SecurityFocus Microsoft Newsletter #393

Wed, 07 May 2008 13:05:08 -0700 

SecurityFocus Microsoft Newsletter #393

----------------------------------------

This issue is sponsored by Verisign
Provide the best in SSL technology on your site - VeriSign Extended Validation (EV) and Server-Gated Cryptography (SGC) SSL Certificates. When your site has EV and SGC it allows your customers to have confidence that they are safe and you will know their information is secure. Learn how to provide the latest advancements in SSL to your site visitors with the free white paper. 
http://clk.atdmt.com/SFI/go/scrtysrv1170000034sfi/direct/01/


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying 
topics of interest for our community. We are proud to offer content from 
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
      1.Just Who's Being Exploited?
      2.On the Border
II.  MICROSOFT VULNERABILITY SUMMARY
      1. Nortel Multimedia PC Client Remote Packet Flood Denial of Service 
Vulnerability
      2. Castle Rock Computing SNMPc Community String Stack Based Buffer 
Overflow Vulnerability
      3. Acritum Femitter Server 'RETR' Command Remote Denial of Service 
Vulnerability
      4. VicFTPS 'LIST' Command Remote Denial of Service Vulnerability
      5. Apple QuickTime Unspecified Remote Code Execution Vulnerability
      6. E-Post MailServer Remote Information Disclosure Vulnerability
      7. Rising Antivirus SSDT 'NtOpenProcess()' Hook Local Denial of Service 
Vulnerability
      8. Comodo Firewall Pro SSDT Hooks Multiple Local Vulnerabilities
      9. BitDefender Antivirus 2008 Hooked SSDT Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
      1. Binding Windows Services to Specific Addresses Only
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a 
new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege 
of being the exclusive licensor of a heretofore unpublished vulnerability in 
Apple's Safari web browser to researcher, Charles Miller of Independent 
Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470

2.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with 
my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through 
security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or 
"National" as we locals call it. As I passed through the new magnetometer which gently 
puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn 
Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could 
"inspect" my laptop computer. While the inspection was cursory, the situation immediately 
gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Nortel Multimedia PC Client Remote Packet Flood Denial of Service 
Vulnerability
BugTraq ID: 28994
Remote: Yes
Date Published: 2008-04-30
Relevant URL: http://www.securityfocus.com/bid/28994
Summary:
Nortel Multimedia PC Client is prone to a remote denial-of-service 
vulnerability because it fails to properly handle unexpected network traffic.

Successful attacks can crash the application, denying service to legitimate 
users. Given the nature of this issue, remote code execution may also be 
possible, but this has not been confirmed.

2. Castle Rock Computing SNMPc Community String Stack Based Buffer Overflow 
Vulnerability
BugTraq ID: 28990
Remote: Yes
Date Published: 2008-04-30
Relevant URL: http://www.securityfocus.com/bid/28990
Summary:
Castle Rock Computing SNMPc is prone to a stack-based buffer-overflow 
vulnerability because it fails to perform adequate boundary checks on 
user-supplied input.

Attackers can leverage this issue to execute arbitrary code in the context of 
the application, which typically runs with LocalSystem privileges. Successful 
exploits will compromise affected computers. Failed attacks will likely cause 
denial-of-service conditions.

Versions prior to SNMPc 7.1.1 are vulnerable.

3. Acritum Femitter Server 'RETR' Command Remote Denial of Service Vulnerability
BugTraq ID: 28973
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28973
Summary:
Acritum Femitter Server is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. 
Successfully exploiting this issue would cause the affected application to 
crash, denying service to legitimate users.

Femitter Server 1.03 is vulnerable; other versions may also be affected.

4. VicFTPS 'LIST' Command Remote Denial of Service Vulnerability
BugTraq ID: 28967
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28967
Summary:
VicFTPS is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. 
Successfully exploiting this issue would cause the affected application to 
crash, denying service to legitimate users.

5. Apple QuickTime Unspecified Remote Code Execution Vulnerability
BugTraq ID: 28959
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28959
Summary:
Apple QuickTime is prone to an unspecified remote code-execution vulnerability. 
Very few technical details are currently available. We will update this BID as 
more information emerges.

Successful exploits can allow remote attackers to execute arbitrary code in the 
context of the user running the application.  This may facilitate a compromise 
of affected computers.

This issue affects QuickTime 7.4 for Microsoft Windows XP and Vista; other 
versions may also be affected.

6. E-Post MailServer Remote Information Disclosure Vulnerability
BugTraq ID: 28951
Remote: Yes
Date Published: 2008-04-27
Relevant URL: http://www.securityfocus.com/bid/28951
Summary:
E-Post MailServer is prone to a remote information-disclosure vulnerability. 
Exploiting this issue can allow remote attackers to obtain the POP3 password of 
any known user from the POP3 service without having to log on. For an exploit 
to succeed, the attacker must know the POP3 account name (email address) of the 
victim.

The issue affects E-Post Mail Server 4.10 with EPSTPOP3S.EXE 4.22; other 
versions may also be affected.

7. Rising Antivirus SSDT 'NtOpenProcess()' Hook Local Denial of Service 
Vulnerability
BugTraq ID: 28744
Remote: No
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28744
Summary:
Rising Antivirus is prone to a local denial-of-service vulnerability.

Exploiting this vulnerability allows local attackers to crash affected 
computers, denying service to legitimate users.

Rising Antivirus 19.60.0.0 and 19.66.0.0 are vulnerable; other versions may 
also be affected.

8. Comodo Firewall Pro SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 28742
Remote: No
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28742
Summary:
Comodo Firewall Pro is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected 
computers, denying service to legitimate users. Attackers might also be able to 
gain elevated privileges by executing arbitrary machine code in the context of 
the kernel, but this has not been confirmed.

Comodo Firewall Pro 2.4.18.184 is vulnerable; other versions may also be 
affected.

9. BitDefender Antivirus 2008 Hooked SSDT Denial of Service Vulnerability
BugTraq ID: 28741
Remote: No
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28741
Summary:
BitDefender Antivirus 2008 is prone to a local denial-of-service vulnerability 
because it fails to adequately bounds-check user-supplied data.

Exploiting this vulnerability allows local attackers to crash affected 
computers, denying service to legitimate users. Attackers might also be able to 
gain elevated privileges by executing arbitrary machine code in the context of 
the kernel, but this has not been confirmed.

BitDefender Antivirus 2008 Build 11.0.11 is vulnerable; other versions may also 
be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Binding Windows Services to Specific Addresses Only
http://www.securityfocus.com/archive/88/491595

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed 
address. The contents of the subject or message body do not matter. You will 
receive a confirmation request message to which you will have to answer. 
Alternatively you can also visit http://www.securityfocus.com/newsletters and 
unsubscribe via the website.

If your email address has changed email [EMAIL PROTECTED] and ask to be 
manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is sponsored by Verisign
Provide the best in SSL technology on your site - VeriSign Extended Validation (EV) and Server-Gated Cryptography (SGC) SSL Certificates. When your site has EV and SGC it allows your customers to have confidence that they are safe and you will know their information is secure. Learn how to provide the latest advancements in SSL to your site visitors with the free white paper. 
http://clk.atdmt.com/SFI/go/scrtysrv1170000034sfi/direct/01/

Reply via email to