SecurityFocus Microsoft Newsletter #380 ----------------------------------------
This issue is Sponsored by: Black Hat Europe Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations. www.blackhat.com SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Skills for the Future 2. Mother, May I? II. MICROSOFT VULNERABILITY SUMMARY 1. COWON America jetAudio ASX File Processing Remote Buffer Overflow Vulnerability 2. IBM DB2 Universal Database DAS Buffer Overflow Vulnerability 3. IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability 4. Check Point VPN SecureClient/SecuRemote Local Login Credentials Information Disclosure Vulnerability 5. Microsoft February 2008 Advance Notification Multiple Vulnerabilities 6. IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Vulnerability 7. TinTin++ and WinTin++ '#chat' Command Multiple Security Vulnerabilities 8. WinComLPD Total Multiple Buffer Overflow Vulnerabilities and Authentication Bypass Vulnerability 9. Ipswitch FTP Log Server Denial of Service Vulnerability 10. Titan FTP Server DELE Command Remote Buffer Overflow Vulnerability 11. Print Manager Plus PQCore Remote Denial of Service Vulnerability 12. Xlight FTP Server LDAP Blank Password Authentication Bypass Vulnerability 13. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities 14. Ipswitch WS_FTP SFTP Opendir Command Buffer Overflow Vulnerability 15. Titan FTP Server USER/PASS Commands Buffer Overflow Vulnerability 16. ELOG 'logbook' HTML Injection Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #379 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Skills for the Future By Don Parker A lot of the emails sent to me ask a basic question: Just how does one break into computer security or what skills should you learn to get that first security job. Lately though, I have been receiving many more queries on specifically how one can leverage an existing skill set to become an information-technology security analyst. http://www.securityfocus.com/columnists/464 2. Mother May I? By Mark Rasch "Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail. http://www.securityfocus.com/columnists/463 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. COWON America jetAudio ASX File Processing Remote Buffer Overflow Vulnerability BugTraq ID: 27698 Remote: Yes Date Published: 2008-02-08 Relevant URL: http://www.securityfocus.com/bid/27698 Summary: jetAudio is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer while processing ASX files. Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application. jetAudio 7.0.5 is reported vulnerable; prior versions may also be affected. 2. IBM DB2 Universal Database DAS Buffer Overflow Vulnerability BugTraq ID: 27681 Remote: Yes Date Published: 2008-02-07 Relevant URL: http://www.securityfocus.com/bid/27681 Summary: IBM DB2 is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected service. Successfully exploiting this issue may facilitate in the remote compromise of affected computers. Failed exploit attempts will likely crash the affected application. NOTE: This vulnerability was previously disclosed in BID 27596 (IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities). Due to more information, it has been assigned its own record. 3. IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability BugTraq ID: 27680 Remote: No Date Published: 2008-02-07 Relevant URL: http://www.securityfocus.com/bid/27680 Summary: IBM DB2 Universal Database Server is prone to a local privilege-escalation vulnerability because of how the application contructs library paths. Exploiting this issue allows local attackers to gain root privileges. Note that an attacker must be able to execute the set-uid root 'db2pd' binary to exploit this issue. DB2 Universal Database Server 9.1 FixPack 2 on Linux systems is vulnerable. Other versions, including those for other UNIX platforms, are suspected to be vulnerable. NOTE: This vulnerability was previously disclosed in BID 27596 'IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities'. Due to more information, it has been assigned its own record. 4. Check Point VPN SecureClient/SecuRemote Local Login Credentials Information Disclosure Vulnerability BugTraq ID: 27675 Remote: No Date Published: 2008-02-07 Relevant URL: http://www.securityfocus.com/bid/27675 Summary: Check Point VPN-1 SecureClient/SecuRemote client for Microsoft Windows is prone to an information-disclosure vulnerability because it fails to protect users' login credentials. Attackers can exploit this issue to harvest VPN login credentials and gain unauthorized access to networks and resources protected by the VPN. This may lead to further attacks. 5. Microsoft February 2008 Advance Notification Multiple Vulnerabilities BugTraq ID: 27674 Remote: Yes Date Published: 2008-02-07 Relevant URL: http://www.securityfocus.com/bid/27674 Summary: Microsoft has released advance notification that the vendor will be releasing twelve security bulletins on February 12, 2008. The highest severity rating for these issues is 'Critical'. Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. Individual records will be created for each issue when the bulletins are released. 6. IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Vulnerability BugTraq ID: 27665 Remote: Yes Date Published: 2008-02-05 Relevant URL: http://www.securityfocus.com/bid/27665 Summary: IBM WebSphere Edge Server Caching Proxy is prone to a cross-site scripting vulnerability that affects the caching proxy server because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The vulnerability affects Caching Proxy 5.1, 5.1.1, 6.0, 6.0.1, 6.0.2, and 6.1. Other versions may also be affected. 7. TinTin++ and WinTin++ '#chat' Command Multiple Security Vulnerabilities BugTraq ID: 27660 Remote: Yes Date Published: 2008-02-06 Relevant URL: http://www.securityfocus.com/bid/27660 Summary: TinTin++ and WinTin++ are prone to multiple security vulnerabilities affecting the application's '#chat' functionality. These issues include a buffer-overflow vulnerability, a denial-of-service vulnerability, and a file-overwrite vulnerability. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or overwrite files with arbitrary content. These issues affect TinTin++ and WinTin++ 1.97.9; other versions may also be affected. 8. WinComLPD Total Multiple Buffer Overflow Vulnerabilities and Authentication Bypass Vulnerability BugTraq ID: 27614 Remote: Yes Date Published: 2008-02-04 Relevant URL: http://www.securityfocus.com/bid/27614 Summary: WinComLPD Total is prone to multiple vulnerabilities, including buffer-overflow vulnerabilities and an authentication-bypass vulnerability. Successfully exploiting these issues will allow an attacker to perform unauthorized actions or execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application. These issues affect WinComLPD Total 3.0.2.623; other versions may also be vulnerable. 9. Ipswitch FTP Log Server Denial of Service Vulnerability BugTraq ID: 27612 Remote: Yes Date Published: 2008-02-04 Relevant URL: http://www.securityfocus.com/bid/27612 Summary: WS_FTP Log Server shipped with WS_FTP is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. This issue affects WS_FTP running FTP Log Server 7.9.14.0; other versions may also be affected. 10. Titan FTP Server DELE Command Remote Buffer Overflow Vulnerability BugTraq ID: 27611 Remote: Yes Date Published: 2008-02-04 Relevant URL: http://www.securityfocus.com/bid/27611 Summary: Titan FTP Server is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. This issue affects Titan FTP Server 6.05 build 550; other versions may also be vulnerable. 11. Print Manager Plus PQCore Remote Denial of Service Vulnerability BugTraq ID: 27604 Remote: Yes Date Published: 2008-02-04 Relevant URL: http://www.securityfocus.com/bid/27604 Summary: Print Manager Plus is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash affected servers, potentially causing the application to stop accepting further network messages. This may deny service to legitimate users. The issue affects versions prior to Print Manager Plus 7.0.127.16. Other versions may also be affected. 12. Xlight FTP Server LDAP Blank Password Authentication Bypass Vulnerability BugTraq ID: 27602 Remote: Yes Date Published: 2008-02-04 Relevant URL: http://www.securityfocus.com/bid/27602 Summary: Xlight FTP Server is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application. This issue affects versions prior to Xlight FTP Server 2.83. 13. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities BugTraq ID: 27596 Remote: No Date Published: 2008-02-04 Relevant URL: http://www.securityfocus.com/bid/27596 Summary: IBM DB2 Universal Database Server is prone to multiple local vulnerabilities, including: - An unspecified local vulnerability - A local security-bypass vulnerability Attackers can exploit these issues to compromise the affected application, execute arbitrary code within the context of the affected application, and bypass certain security restrictions. Other attacks are also possible. These issues affect versions prior to IBM DB2 Universal Database Server 8.2 Fixpak 16. NOTE: Two issues that were previously documented in this BID were given their own records to better document the details: BID 27681 ('IBM DB2 Universal Database DAS Buffer Overflow Vulnerability') and BID 27680 ('IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability'). 14. Ipswitch WS_FTP SFTP Opendir Command Buffer Overflow Vulnerability BugTraq ID: 27573 Remote: Yes Date Published: 2008-02-02 Relevant URL: http://www.securityfocus.com/bid/27573 Summary: Ipswitch WS_FTP is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. This issue affects WS_FTP 6.1.0.0; other versions may also be affected. 15. Titan FTP Server USER/PASS Commands Buffer Overflow Vulnerability BugTraq ID: 27568 Remote: Yes Date Published: 2008-02-02 Relevant URL: http://www.securityfocus.com/bid/27568 Summary: Titan FTP Server is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. We do not know which versions are affected at this time; we will update this BID as more information emerges. 16. ELOG 'logbook' HTML Injection Vulnerability BugTraq ID: 27526 Remote: Yes Date Published: 2008-01-30 Relevant URL: http://www.securityfocus.com/bid/27526 Summary: ELOG is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. This issue affects versions prior to ELOG 2.7.2. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #379 http://www.securityfocus.com/archive/88/487457 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: Black Hat Europe Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations. www.blackhat.com
