SecurityFocus Microsoft Newsletter #348 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Don't Be Evil 2. Persistence of data on storage media II. MICROSOFT VULNERABILITY SUMMARY 1. CA BrightStor ARCserve Backup Server Unspecified Remote Code Execution Vulnerability 2. Conti FTP Server Large String Denial of Service Vulnerability 3. Wireshark Multiple Protocol Denial of Service Vulnerabilities 4. Avax Vector AvaxSWF.DLL ActiveX Control Arbitrary File Overwrite Vulnerability 5. GD Graphics Library Multiple Vulnerabilities 6. LiteWEB Web Server Invalid Page Remote Denial of Service Vulnerability 7. Key Focus Web Server Index.WKF Cross-Site Scripting Vulnerability 8. Apple Safari for Windows Bookmark Title Buffer Overflow Vulnerability 9. Access2ASP Multiple Cross Site Scripting Vulnerabilities 10. Lhaca File Archiver Unspecified Stack Buffer Overflow Vulnerability 11. Ingress Database Server Multiple Remote Vulnerabilities 12. HTTP Server Request Handling Remote Denial Of Service Vulenrability 13. BugHunter HTTP Server Parse Error Information Disclosure Vulnerability 14. Comersus Cart Multiple Input Validation Vulnerabilities 15. Avaya 4602SW IP Phone Security Bypass Vulnerability 16. AGEPhone SIP Soft Phone Malformed Delimiter Denial of Service Vulnerability 17. Avaya One-X Desktop Edition SIP Header Denial Of Service Vulnerability 18. AGEPhone SIP Soft Phone Message Parsing Denial of Service Vulnerability 19. Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing Vulnerability 20. Nortel Networks PC Client Soft Phone SIP Message Parsing Module Denial of Service Vulnerability 21. RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities 22. AOL Instant Messenger SIP Invite Message Denial of Service Vulnerability 23. Nortel Networks PC Client Soft Phone Message Parsing Module Buffer Overflow Vulnerability 24. Avaya One-X Desktop Edition Phone SIP Remote Buffer Overflow Vulnerability 25. Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Don't Be Evil By Mark Rasch A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators. http://www.securityfocus.com/columnists/447 2. Persistence of data on storage media By Jamie Ridden Jamie Ridden discusses the re-use of storage media and how slack space can prevent sensitive data from being completely removed. http://www.securityfocus.com/infocus/1891 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. CA BrightStor ARCserve Backup Server Unspecified Remote Code Execution Vulnerability BugTraq ID: 24680 Remote: Yes Date Published: 2007-06-27 Relevant URL: http://www.securityfocus.com/bid/24680 Summary: Computer Associates BrightStor ARCserve Backup is prone to a remote code-execution vulnerability. Currently, very few details are available regarding this issue. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Version 11.5 SP3 for Microsoft Windows is reported vulnerable; other versions may also be affected. 2. Conti FTP Server Large String Denial of Service Vulnerability BugTraq ID: 24672 Remote: Yes Date Published: 2007-06-27 Relevant URL: http://www.securityfocus.com/bid/24672 Summary: The Conti FTP Server is prone to a denial-of-service vulnerability. A remote attacker may be able to exploit this issue to deny service to legitimate users of the application. 3. Wireshark Multiple Protocol Denial of Service Vulnerabilities BugTraq ID: 24662 Remote: Yes Date Published: 2007-06-26 Relevant URL: http://www.securityfocus.com/bid/24662 Summary: Wireshark is prone to multiple denial-of-service vulnerabilities. Exploiting these issues may permit attackers to cause crashes and deny service to legitimate users of the application. Wireshark versions prior to 0.99.6 are affected. 4. Avax Vector AvaxSWF.DLL ActiveX Control Arbitrary File Overwrite Vulnerability BugTraq ID: 24659 Remote: Yes Date Published: 2007-06-26 Relevant URL: http://www.securityfocus.com/bid/24659 Summary: The Avax Vector ActiveX control is prone to a vulnerability that could permit an attacker to overwrite arbitrary files. The attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Avax Vector ActiveX v.1.3 is vulnerable. 5. GD Graphics Library Multiple Vulnerabilities BugTraq ID: 24651 Remote: Yes Date Published: 2007-06-26 Relevant URL: http://www.securityfocus.com/bid/24651 Summary: The GD graphics library is prone to multiple vulnerabilities. An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the affected library. Version prior to GD graphics library 2.0.35 are reported vulnerable. 6. LiteWEB Web Server Invalid Page Remote Denial of Service Vulnerability BugTraq ID: 24628 Remote: Yes Date Published: 2007-06-25 Relevant URL: http://www.securityfocus.com/bid/24628 Summary: LiteWeb webserver is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying further service to legitimate users. This issue affects LiteWeb 2.7; other versions may also be vulnerable. 7. Key Focus Web Server Index.WKF Cross-Site Scripting Vulnerability BugTraq ID: 24623 Remote: Yes Date Published: 2007-06-25 Relevant URL: http://www.securityfocus.com/bid/24623 Summary: Key Focus Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue affects Key Focus Web Server 3.1.0; other versions may also be affected. 8. Apple Safari for Windows Bookmark Title Buffer Overflow Vulnerability BugTraq ID: 24619 Remote: Yes Date Published: 2007-06-25 Relevant URL: http://www.securityfocus.com/bid/24619 Summary: Safari for Windows is prone to a buffer-overflow vulnerability. This issue is triggered when an attacker entices a victim to bookmark a maliciously crafted site. A remote attacker may exploit this issue to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. 9. Access2ASP Multiple Cross Site Scripting Vulnerabilities BugTraq ID: 24610 Remote: Yes Date Published: 2007-06-25 Relevant URL: http://www.securityfocus.com/bid/24610 Summary: The 'access2asp' program is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks. This issue affects access2asp 4.5 and prior versions. 10. Lhaca File Archiver Unspecified Stack Buffer Overflow Vulnerability BugTraq ID: 24604 Remote: Yes Date Published: 2007-06-25 Relevant URL: http://www.securityfocus.com/bid/24604 Summary: Lhaca file archiver is prone to an unspecified stack-based buffer-overflow vulnerability. The application fails to properly decompress malicious LZH archive files. An attacker can exploit this issue to crash the application and execute arbitrary code within the context of the affected application. Lhaca 1.20 is vulnerable to this issue; other versions may also be affected. 11. Ingress Database Server Multiple Remote Vulnerabilities BugTraq ID: 24585 Remote: Yes Date Published: 2007-06-21 Relevant URL: http://www.securityfocus.com/bid/24585 Summary: Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue. Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file. 12. HTTP Server Request Handling Remote Denial Of Service Vulenrability BugTraq ID: 24576 Remote: Yes Date Published: 2007-06-21 Relevant URL: http://www.securityfocus.com/bid/24576 Summary: HTTP Server is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the server, denying access to legitimate users. HTTP Server 1.6.2 is vulnerable; other versions may also be affected. 13. BugHunter HTTP Server Parse Error Information Disclosure Vulnerability BugTraq ID: 24566 Remote: Yes Date Published: 2007-06-20 Relevant URL: http://www.securityfocus.com/bid/24566 Summary: BugHunter HTTP Server is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks. This issue affects HTTP Server 1.6.2; other versions may also be affected. 14. Comersus Cart Multiple Input Validation Vulnerabilities BugTraq ID: 24562 Remote: Yes Date Published: 2007-06-20 Relevant URL: http://www.securityfocus.com/bid/24562 Summary: Comersus Cart is affected by multiple input validation vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. The attacker may also leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Comersus Cart 7.0.7 is vulnerable; other versions may also be affected. 15. Avaya 4602SW IP Phone Security Bypass Vulnerability BugTraq ID: 24544 Remote: Yes Date Published: 2007-06-19 Relevant URL: http://www.securityfocus.com/bid/24544 Summary: The Avaya 4602SW IP phone is prone to a security-bypass vulnerability because it accepts SIP requests from random source IP addresses. An attacker can exploit this issue to bypass security restrictions and then transmit malicious messages to the device. This issue affects the Avaya 4602SW IP Phone (Model 4602D02A). 16. AGEPhone SIP Soft Phone Malformed Delimiter Denial of Service Vulnerability BugTraq ID: 24543 Remote: Yes Date Published: 2007-06-19 Relevant URL: http://www.securityfocus.com/bid/24543 Summary: AGEphone SIP softphone is prone to a remote denial-of-service vulnerability, because the application fails to properly handle malformed data. Successful exploits can allow remote attackers to crash the affected application, denying further service to legitimate users. This issue affects AGEphone 1.41.2 running on HTC HyTN wireless smartphone using Windows Mobile 5 PPC. Other versions may also be affected. 17. Avaya One-X Desktop Edition SIP Header Denial Of Service Vulnerability BugTraq ID: 24541 Remote: Yes Date Published: 2007-06-19 Relevant URL: http://www.securityfocus.com/bid/24541 Summary: Avaya one-X Desktop Edition phone is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the phone, denying service to legitimate users. Avaya one-X Desktop Edition 2.1.0.70 and prior versions are vulnerable. 18. AGEPhone SIP Soft Phone Message Parsing Denial of Service Vulnerability BugTraq ID: 24540 Remote: Yes Date Published: 2007-06-19 Relevant URL: http://www.securityfocus.com/bid/24540 Summary: AGEphone SIP softphone is prone to a remote denial-of-service vulnerability, because the application fails to properly handle malformed data. Successful exploits can allow remote attackers to disconnect currently active calls or crash the device's operating system. This issue affects AGEphone 1.41.2 running on HTC HyTN wireless smartphone using Windows Mobile 5 PPC. Other versions may also be affected. 19. Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing Vulnerability BugTraq ID: 24539 Remote: Yes Date Published: 2007-06-19 Relevant URL: http://www.securityfocus.com/bid/24539 Summary: The Avaya 4602SW SIP Phone and SIP call server is prone to an authentication-spoofing vulnerability. This allows an attacker to impersonate a SIP call server, compromising the confidentiality of a victim's phone conversations. 20. Nortel Networks PC Client Soft Phone SIP Message Parsing Module Denial of Service Vulnerability BugTraq ID: 24536 Remote: Yes Date Published: 2007-06-19 Relevant URL: http://www.securityfocus.com/bid/24536 Summary: Nortel Networks PC Client soft phone is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed data. Successful exploits can allow remote attackers to crash the affected application, denying further service to legitimate users. 21. RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities BugTraq ID: 24534 Remote: Yes Date Published: 2007-06-19 Relevant URL: http://www.securityfocus.com/bid/24534 Summary: The RealNetworks GameHouse 'dldisplay' ActiveX Control is prone to multiple buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the GameHouse application. Failed exploit attempts will likely result in denial-of-service conditions. An attacker may exploit these issues by enticing victims into visiting a maliciously crafted webpage. 22. AOL Instant Messenger SIP Invite Message Denial of Service Vulnerability BugTraq ID: 24533 Remote: Yes Date Published: 2007-06-19 Relevant URL: http://www.securityfocus.com/bid/24533 Summary: AOL Instant Messenger is prone to a denial-of-service vulnerability because the application fails to handle specially crafted SIP messages. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects AOL Instant Messenger 6.1.32.1; prior versions may also be affected. 23. Nortel Networks PC Client Soft Phone Message Parsing Module Buffer Overflow Vulnerability BugTraq ID: 24531 Remote: Yes Date Published: 2007-06-19 Relevant URL: http://www.securityfocus.com/bid/24531 Summary: Nortel Networks PC Client soft phone is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Successful exploits can allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. 24. Avaya One-X Desktop Edition Phone SIP Remote Buffer Overflow Vulnerability BugTraq ID: 24530 Remote: Yes Date Published: 2007-06-19 Relevant URL: http://www.securityfocus.com/bid/24530 Summary: Avaya one-X Desktop Edition phone is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to disable the call-receiving functionality of affected phones. Avaya one-X Desktop Edition 2.1.0.70 and prior versions are vulnerable. 25. Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer Overflow Vulnerability BugTraq ID: 24523 Remote: Yes Date Published: 2007-06-18 Relevant URL: http://www.securityfocus.com/bid/24523 Summary: Trillian is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service. This issue affects Trillian 3.1.5.1; prior versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU
