.
These vulnerabilities allow local attackers to crash affected systems,
facilitating a denial-of-service condition on the local computer. Code
execution may also be possible, but this has not been confirmed.
2. ProRat Remote Login Authentication Bypass Vulnerability
BugTraq ID: 20293
Remote: Yes
Date Published: 2006-10-02
Relevant URL: http://www.securityfocus.com/bid/20293
Summary:
ProRat is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain remote access to computers running
this application. A successful exploit will lead to the complete compromise of
affected computers.
3. MailEnable SMTP NTLM Authentication Multiple Vulnerabilities
BugTraq ID: 20290
Remote: Yes
Date Published: 2006-10-02
Relevant URL: http://www.securityfocus.com/bid/20290
Summary:
MailEnable is prone to multiple remote vulnerabilities.
These issues arise in the SMTP server during NTLM authentication and may
facilitate arbitrary code execution or denial-of-service conditions.
MailEnable Professional 2.0 and MailEnable Enterprise 2.0 are reported
vulnerable to these issues.
4. Trend Micro OfficeScan ATXCONSOLE.OCX ActiveX Control Format String
Vulnerability
BugTraq ID: 20284
Remote: Yes
Date Published: 2006-10-01
Relevant URL: http://www.securityfocus.com/bid/20284
Summary:
Trend Micro OfficeScan is prone to a remote format-string vulnerability. This
vulnerability requires a certain amount of user-interaction for an attack to
occur, such as visiting a malicious website. A successful exploit would let a
remote attacker execute code with the privileges of the currently logged-in
user.
Trend Micro OfficeScan Corporate Edition 7.3 is reported vulnerable. Other
versions may be affected as well.
5. Yblog Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 20280
Remote: Yes
Date Published: 2006-09-30
Relevant URL: http://www.securityfocus.com/bid/20280
Summary:
Yblog is prone to multiple cross-site scripting vulnerabilities because it
fails to sufficiently sanitize user-supplied input data.
An attacker may leverage these issues to have arbitrary script code execute in
the browser of an unsuspecting user in the context of the affected site. This
may allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.
6. PHProjekt Include Path Multiple Remote File Include Vulnerabilities
BugTraq ID: 20268
Remote: Yes
Date Published: 2006-09-29
Relevant URL: http://www.securityfocus.com/bid/20268
Summary:
Multiple remote file-include vulnerabilities affect PHProjekt because the
application fails to properly sanitize user-supplied input before using it in a
PHP 'include()' function call.
An attacker may leverage these issues to execute arbitrary server-side script
code on an affected computer with the privileges of the webserver process.
Version 5.1.1 of PHProjekt is vulnerable to these issues; previous versions may
be affected as well.
7. NaviCOPA Web Server Remote Buffer Overflow Vulnerability
BugTraq ID: 20250
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20250
Summary:
NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability because
the application fails to properly bounds-check user-supplied input before
copying it to an insufficiently sized memory buffer.
This vulnerability may lead to the execution of arbitrary code or to
denial-of-service conditions. This may facilitate the remote compromise of
affected computers.
NaviCOPA Web Server version 2.01 is vulnerable to this issue; other versions
may also be affected.
8. Portable OpenSSH GSSAPI Authentication Abort Information Disclosure Weakness
BugTraq ID: 20245
Remote: Yes
Date Published: 2006-09-27
Relevant URL: http://www.securityfocus.com/bid/20245
Summary:
Portable OpenSSH is prone to an information-disclosure weakness. The issue
stems from a GSSAPI authentication abort.
Reportedly, attackers may leverage a GSSAPI authentication abort to determine
the presence and validity of usernames on unspecified platforms.
This issue occurs when Portable OpenSSH is configured to accept GSSAPI
authentication.
Portable OpenSSH 4.3p1 and prior versions exhibit this weakness.
9. Zen Cart Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 20242
Remote: Yes
Date Published: 2006-09-28
Relevant URL: http://www.securityfocus.com/bid/20242
Summary:
Zen Cart is prone to multiple cross-site scripting vulnerabilities because it
fails to sufficiently sanitize user-supplied input data.
An attacker may leverage these issues to have arbitrary script code execute in
the browser of an unsuspecting user in the context of the affected site. This
may allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.
Zen Cart 1.3.5 is vulnerable to these issues.
10. Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
BugTraq ID: 20241
Remote: Yes
Date Published: 2006-09-27
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution vulnerability. The issue
derives from a race condition in a vulnerable signal handler.
Reportedly, under specific conditions, it is theoretically possible to execute
code remotely prior to authentication when GSSAPI authentication is enabled.
This has not been confirmed; the chance of a successful exploit of this nature
is considered minimal.
On non-Portable OpenSSH implementations, this same race condition can be
exploited to cause a pre-authentication denial of service.
This issue occurs when OpenSSH and Portable OpenSSH are configured to accept
GSSAPI authentication.
11. Microsoft PowerPoint Unspecified Remote Code Execution Vulnerability
BugTraq ID: 20226
Remote: Yes
Date Published: 2006-09-26
Relevant URL: http://www.securityfocus.com/bid/20226
Summary:
Microsoft PowerPoint is prone to an unspecified remote code-execution
vulnerability.
This issue can allow remote attackers to execute arbitrary code on a vulnerable
computer by supplying a malicious PowerPoint document to a user. This issue is
being actively exploited in the wild as Trojan.PPDropper.F.
This vulnerability is currently known to affect Microsoft Office 2000, Office
XP, and Office 2003.
Due to a lack of information, further details cannot be provided. This BID will
be updated when more information becomes available.
12. OpenSSH Duplicated Block Remote Denial of Service Vulnerability
BugTraq ID: 20216
Remote: Yes
Date Published: 2006-09-26
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because it fails
to properly handle incoming duplicate blocks.
Remote attackers may exploit this issue to consume excessive CPU resources,
potentially denying service to legitimate users.
This issue occurs only when OpenSSH is configured to accept SSH Version One
traffic.
13. CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
BugTraq ID: 20163
Remote: Yes
Date Published: 2006-09-24
Relevant URL: http://www.securityfocus.com/bid/20163
Summary:
cPanel is prone to a remote privilege-escalation vulnerability.
A remote attacker can exploit this issue to gain administrative access to the
affected application. This may lead to other attacks.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Allow regular user to unlock screensaver locked computer
http://www.securityfocus.com/archive/88/447483
2. a question of usb token
http://www.securityfocus.com/archive/88/447484
3. How can this happen with Windows Vista?
http://www.securityfocus.com/archive/88/447296
4. Security Policy Anomaly
http://www.securityfocus.com/archive/88/447248
5. SecurityFocus Microsoft Newsletter #310
http://www.securityfocus.com/archive/88/447144
6. Microsoft Security Clamp
http://www.securityfocus.com/archive/88/446467
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the
development of any web application. What methodology should be followed? What
tools can accelerate the assessment process? See for yourself. Download this
Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YSf
---------------------------------------------------------------------------
---------------------------------------------------------------------------
