SecurityFocus Microsoft Newsletter #436 ----------------------------------------
This issue is sponsored by Tripwire Configuration Assessment: Choosing the Right Solution Configuration assessment lets businesses proactively secure their IT infrastructure and achieve compliance with important industry standards and regulations. Learn why configuration assessment is so important, why organizations find it difficult to control system configurations, and what types of configuration assessment solutions are available. http://dinclinx.com/Redirect.aspx?36;3065;32;189;0;3;259;458f725ab218caf9 SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Contracting For Secure Code 2. Free Market Filtering II. MICROSOFT VULNERABILITY SUMMARY 1. Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability 2. CDex 'ogg' File Buffer Overflow Vulnerability 3. PHPRunner 'SearchField' Parameter SQL Injection Vulnerability 4. Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability 5. JustSystems Ichitaro Unspecified Code Execution Vulnerability 6. WinAsm Studio '.wap' Project File Heap-Based Buffer Overflow Vulnerability 7. Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability 8. Rosoft Media Player 'rml' File Buffer Overflow Vulnerability 9. Multiple SlySoft Products Driver IOCTL Request Multiple Local Buffer Overflow Vulnerabilities 10. Apple iTunes Information Disclosure and Denial of Service Vulnerabilities 11. POP Peeper 'Date' Remote Buffer Overflow Vulnerability 12. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability 13. Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability 14. RainbowPlayer '.rpl' File Remote Buffer Overflow Vulnerability 15. PostgreSQL Low Cost Function Information Disclosure Vulnerability 16. MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability 17. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability 18. RadASM '.rap' Project File Stack-Based Buffer Overflow Vulnerability 19. Nokia Multimedia Player '.npl' File Heap Buffer Overflow Vulnerability 20. mks_vir 'mksmonen.sys' IOCTL Request Local Privilege Escalation Vulnerability 21. Microsoft Windows Kernel Handle Local Privilege Escalation Vulnerability 22. Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability 23. Microsoft Windows SChannel Authentication Spoofing Vulnerability 24. Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability 25. Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability 26. Microsoft Windows DNS Server WPAD Access Validation Vulnerability 27. Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability 28. Microsoft Windows DNS Server Response Caching DNS Spoofing Vulnerability 29. Symantec pcAnywhere Local Format String Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #435 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Contracting For Secure Code By Chris Wysopal Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask Kaspersky Lab. http://www.securityfocus.com/columnists/494 2. Free Market Filtering By Mark Rasch The Australian government is considering requiring that Internet service providers in that country install filters which would prevent citizens from accessing tens of thousands of sites that contain "objectionable" material. http://www.securityfocus.com/columnists/493 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability BugTraq ID: 34167 Remote: Yes Date Published: 2009-03-18 Relevant URL: http://www.securityfocus.com/bid/34167 Summary: Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Icarus 2.0 is vulnerable; other versions may also be affected. 2. CDex 'ogg' File Buffer Overflow Vulnerability BugTraq ID: 34164 Remote: Yes Date Published: 2009-03-18 Relevant URL: http://www.securityfocus.com/bid/34164 Summary: CDex is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. CDex 1.70 (Beta 2) is vulnerable; other versions may also be affected. 3. PHPRunner 'SearchField' Parameter SQL Injection Vulnerability BugTraq ID: 34146 Remote: Yes Date Published: 2009-03-17 Relevant URL: http://www.securityfocus.com/bid/34146 Summary: PHPRunner generates scripts that are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. PHPRunner 4.2 is vulnerable; other versions may also be affected. 4. Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability BugTraq ID: 34141 Remote: Yes Date Published: 2009-03-17 Relevant URL: http://www.securityfocus.com/bid/34141 Summary: Talkative IRC is prone to a stack-based buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Talkative IRC 0.4.4.16 is vulnerable; other versions may also be affected. 5. JustSystems Ichitaro Unspecified Code Execution Vulnerability BugTraq ID: 34138 Remote: Yes Date Published: 2009-03-16 Relevant URL: http://www.securityfocus.com/bid/34138 Summary: Ichitaro is prone to an unspecified remote code-execution vulnerability. Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition. Ichitaro 2008 and prior versions are vulnerable. 6. WinAsm Studio '.wap' Project File Heap-Based Buffer Overflow Vulnerability BugTraq ID: 34132 Remote: Yes Date Published: 2009-03-16 Relevant URL: http://www.securityfocus.com/bid/34132 Summary: WinAsm Studio is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. WinAsm Studio 5.1.5.0 is vulnerable; other versions may also be affected. 7. Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability BugTraq ID: 34125 Remote: Yes Date Published: 2009-03-16 Relevant URL: http://www.securityfocus.com/bid/34125 Summary: Serv-U FTP Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an authenticated user to create directories outside the FTP root directory, which may lead to other attacks. Serv-U FTP Server 7.4.0.1 is vulnerable; other versions may also be affected. 8. Rosoft Media Player 'rml' File Buffer Overflow Vulnerability BugTraq ID: 34124 Remote: Yes Date Published: 2009-03-16 Relevant URL: http://www.securityfocus.com/bid/34124 Summary: Rosoft Media Player is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. 9. Multiple SlySoft Products Driver IOCTL Request Multiple Local Buffer Overflow Vulnerabilities BugTraq ID: 34103 Remote: No Date Published: 2009-03-12 Relevant URL: http://www.securityfocus.com/bid/34103 Summary: Multiple SlySoft products are prone to multiple buffer-overflow vulnerabilities because they fail to adequately validate user-supplied input. A local attacker can exploit these issues to crash the affected system, causing a denial-of-service condition. The attacker may also be able to run arbitrary code with SYSTEM-level privileges, but this has not been confirmed. The following applications are vulnerable: SlySoft AnyDVD 6.5.2.2 SlySoft Virtual CloneDrive 5.4.2.3 SlySoft CloneDVD 2.9.2.0 SlySoft CloneCD 5.3.1.3 10. Apple iTunes Information Disclosure and Denial of Service Vulnerabilities BugTraq ID: 34094 Remote: Yes Date Published: 2009-03-11 Relevant URL: http://www.securityfocus.com/bid/34094 Summary: Apple iTunes is prone to an information-disclosure vulnerability and a denial-of-service vulnerability. Successfully exploiting these issues may allow an attacker to obtain sensitive information or cause the affected application to crash, denying service to legitimate users. Versions prior to Apple iTunes 8.1 are vulnerable. 11. POP Peeper 'Date' Remote Buffer Overflow Vulnerability BugTraq ID: 34093 Remote: Yes Date Published: 2009-03-12 Relevant URL: http://www.securityfocus.com/bid/34093 Summary: POP Peeper is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. POP Peeper 3.4.0.0 is vulnerable; other versions may also be affected. 12. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability BugTraq ID: 34090 Remote: Yes Date Published: 2009-03-11 Relevant URL: http://www.securityfocus.com/bid/34090 Summary: PostgreSQL is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow attackers to terminate connections to the PostgreSQL server, denying service to legitimate users. 13. Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability BugTraq ID: 34086 Remote: Yes Date Published: 2009-03-17 Relevant URL: http://www.securityfocus.com/bid/34086 Summary: Autonomy KeyView module is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Exploiting this issue will allow an attacker to corrupt memory and to cause denial-of-service conditions or potentially to execute arbitrary code in the context of the application using the module. Multiple products using the KeyView module are affected. 14. RainbowPlayer '.rpl' File Remote Buffer Overflow Vulnerability BugTraq ID: 34072 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34072 Summary: RainbowPlayer is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. RainbowPlayer 0.91 is vulnerable; other versions may also be affected. 15. PostgreSQL Low Cost Function Information Disclosure Vulnerability BugTraq ID: 34069 Remote: No Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34069 Summary: PostgreSQL is prone to an information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. PostgreSQL 8.3.6 is vulnerable; other versions may also be affected. 16. MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability BugTraq ID: 34051 Remote: Yes Date Published: 2009-03-09 Relevant URL: http://www.securityfocus.com/bid/34051 Summary: MediaCoder is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. MediaCoder 6.2.4275 is vulnerable; other versions may also be affected. 17. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability BugTraq ID: 34044 Remote: Yes Date Published: 2009-03-09 Relevant URL: http://www.securityfocus.com/bid/34044 Summary: eZip Wizard is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. eZip Wizard 3.0 is vulnerable; other versions may also be affected. 18. RadASM '.rap' Project File Stack-Based Buffer Overflow Vulnerability BugTraq ID: 34042 Remote: Yes Date Published: 2009-03-09 Relevant URL: http://www.securityfocus.com/bid/34042 Summary: RadASM is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. RadASM 2.2.1.5 is vulnerable; other versions may also be affected. 19. Nokia Multimedia Player '.npl' File Heap Buffer Overflow Vulnerability BugTraq ID: 34041 Remote: Yes Date Published: 2009-03-09 Relevant URL: http://www.securityfocus.com/bid/34041 Summary: Nokia Multimedia Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. Nokia Multimedia Player 1.0 is vulnerable; other versions may also be affected. 20. mks_vir 'mksmonen.sys' IOCTL Request Local Privilege Escalation Vulnerability BugTraq ID: 34039 Remote: No Date Published: 2009-03-09 Relevant URL: http://www.securityfocus.com/bid/34039 Summary: The 'mks_vir' program is prone a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges; this may aid in further attacks. Versions prior to mks_vir 9 Beta 1.2.0.0 build 297 are vulnerable. 21. Microsoft Windows Kernel Handle Local Privilege Escalation Vulnerability BugTraq ID: 34027 Remote: No Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34027 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. 22. Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability BugTraq ID: 34025 Remote: No Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34025 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. 23. Microsoft Windows SChannel Authentication Spoofing Vulnerability BugTraq ID: 34015 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34015 Summary: Microsoft Windows SChannel is prone to an authentication-spoofing vulnerability because it fails to properly validate certain client-server certificate exchanges. Successful exploits will allow attackers to authenticate to trusted servers by spoofing a legitimate user's credentials. This may aid in further attacks. 24. Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability BugTraq ID: 34013 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34013 Summary: The Microsoft Windows WINS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) and ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) entries. An authenticated attacker may exploit this issue to create a WPAD or ISATAP WINS entry. This may aid in man-in-the-middle and spoofing attacks. Other attacks are also possible. 25. Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability BugTraq ID: 34012 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/34012 Summary: Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious EMF or WMF image file. Successfully exploiting this issue will allow attackers to execute arbitrary code with kernel-level privileges, completely compromising affected computers. Failed exploit attempts will result in a denial-of-service condition. 26. Microsoft Windows DNS Server WPAD Access Validation Vulnerability BugTraq ID: 33989 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/33989 Summary: The Microsoft Windows DNS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) entries. An authenticated attacker may exploit this issue to create a WPAD DNS entry. This may aid in man-in-the-middle and spoofing attacks. Other attacks are also possible. 27. Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability BugTraq ID: 33988 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/33988 Summary: The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to cache responses to specially crafted DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. 28. Microsoft Windows DNS Server Response Caching DNS Spoofing Vulnerability BugTraq ID: 33982 Remote: Yes Date Published: 2009-03-10 Relevant URL: http://www.securityfocus.com/bid/33982 Summary: The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to properly reuse cached responses. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. 29. Symantec pcAnywhere Local Format String Vulnerability BugTraq ID: 33845 Remote: No Date Published: 2009-03-17 Relevant URL: http://www.securityfocus.com/bid/33845 Summary: Symantec pcAnywhere is prone to a local format-string vulnerability. A local attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. The attacker may also be able to execute arbitrary code within the context of the application, but this has not been confirmed. pcAnywhere 12.0, 12.1, and 12.5 are vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #435 http://www.securityfocus.com/archive/88/501694 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Tripwire Configuration Assessment: Choosing the Right Solution Configuration assessment lets businesses proactively secure their IT infrastructure and achieve compliance with important industry standards and regulations. Learn why configuration assessment is so important, why organizations find it difficult to control system configurations, and what types of configuration assessment solutions are available. http://dinclinx.com/Redirect.aspx?36;3065;32;189;0;3;259;458f725ab218caf9
