SecurityFocus Microsoft Newsletter #435 ----------------------------------------
This issue is sponsored by Sophos Laws, regulations and compliance: Top tips for keeping your data under your control http://dinclinx.com/Redirect.aspx?36;4035;35;189;0;5;259;787c0986ab9c445a SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Contracting For Secure Code 2. Free Market Filtering II. MICROSOFT VULNERABILITY SUMMARY 1. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability 2. RainbowPlayer '.rpl' File Remote Buffer Overflow Vulnerability 3. PostgreSQL Low Cost Function Information Disclosure Vulnerability 4. MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability 5. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability 6. RadASM '.rap' Project File Stack-Based Buffer Overflow Vulnerability 7. Nokia Multimedia Player '.npl' File Heap Buffer Overflow Vulnerability 8. mks_vir 'mksmonen.sys' IOCTL Request Local Privilege Escalation Vulnerability 9. Microsoft Windows Kernel Handle Local Privilege Escalation Vulnerability 10. Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability 11. Microsoft Windows SChannel Authentication Spoofing Vulnerability 12. Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability 13. Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability 14. Nullsoft Winamp 'skin.xml' Skin File Buffer Overflow Vulnerability 15. Multiple Vendor libc 'fts.c' Denial of Service Vulnerability 16. FileZilla Server SSL/TLS Unspecified Buffer Overflow Denial Of Service Vulnerability 17. Microsoft March 2009 Advance Notification Multiple Vulnerabilities 18. Microsoft Windows DNS Server WPAD Access Validation Vulnerability 19. Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability 20. Microsoft Windows DNS Server Response Caching DNS Spoofing Vulnerability 21. Easy File Sharing Web Server 'thumbnail.php' File Disclosure Vulnerability 22. EFS Software Easy Chat Server 'registresult.htm' Authentication Bypass Vulnerability 23. VUPlayer '.CUE' File Buffer Overflow Vulnerability 24. Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. SQL Server stored procedure encryption 2. SecurityFocus Microsoft Newsletter #434 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Contracting For Secure Code By Chris Wysopal Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask Kaspersky Lab. http://www.securityfocus.com/columnists/494 2. Free Market Filtering By Mark Rasch The Australian government is considering requiring that Internet service providers in that country install filters which would prevent citizens from accessing tens of thousands of sites that contain "objectionable" material. http://www.securityfocus.com/columnists/493 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability BugTraq ID: 34090 Remote: Yes Date Published: 2009-03-11 Relevant URL: http://www.securityfocus.com/bid/34090 Summary: PostgreSQL is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow attackers to terminate connections to the PostgreSQL server, denying service to legitimate users. 2. RainbowPlayer '.rpl' File Remote Buffer Overflow Vulnerability BugTraq ID: 34072 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34072 Summary: RainbowPlayer is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. RainbowPlayer 0.91 is vulnerable; other versions may also be affected. 3. PostgreSQL Low Cost Function Information Disclosure Vulnerability BugTraq ID: 34069 Remote: No Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34069 Summary: PostgreSQL is prone to an information-disclosure vulnerability. Local attackers can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks. PostgreSQL 8.3.6 is vulnerable; other versions may also be affected. 4. MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability BugTraq ID: 34051 Remote: Yes Date Published: 2009-03-09 Relevant URL: http://www.securityfocus.com/bid/34051 Summary: MediaCoder is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. MediaCoder 6.2.4275 is vulnerable; other versions may also be affected. 5. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability BugTraq ID: 34044 Remote: Yes Date Published: 2009-03-09 Relevant URL: http://www.securityfocus.com/bid/34044 Summary: eZip Wizard is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. eZip Wizard 3.0 is vulnerable; other versions may also be affected. 6. RadASM '.rap' Project File Stack-Based Buffer Overflow Vulnerability BugTraq ID: 34042 Remote: Yes Date Published: 2009-03-09 Relevant URL: http://www.securityfocus.com/bid/34042 Summary: RadASM is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. RadASM 2.2.1.5 is vulnerable; other versions may also be affected. 7. Nokia Multimedia Player '.npl' File Heap Buffer Overflow Vulnerability BugTraq ID: 34041 Remote: Yes Date Published: 2009-03-09 Relevant URL: http://www.securityfocus.com/bid/34041 Summary: Nokia Multimedia Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. Nokia Multimedia Player 1.0 is vulnerable; other versions may also be affected. 8. mks_vir 'mksmonen.sys' IOCTL Request Local Privilege Escalation Vulnerability BugTraq ID: 34039 Remote: No Date Published: 2009-03-09 Relevant URL: http://www.securityfocus.com/bid/34039 Summary: The 'mks_vir' program is prone a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges; this may aid in further attacks. Versions prior to mks_vir 9 Beta 1.2.0.0 build 297 are vulnerable. 9. Microsoft Windows Kernel Handle Local Privilege Escalation Vulnerability BugTraq ID: 34027 Remote: No Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34027 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. 10. Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability BugTraq ID: 34025 Remote: No Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34025 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. 11. Microsoft Windows SChannel Authentication Spoofing Vulnerability BugTraq ID: 34015 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34015 Summary: Microsoft Windows SChannel is prone to an authentication-spoofing vulnerability because it fails to properly validate certain client-server certificate exchanges. Successful exploits will allow attackers to authenticate to trusted servers by spoofing a legitimate user's credentials. This may aid in further attacks. 12. Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability BugTraq ID: 34013 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34013 Summary: The Microsoft Windows WINS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) and ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) entries. An authenticated attacker may exploit this issue to create a WPAD or ISATAP WINS entry. This may aid in man-in-the-middle and spoofing attacks. Other attacks are also possible. 13. Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability BugTraq ID: 34012 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34012 Summary: Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious EMF or WMF image file. Successfully exploiting this issue will allow attackers to execute arbitrary code with kernel-level privileges, completely compromising affected computers. Failed exploit attempts will result in a denial-of-service condition. 14. Nullsoft Winamp 'skin.xml' Skin File Buffer Overflow Vulnerability BugTraq ID: 34009 Remote: Yes Date Published: 2009-03-05 Relevant URL: http://www.securityfocus.com/bid/34009 Summary: Nullsoft Winamp is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Note that this issue may be related to BID 5832 (Nullsoft Winamp 3 Skin File Buffer Overflow Vulnerability). Versions prior to Winamp 5.55 are vulnerable. 15. Multiple Vendor libc 'fts.c' Denial of Service Vulnerability BugTraq ID: 34008 Remote: No Date Published: 2009-03-05 Relevant URL: http://www.securityfocus.com/bid/34008 Summary: Multiple libc libraries are prone to a denial-of-service vulnerability caused by an error when handling deeply nested directory structures. An attacker can exploit this issue to cause applications using vulnerable libraries to crash with a segmentation fault, denying service to legitimate users. The following are reported vulnerable: OpenBSD 4.4 Microsoft Interix 6.0 10.0.6030.0 Microsoft Vista Enterprise Other libraries may also be affected. 16. FileZilla Server SSL/TLS Unspecified Buffer Overflow Denial Of Service Vulnerability BugTraq ID: 34006 Remote: Yes Date Published: 2009-03-05 Relevant URL: http://www.securityfocus.com/bid/34006 Summary: FileZilla Server is prone to a denial-of-service vulnerability because it fails to adequately validate data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed. Versions prior to FileZilla Server 0.9.31 are vulnerable. 17. Microsoft March 2009 Advance Notification Multiple Vulnerabilities BugTraq ID: 34005 Remote: Yes Date Published: 2009-03-05 Relevant URL: http://www.securityfocus.com/bid/34005 Summary: Microsoft has released advance notification that the vendor will be releasing three security bulletins on March 10, 2009. The highest severity rating for these issues is 'Critical'. These issues affect Windows. Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. Individual records will be created to better document these issues when the bulletins are released. 18. Microsoft Windows DNS Server WPAD Access Validation Vulnerability BugTraq ID: 33989 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/33989 Summary: The Microsoft Windows DNS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) entries. An authenticated attacker may exploit this issue to create a WPAD DNS entry. This may aid in man-in-the-middle and spoofing attacks. Other attacks are also possible. 19. Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability BugTraq ID: 33988 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/33988 Summary: The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to cache responses to specially crafted DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. 20. Microsoft Windows DNS Server Response Caching DNS Spoofing Vulnerability BugTraq ID: 33982 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/33982 Summary: The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to properly reuse cached responses. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. 21. Easy File Sharing Web Server 'thumbnail.php' File Disclosure Vulnerability BugTraq ID: 33973 Remote: Yes Date Published: 2009-03-04 Relevant URL: http://www.securityfocus.com/bid/33973 Summary: Easy File Sharing Web Server is prone to a vulnerability that lets attackers obtain potentially sensitive information because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks. Easy File Sharing Web Server 4.8 is vulnerable; other versions may also be affected. 22. EFS Software Easy Chat Server 'registresult.htm' Authentication Bypass Vulnerability BugTraq ID: 33967 Remote: Yes Date Published: 2009-03-03 Relevant URL: http://www.securityfocus.com/bid/33967 Summary: EFS Software Easy Chat Server is prone to an authentication-bypass vulnerability because it fails to perform adequate authentication checks. Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks. Easy Chat Server 2.2 is vulnerable; other versions may also be affected. 23. VUPlayer '.CUE' File Buffer Overflow Vulnerability BugTraq ID: 33960 Remote: Yes Date Published: 2009-03-02 Relevant URL: http://www.securityfocus.com/bid/33960 Summary: VUPlayer is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. VUPlayer 2.49 is vulnerable; other versions may also be affected. 24. Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities BugTraq ID: 33958 Remote: Yes Date Published: 2009-03-02 Relevant URL: http://www.securityfocus.com/bid/33958 Summary: Media Commands is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. Media Commands 1.0 is vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SQL Server stored procedure encryption http://www.securityfocus.com/archive/88/501582 2. SecurityFocus Microsoft Newsletter #434 http://www.securityfocus.com/archive/88/501511 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Sophos Laws, regulations and compliance: Top tips for keeping your data under your control http://dinclinx.com/Redirect.aspx?36;4035;35;189;0;5;259;787c0986ab9c445a
