SecurityFocus Microsoft Newsletter #367 ----------------------------------------
This issue is Sponsored by: Watchfire As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=7017000000093zv SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.E-mail privacy to disappear? 2.Rebinding attacks unbound II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation Vulnerability 2. Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities 3. Apple QuickTime PICT Image Remote Stack Buffer Overflow Vulnerability 4. Apple QuickTime Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability 5. Apple QuickTime STSD Atom Remote Heap Buffer Overflow Vulnerability 6. Apple QuickTime Image Description Atom Remote Memory Corruption Vulnerability 7. Apple QuickTime for Java Multiple Unspecified Remote Privilege Escalation Vulnerabilities 8. Apple QuickTime Color Table Atom Remote Heap Buffer Overflow Vulnerability 9. Novell BorderManager Client Trust Heap Based Buffer Overflow Vulnerability 10. Mono System.Math BigInteger Buffer Overflow Vulnerability 11. Symantec Altiris Deployment Solution Directory Traversal Vulnerability 12. Symantec Altiris Deployment Solution Aclient Local Privilege Escalation Vulnerability 13. Ipswitch IMail SMTP Server IMail Client Remote Buffer Overflow Vulnerability 14. Sony CONNECT SonicStage Player M3U Playlist Processing Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.E-mail privacy to disappear? On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. At issue is whether the procedure whereby the government can subpoena stored copies of your e-mail -- similar to the way they could simply subpoena any physical mail sitting on your desk -- is unconstitutionally broad. http://www.securityfocus.com/columnists/456 2.Rebinding attacks unbound By Federico Biancuzzi DNS rebinding was discovered in 1996 and affected the Java Virtual Machine (VM). Recently a group of researchers at Stanford found out that this vulnerability is still present in browsers and that the common solution, known as DNS pinning, is not effective anymore. http://www.securityfocus.com/columnists/455 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation Vulnerability BugTraq ID: 26359 Remote: No Date Published: 2007-11-06 Relevant URL: http://www.securityfocus.com/bid/26359 Summary: Microsoft DebugView is prone to a local privilege-escalation vulnerability because it allows user-supplied data to be copied into memory addresses reserved for the kernel. An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer. Failed attempts could cause denial-of-service conditions. Microsoft DebugView 4.64 is vulnerable; other versions may also be affected. 2. Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities BugTraq ID: 26345 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26345 Summary: Apple QuickTime is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit these issues by enticing an unsuspecting user to open a specially crafted PICT image file. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. These issues affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 3. Apple QuickTime PICT Image Remote Stack Buffer Overflow Vulnerability BugTraq ID: 26344 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26344 Summary: Apple QuickTime is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted image file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 4. Apple QuickTime Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability BugTraq ID: 26342 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26342 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 5. Apple QuickTime STSD Atom Remote Heap Buffer Overflow Vulnerability BugTraq ID: 26341 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26341 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 6. Apple QuickTime Image Description Atom Remote Memory Corruption Vulnerability BugTraq ID: 26340 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26340 Summary: Apple QuickTime is prone to a memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 7. Apple QuickTime for Java Multiple Unspecified Remote Privilege Escalation Vulnerabilities BugTraq ID: 26339 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26339 Summary: Apple QuickTime for Java is prone to multiple unspecified privilege-escalation vulnerabilities. Successfully exploiting these issues allows remote attackers to access potentially sensitive information or to execute arbitrary code with elevated privileges. These issues facilitate the remote compromise of affected computers. These issues affect QuickTime for Java for both Apple Mac OS X and Microsoft Windows platforms. 8. Apple QuickTime Color Table Atom Remote Heap Buffer Overflow Vulnerability BugTraq ID: 26338 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26338 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OSX. 9. Novell BorderManager Client Trust Heap Based Buffer Overflow Vulnerability BugTraq ID: 26285 Remote: Yes Date Published: 2007-10-31 Relevant URL: http://www.securityfocus.com/bid/26285 Summary: Novell BorderManager is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users. This issue affects BorderManager 3.8; other versions may also be vulnerable. 10. Mono System.Math BigInteger Buffer Overflow Vulnerability BugTraq ID: 26279 Remote: Yes Date Published: 2007-10-31 Relevant URL: http://www.securityfocus.com/bid/26279 Summary: Mono is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in a denial-of-service condition. 11. Symantec Altiris Deployment Solution Directory Traversal Vulnerability BugTraq ID: 26266 Remote: No Date Published: 2007-10-30 Relevant URL: http://www.securityfocus.com/bid/26266 Summary: Symantec Altiris Deployment Solution is prone to a directory-traversal vulnerability. Attackers can exploit this issue to access potentially sensitive information that may aid in further attacks. 12. Symantec Altiris Deployment Solution Aclient Local Privilege Escalation Vulnerability BugTraq ID: 26265 Remote: No Date Published: 2007-10-30 Relevant URL: http://www.securityfocus.com/bid/26265 Summary: Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary files with 'System' privileges. Successful exploits will completely compromise affected computers. 13. Ipswitch IMail SMTP Server IMail Client Remote Buffer Overflow Vulnerability BugTraq ID: 26252 Remote: Yes Date Published: 2007-10-30 Relevant URL: http://www.securityfocus.com/bid/26252 Summary: IMail Client, which is included in Ipswitch IMail Server, is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects IMail Client 9.22, which is included with IMail Server 2006.22; other versions may also be affected. 14. Sony CONNECT SonicStage Player M3U Playlist Processing Buffer Overflow Vulnerability BugTraq ID: 26241 Remote: Yes Date Published: 2007-10-29 Relevant URL: http://www.securityfocus.com/bid/26241 Summary: Sony CONNECT SonicStage player is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Remote attackers may crash the application or execute arbitrary machine code in the context of the user running the affected application. This issue affects SonicStage 4.3; other versions may also be vulnerable. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: Watchfire As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=7017000000093zv
