SecurityFocus Microsoft Newsletter #415 ----------------------------------------
This issue is Sponsored by IBM? Rational? AppScan Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities. Download a free trial of AppScan and see how it can help prevent against the threat of attack. https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.The Vice of Vice Presidential E-Mail 2.Blaming the Good Samaritan II. MICROSOFT VULNERABILITY SUMMARY 1. Drupal Multiple Modules Security Bypass Vulnerabilities 2. Cisco Unity 7.0 Multiple Remote Vulnerabilities 3. Cisco Unity Remote Administration Authentication Bypass Vulnerability 4. Avaya one-X Desktop Edition SIP Remote Denial Of Service Vulnerability 5. Microsoft PicturePusher 'PipPPush.dll' ActiveX Control Arbitrary File Download Vulnerability 6. Mozilla Firefox Internet Shortcut Same Origin Policy Violation Vulnerability 7. Internet Download Manager File Parsing Buffer Overflow Vulnerability 8. MetaGauge Web Server Directory Traversal Vulnerability 9. AyeView GIF Image Handling Denial of Service Vulnerability 10. Microsoft Windows Vista Local Denial Of Service Vulnerability 11. Serv-U FTP Server 'rnto' Command Directory Traversal Vulnerability 12. Vba32 Personal Antivirus Archive Parsing Denial of Service Vulnerability 13. RhinoSoft Serv-U FTP Server 'sto con:1' Denial of Service Vulnerability 14. mIRC 'PRIVMSG' Buffer Overflow Vulnerability 15. ESET SysInspector 'esiadrv.sys' Local Privilege Escalation Vulnerability 16. Wireshark Packet Capture File Denial of Service Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #414 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.The Vice of Vice Presidential E-Mail By Mark Rasch Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business. http://www.securityfocus.com/columnists/482 2.Blaming the Good Samaritan By Houston Carr In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins http://www.securityfocus.com/columnists/481 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Drupal Multiple Modules Security Bypass Vulnerabilities BugTraq ID: 31660 Remote: Yes Date Published: 2008-10-08 Relevant URL: http://www.securityfocus.com/bid/31660 Summary: Multiple Drupal Modules are prone to security-bypass vulnerabilities that may allow attackers to gain access to administrative or sensitive areas of the application without the appropriate privileges This issue affects version prior to the following packages: - Live module 6.x before version 6.x-1.0 - AJAX Picture Preview module 6.x before version 6.x-1.2 - Admin:hover module 6.x-1.x-dev before 2008-Oct-08 - Banner Rotor Module before version 6.x-1.3 - Creative Commons Lite module 6.x before version 6.x-1.1 - Keyboard shortcut utilty module 6.x before version 6.x-1.1 - LiveJournal CrossPoster module 6.x before version 6.x-1.4 - Taxonomy import/export via XML module 6.x before version 6.x-1.2 - User Referral module 6.x-1.x-dev before 2008-Oct-08 2. Cisco Unity 7.0 Multiple Remote Vulnerabilities BugTraq ID: 31642 Remote: Yes Date Published: 2008-10-08 Relevant URL: http://www.securityfocus.com/bid/31642 Summary: Cisco Unity is prone to multiple remote vulnerabilities, including: - An information-disclosure vulnerability in the web interface - A denial-of-service vulnerability in the administration interface - A script-injection vulnerability in the web interface - Multiple denial-of-service vulnerabilities in unspecified services These issues are reported in Cisco Unity 7.0; other versions may also be affected. 3. Cisco Unity Remote Administration Authentication Bypass Vulnerability BugTraq ID: 31638 Remote: Yes Date Published: 2008-10-08 Relevant URL: http://www.securityfocus.com/bid/31638 Summary: Cisco Unity is prone to an authentication-bypass vulnerability. Exploiting this issue can allow remote attackers to gain unauthorized administrative privileges. This issue is being tracked by Cisco Bug ID CSCsr86943. Versions prior to the following are vulnerable: Cisco Unity 4.0 ES161 for the 4.x release Cisco Unity 5.0 ES53 for the 5.x release Cisco Unity 7.0 ES8 for the 7.x release 4. Avaya one-X Desktop Edition SIP Remote Denial Of Service Vulnerability BugTraq ID: 31636 Remote: Yes Date Published: 2008-10-08 Relevant URL: http://www.securityfocus.com/bid/31636 Summary: Avaya one-X Desktop Edition phone is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Avaya one-X Desktop Edition 2.1 is vulnerable; other versions may also be affected. 5. Microsoft PicturePusher 'PipPPush.dll' ActiveX Control Arbitrary File Download Vulnerability BugTraq ID: 31632 Remote: Yes Date Published: 2008-10-08 Relevant URL: http://www.securityfocus.com/bid/31632 Summary: Microsoft PicturePusher ActiveX control in 'PipPPush.dll' is prone to a vulnerability that lets attackers download arbitrary files. Attackers may exploit this issue by enticing victims into visiting a maliciously crafted webpage. Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer. The affected ActiveX control may be a component of Microsoft Digital Image 2006 Starter Edition. 'PipPPush.dll' 7.00.0709 is vulnerable; other versions may also be affected. 6. Mozilla Firefox Internet Shortcut Same Origin Policy Violation Vulnerability BugTraq ID: 31611 Remote: Yes Date Published: 2008-10-07 Relevant URL: http://www.securityfocus.com/bid/31611 Summary: Mozilla Firefox is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling internet shortcut files. An attacker may create a malicious webpage that can access the properties of another domain. This may allow the attacker to obtain sensitive information or launch other attacks against a user of the browser. Firefox 3.0.1 through 3.0.3 for Microsoft Windows are vulnerable; other versions may also be affected. 7. Internet Download Manager File Parsing Buffer Overflow Vulnerability BugTraq ID: 31603 Remote: Yes Date Published: 2008-10-06 Relevant URL: http://www.securityfocus.com/bid/31603 Summary: Internet Download Manager (IDM) is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This vulnerability may be related to the issue described in BID 14159 (Internet Download Manager Buffer Overflow Vulnerability), but this has not been confirmed. We don't know which versions of IDM are affected. We will update this BID when more information emerges. 8. MetaGauge Web Server Directory Traversal Vulnerability BugTraq ID: 31596 Remote: Yes Date Published: 2008-10-06 Relevant URL: http://www.securityfocus.com/bid/31596 Summary: MetaGauge is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks. Versions prior to MetaGauge 1.0.3.38 are vulnerable. 9. AyeView GIF Image Handling Denial of Service Vulnerability BugTraq ID: 31572 Remote: Yes Date Published: 2008-10-04 Relevant URL: http://www.securityfocus.com/bid/31572 Summary: AyeView is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected application, resulting in denial-of-service conditions. AyeView 2.20 is vulnerable; other versions may also be affected. 10. Microsoft Windows Vista Local Denial Of Service Vulnerability BugTraq ID: 31570 Remote: No Date Published: 2008-10-05 Relevant URL: http://www.securityfocus.com/bid/31570 Summary: Microsoft Windows Vista is prone to a local denial-of-service vulnerability. Attackers may exploit this issue to deny further service to legitimate users. This issue affects Windows Vista Home Premium and Ultimate editions; other versions may be affected as well. 11. Serv-U FTP Server 'rnto' Command Directory Traversal Vulnerability BugTraq ID: 31563 Remote: Yes Date Published: 2008-10-03 Relevant URL: http://www.securityfocus.com/bid/31563 Summary: Serv-U FTP server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks. Serv-U FTP server 7.2.0.1 is vulnerable; other versions may also be affected. 12. Vba32 Personal Antivirus Archive Parsing Denial of Service Vulnerability BugTraq ID: 31560 Remote: Yes Date Published: 2008-10-03 Relevant URL: http://www.securityfocus.com/bid/31560 Summary: Vba32 Personal Antivirus is prone to a denial-of-service vulnerability caused by an unspecified memory-corruption error. Attackers can exploit this issue to cause the application to crash, denying service to legitimate users. This may aid attackers in launching further attacks while the security application is not running. Versions of Vba32 Personal Antivirus in the 3.12.8 branch are vulnerable; other versions may also be affected. 13. RhinoSoft Serv-U FTP Server 'sto con:1' Denial of Service Vulnerability BugTraq ID: 31556 Remote: Yes Date Published: 2008-10-03 Relevant URL: http://www.securityfocus.com/bid/31556 Summary: Serv-U FTP server is prone to a denial of service vulnerability. An attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users. Serv-U FTP server 7.2.0.1 is vulnerable; other versions may also be affected. 14. mIRC 'PRIVMSG' Buffer Overflow Vulnerability BugTraq ID: 31552 Remote: Yes Date Published: 2008-10-02 Relevant URL: http://www.securityfocus.com/bid/31552 Summary: mIRC is prone to a stack-based buffer-overflow vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. mIRC 6.34 is vulnerable; other versions may be affected as well. 15. ESET SysInspector 'esiadrv.sys' Local Privilege Escalation Vulnerability BugTraq ID: 31521 Remote: No Date Published: 2008-10-01 Relevant URL: http://www.securityfocus.com/bid/31521 Summary: ESET SysInspector is prone to a local privilege-escalation vulnerability that occurs in the 'esiadrv.sys' driver. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. ESET SysInspector 1.1.1.0 is vulnerable; other versions may also be affected. 16. Wireshark Packet Capture File Denial of Service Vulnerability BugTraq ID: 31468 Remote: Yes Date Published: 2008-09-29 Relevant URL: http://www.securityfocus.com/bid/31468 Summary: Wireshark is prone to a denial-of-service vulnerability. Exploiting this issue may allow attackers to cause crashes and deny service to legitimate users of the application. Wireshark 1.0.3 is vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #414 http://www.securityfocus.com/archive/88/496934 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by IBM? Rational? AppScan Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities. Download a free trial of AppScan and see how it can help prevent against the threat of attack. https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r
