SecurityFocus Microsoft Newsletter #430 ----------------------------------------
Symantec NetBackup Design Best Practices with Data Domain This white paper walks you through how Data Domain integrates with NBU, including planning and sizing considerations, operational considerations, offsite replication, and other integration basics so you can get the most out of this powerful solution. http://dinclinx.com/Redirect.aspx?36;2173;45;189;0;10;259;46b98cc7718e4a7c SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Time to Take the Theoretical Seriously 2.The Drew Verdict Makes Us All Hackers II. MICROSOFT VULNERABILITY SUMMARY 1. Moodle Log Table HTML Injection Vulnerability 2. QIP 2005 Malformed Rich Text Message Remote Denial of Service Vulnerability 3. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability 4. BlazeVideo HDTV Player PLF File Heap Buffer Overflow Vulnerability 5. Nokia Multimedia Player '.m3u' File Heap Buffer Overflow Vulnerability 6. NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities 7. BreakPoint Software Hex Workshop '.cmap' File Handling Memory Corruption Vulnerability 8. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability 9. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities 10. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability 11. Multiple Kaspersky Products 'klim5.sys' Local Privilege Escalation Vulnerability 12. Novell GroupWise Internet Agent SMTP RCPT Command Remote Buffer Overflow Vulnerability 13. Spider Player Multiple Playlist Files Buffer Overflow Vulnerability 14. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability 15. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability 16. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability 17. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities 18. Zinf Multiple Playlist Files Buffer Overflow Vulnerability 19. Win FTP Server 'LIST' FTP Command Remote Buffer Overflow Vulnerability 20. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities 21. Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability 22. Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service Vulnerability 23. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities 24. MediaMonkey '.m3u' File Remote Buffer Overflow Vulnerability 25. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #429 2. customer user accounts and internal user accounts on same domain IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Time to Take the Theoretical Seriously By Chris Wysopal Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers http://www.securityfocus.com/columnists/490 2.The Drew Verdict Makes Us All Hackers By Mark Rasch Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers. http://www.securityfocus.com/columnists/489 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Moodle Log Table HTML Injection Vulnerability BugTraq ID: 33610 Remote: Yes Date Published: 2009-02-04 Relevant URL: http://www.securityfocus.com/bid/33610 Summary: Moodle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. The following Moodle branches and corresponding versions are affected: 1.9.x: prior to 1.9.4 1.8.x: prior to 1.8.8 1.7.x: prior to 1.7.7 1.6.x: prior to 1.6.9 2. QIP 2005 Malformed Rich Text Message Remote Denial of Service Vulnerability BugTraq ID: 33609 Remote: Yes Date Published: 2009-02-04 Relevant URL: http://www.securityfocus.com/bid/33609 Summary: QIP 2005 is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow attackers to cause the application to hang and consume excessive computer resources, denying service to legitimate users. This issue may occur in a third party component used by QIP 2005; however this has not been confirmed. This issue affects QIP 2005 build 8082; other versions may also be vulnerable. 3. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability BugTraq ID: 33595 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33595 Summary: Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. We don't know which versions of Simple Machines Forum are affected. We will update this BID when more information is available. 4. BlazeVideo HDTV Player PLF File Heap Buffer Overflow Vulnerability BugTraq ID: 33588 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33588 Summary: BlazeVideo HDTV Player is prone to a heap-based buffer-overflow vulnerability because the application fails to handle malformed playlist files. An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition. BlazeVideo HDTV Player 3.5 is vulnerable; other versions may also be affected. 5. Nokia Multimedia Player '.m3u' File Heap Buffer Overflow Vulnerability BugTraq ID: 33586 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33586 Summary: Nokia Multimedia Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. Nokia Multimedia Player 1.1 is vulnerable; other versions may also be affected. 6. NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities BugTraq ID: 33585 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33585 Summary: NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Additionally, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. NaviCOPA Web Server 3.01 is vulnerable; other versions may also be affected. 7. BreakPoint Software Hex Workshop '.cmap' File Handling Memory Corruption Vulnerability BugTraq ID: 33584 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33584 Summary: Hex Workshop is prone to a memory-corruption vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Hex Workshop 6 is vulnerable; other versions may also be affected. 8. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability BugTraq ID: 33581 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33581 Summary: Bugzilla is prone to a vulnerability caused by the use of a shared random seed. This issue occurs when Bugzilla is running under mod_perl. An attacker may exploit this issue to predict random values generated by Bugzilla. This may reveal sensitive information such as attachment files or may allow the attacker to bypass cross-site request-forgery protection by predicting random token values. Other attacks may also be possible. This issue affects Bugzilla 3.0.7, 3.2.1, and 3.3.2 when run under mod_perl. 9. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities BugTraq ID: 33580 Remote: Yes Date Published: 2009-02-02 Relevant URL: http://www.securityfocus.com/bid/33580 Summary: Bugzilla is prone to multiple remote vulnerabilities, including an HTML-injection issue and cross-site request-forgery issues. An attacker can exploit these issues to execute arbitrary script code in a user's browser in the context of the application, steal cookie-based authentication credentials, obtain sensitive information, and perform arbitrary actions in the context of the logged-in user. These issues affect versions prior to Bugzilla 2.22.7, 3.0.7, 3.2.1, and 3.3.2. 10. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability BugTraq ID: 33579 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33579 Summary: Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected. This BID is being retired as an attacker requires administrative access to an affected application to exploit this issue. An attacker with that access would not need to exploit any issue in order to compromise the application in this manner. 11. Multiple Kaspersky Products 'klim5.sys' Local Privilege Escalation Vulnerability BugTraq ID: 33561 Remote: No Date Published: 2009-02-02 Relevant URL: http://www.securityfocus.com/bid/33561 Summary: Multiple Kaspersky products are prone to a local privilege-escalation vulnerability because the applications fail to perform adequate boundary checks on user-supplied data. A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions in the following product groups: Kaspersky AV 2008 Kaspersky AV for WorkStations 6.0 12. Novell GroupWise Internet Agent SMTP RCPT Command Remote Buffer Overflow Vulnerability BugTraq ID: 33560 Remote: Yes Date Published: 2009-01-30 Relevant URL: http://www.securityfocus.com/bid/33560 Summary: Novell GroupWise Internet Agent is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application, possibly with root or SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. 13. Spider Player Multiple Playlist Files Buffer Overflow Vulnerability BugTraq ID: 33548 Remote: Yes Date Published: 2009-01-30 Relevant URL: http://www.securityfocus.com/bid/33548 Summary: Spider Player is prone to an off-by-one buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash the application. Spider Player 2.3.9.5 is vulnerable; other versions may also be affected. 14. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability BugTraq ID: 33515 Remote: Yes Date Published: 2009-01-29 Relevant URL: http://www.securityfocus.com/bid/33515 Summary: Web on Windows (WOW) ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. Successfully exploiting this issue will allow an attacker to overwrite arbitrary files and execute arbitrary code on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). WOW 2 is vulnerable; other versions may also be affected. 15. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability BugTraq ID: 33513 Remote: Yes Date Published: 2009-01-29 Relevant URL: http://www.securityfocus.com/bid/33513 Summary: Thomson Demo mp3PRO Player/Encoder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Thomson Demo mp3PRO Player/Encoder 1.1.0 is vulnerable; other versions may also be affected. 16. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability BugTraq ID: 33494 Remote: Yes Date Published: 2009-01-28 Relevant URL: http://www.securityfocus.com/bid/33494 Summary: Microsoft Internet Explorer is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue may allow an attacker to crash the browser, which will result in a denial-of-service condition. Internet Explorer 7 on Windows XP SP3 is vulnerable; other versions running on different platforms may also be affected. NOTE: This issue was originally published as a buffer-overflow vulnerability that could result in remote code execution. Further analysis and vendor reports, however, suggest that exploiting this issue may cause only a denial-of-service condition from stack exhaustion. This vulnerability cannot be exploited to execute arbitrary code. 17. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities BugTraq ID: 33492 Remote: Yes Date Published: 2009-01-27 Relevant URL: http://www.securityfocus.com/bid/33492 Summary: Horde IMP Webmail Client is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. Versions prior to IMP 4.2.2 and 4.3.3 are affected. 18. Zinf Multiple Playlist Files Buffer Overflow Vulnerability BugTraq ID: 33482 Remote: Yes Date Published: 2009-01-27 Relevant URL: http://www.securityfocus.com/bid/33482 Summary: Zinf is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts will likely crash the application. Zinf 2.2.1 is vulnerable; other versions may also be affected. 19. Win FTP Server 'LIST' FTP Command Remote Buffer Overflow Vulnerability BugTraq ID: 33454 Remote: Yes Date Published: 2009-01-26 Relevant URL: http://www.securityfocus.com/bid/33454 Summary: Win FTP Server is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Win FTP Server 2.3.0 is vulnerable; other versions may also be affected. 20. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities BugTraq ID: 33450 Remote: Yes Date Published: 2009-01-26 Relevant URL: http://www.securityfocus.com/bid/33450 Summary: Simple Machines Forum is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected. 21. Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability BugTraq ID: 33440 Remote: No Date Published: 2009-01-26 Relevant URL: http://www.securityfocus.com/bid/33440 Summary: The 'RunAs' application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths. A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords. 22. Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service Vulnerability BugTraq ID: 33432 Remote: Yes Date Published: 2009-01-26 Relevant URL: http://www.securityfocus.com/bid/33432 Summary: Nokia Multimedia Player is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected application, denying service to legitimate users. Nokia Multimedia Player 1.1 is vulnerable; other versions may also be affected. 23. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities BugTraq ID: 33426 Remote: Yes Date Published: 2009-01-26 Relevant URL: http://www.securityfocus.com/bid/33426 Summary: WFTPD Pro is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle specially crafted FTP commands in a proper manner. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. WFTPD Pro 3.30.0.1 is vulnerable; other versions may also be affected. UPDATE (January 29, 2009): This issue is reported to affect only servers that have the 'Enable Security' configuration option disabled. 24. MediaMonkey '.m3u' File Remote Buffer Overflow Vulnerability BugTraq ID: 33420 Remote: Yes Date Published: 2009-01-25 Relevant URL: http://www.securityfocus.com/bid/33420 Summary: MediaMonkey is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. MediaMonkey 3.0.6 is vulnerable; other versions may also be affected. 25. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability BugTraq ID: 33419 Remote: Yes Date Published: 2009-01-25 Relevant URL: http://www.securityfocus.com/bid/33419 Summary: Merak Media Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Merak Media Player 3.2 is vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #429 http://www.securityfocus.com/archive/88/500589 2. customer user accounts and internal user accounts on same domain http://www.securityfocus.com/archive/88/500442 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ Symantec NetBackup Design Best Practices with Data Domain This white paper walks you through how Data Domain integrates with NBU, including planning and sizing considerations, operational considerations, offsite replication, and other integration basics so you can get the most out of this powerful solution. http://dinclinx.com/Redirect.aspx?36;2173;45;189;0;10;259;46b98cc7718e4a7c
