SecurityFocus Microsoft Newsletter #333 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics Hacking With Ajax- On demand Webcast While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Watch this FREE SPI Dynamics webcast for tips on protecting your applications https://download.spidynamics.com/1/ad/AJAXw.asp?Campaign_ID=70160000000CjtG ------------------------------------------------------------------ I. FRONT AND CENTER 1. Blanket Discovery for Stolen Laptops 2. Notes On Vista Forensics, Part One II. MICROSOFT VULNERABILITY SUMMARY 1. Adobe JRun Unspecified Denial Of Service Vulnerability 2. PHProjekt Arbitrary File Upload Vulnerability 3. PHProjekt Multiple SQL Injection Vulnerabilities 4. WarFTP Username Stack-Based Buffer-Overflow Vulnerability 5. NewsBin Pro Long File Name Buffer Overflow Vulnerability 6. Microsoft Windows WinMM.DLL WAV Files Remote Denial of Service Vulnerability 7. News Reactor Long File Name Buffer Overflow Vulnerability 8. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability 9. PHP SNMPGet Function Local Buffer Overflow Vulnerability 10. Snort Inline Fragmentation Denial of Service Vulnerability 11. Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities 12. Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability 13. PHP MSSQL_Connect Local Buffer Overflow Vulnerability 14. PHP WDDX_Deserialize Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Blanket Discovery for Stolen Laptops By Mark Rasch Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world. http://www.securityfocus.com/columnists/438 2. Notes On Vista Forensics, Part One By Jamie Morris This article, the first in a two-part series, takes a high level look at what we know now about those changes in Windows Vista which seem likely to have the most impact on computer forensic investigations, starting with the built-in encryption, backup, and system protection features. http://www.securityfocus.com/infocus/1889 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Adobe JRun Unspecified Denial Of Service Vulnerability BugTraq ID: 22958 Remote: Yes Date Published: 2007-03-13 Relevant URL: http://www.securityfocus.com/bid/22958 Summary: Adobe JRun is prone to a denial-of-service vulnerability. This issue occurs because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying service to legitimate to legitimate users. This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6. 2. PHProjekt Arbitrary File Upload Vulnerability BugTraq ID: 22956 Remote: Yes Date Published: 2007-03-14 Relevant URL: http://www.securityfocus.com/bid/22956 Summary: PHProjekt is prone to an arbitrary file-upload vulnerability. Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible. Versions prior to 5.2.1 are vulnerable to this issue. 3. PHProjekt Multiple SQL Injection Vulnerabilities BugTraq ID: 22955 Remote: Yes Date Published: 2007-03-14 Relevant URL: http://www.securityfocus.com/bid/22955 Summary: PHProjekt is prone to multiple SQL-injection vulnerabilities because the application failso properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. PHProjekt versions 5.2.0 and prior are vulnerable to these issues. 4. WarFTP Username Stack-Based Buffer-Overflow Vulnerability BugTraq ID: 22944 Remote: Yes Date Published: 2007-03-13 Relevant URL: http://www.securityfocus.com/bid/22944 Summary: WarFTP is prone to a stack-based buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Exploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code in the context of the application. Version 1.65 is vulnerable; other versions may also be affected. 5. NewsBin Pro Long File Name Buffer Overflow Vulnerability BugTraq ID: 22940 Remote: Yes Date Published: 2007-03-13 Relevant URL: http://www.securityfocus.com/bid/22940 Summary: NewsBin Pro is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. This issue affects version 4.32; other versions may also be affected. 6. Microsoft Windows WinMM.DLL WAV Files Remote Denial of Service Vulnerability BugTraq ID: 22938 Remote: Yes Date Published: 2007-03-13 Relevant URL: http://www.securityfocus.com/bid/22938 Summary: Microsoft Windows is prone to a denial-of-service vulnerability. A remote attacker may exploit this vulnerability by presenting a malicious WAV file to a victim user. Successful exploits will result in excessive CPU consumption, effectively denying service. Specific information regarding affected versions of Microsoft Windows is currently unavailable. This BID will be updated as more information is disclosed. 7. News Reactor Long File Name Buffer Overflow Vulnerability BugTraq ID: 22936 Remote: Yes Date Published: 2007-03-13 Relevant URL: http://www.securityfocus.com/bid/22936 Summary: News Reactor is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. This issue affects version 20070220; other versions may also be affected. 8. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability BugTraq ID: 22923 Remote: Yes Date Published: 2007-03-12 Relevant URL: http://www.securityfocus.com/bid/22923 Summary: D-Link TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer. An attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Due to the nature of this issue, the attacker may presumably be able to exploit it for remote code execution. Version 1.0 is vulnerable; other versions may also be affected. 9. PHP SNMPGet Function Local Buffer Overflow Vulnerability BugTraq ID: 22893 Remote: No Date Published: 2007-03-09 Relevant URL: http://www.securityfocus.com/bid/22893 Summary: PHP is prone to a local buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users. PHP for Microsoft Windows versions 4.4.6 is vulnerable; other versions may also be affected. 10. Snort Inline Fragmentation Denial of Service Vulnerability BugTraq ID: 22872 Remote: Yes Date Published: 2007-03-08 Relevant URL: http://www.securityfocus.com/bid/22872 Summary: Snort is prone to a denial-of-service vulnerability because the network intrusion-detection (NID) system fails to handle specially crafted network packets. An attacker can exploit this issue to crash the application, allowing malicious network traffic to bypass the NID system. This issue affects versions 2.6.1.1, 2.6.1.2, and 2.7.0(beta); other versions may also be affected. NOTE: Reportedly, for this vulnerability to occur, Snort must be running Inline on Linux, with Frag3 enabled and ip_conntrack disabled. 11. Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities BugTraq ID: 22852 Remote: Yes Date Published: 2007-03-07 Relevant URL: http://www.securityfocus.com/bid/22852 Summary: Ipswitch IMail Server/Collaboration Suite is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Failed exploit attempts likely cause the application to crash. Ipswitch Collaboration 2006 Suite Premium, IMail, and IMail Plus are vulnerable to these issues. 12. Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability BugTraq ID: 22847 Remote: Yes Date Published: 2007-03-06 Relevant URL: http://www.securityfocus.com/bid/22847 Summary: The Microsoft 'ole32.dll' library is prone to a denial-of-service vulnerability. The issue occurs when the library handles document ('.doc') files containing large size values. It is conjectured that the execution of arbitrary code may be possible. Software that is linked to the ole32.dll versions that reside on Microsoft Windows 2000 SP4 FR and XP SP2 FR platforms are vulnerable; other versions might alsso be affected. 13. PHP MSSQL_Connect Local Buffer Overflow Vulnerability BugTraq ID: 22832 Remote: No Date Published: 2007-03-06 Relevant URL: http://www.securityfocus.com/bid/22832 Summary: PHP is prone to a local buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users. PHP for Microsoft Windows versions prior to 4.4.6 are vulnerable; other versions may also be affected. 14. PHP WDDX_Deserialize Buffer Overflow Vulnerability BugTraq ID: 22804 Remote: Yes Date Published: 2007-03-04 Relevant URL: http://www.securityfocus.com/bid/22804 Summary: PHP is prone to a remotely exploitable buffer-overflow vulnerability because it fails to properly check boundaries when processing client-supplied WDDX packets. An attacker can exploit this issue to execute malicious code. NOTE: This issue affects only the latest CVS release of PHP. The vulnerable code has not been released as part of an official PHP release at this time. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics Hacking With Ajax- On demand Webcast While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Watch this FREE SPI Dynamics webcast for tips on protecting your applications https://download.spidynamics.com/1/ad/AJAXw.asp?Campaign_ID=70160000000CjtG
