SecurityFocus Microsoft Newsletter #437 ----------------------------------------
This issue is sponsored by Entrust Securing What's at Risk: A Common Sense Approach to Protecting Users Online This white paper outlines issues with managing online identities across a diverse customer base when faced with increasing threats. It proposes a common sense approach that matches security to the assessed risk for users, actions and applications. http://dinclinx.com/Redirect.aspx?36;3123;45;189;0;7;259;4e7f07a589d94938 SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Time to Shield Researchers 2. Contracting For Secure Code II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities 2. Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability 3. Sysax Multi Server FTP 'DELE' Directory Traversal Vulnerability 4. Orbit Downloader ActiveX Control 'download()' Method Arbitrary File Delete Vulnerability 5. POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability 6. BS.Player '.bsl' File Hostname Remote Buffer Overflow Vulnerability 7. Internet Explorer Unspecified Remote Code Execution Vulnerability 8. Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability 9. CDex 'ogg' File Buffer Overflow Vulnerability 10. PHPRunner 'SearchField' Parameter SQL Injection Vulnerability 11. Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability 12. JustSystems Ichitaro Unspecified Code Execution Vulnerability 13. WinAsm Studio '.wap' Project File Heap-Based Buffer Overflow Vulnerability 14. Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability 15. Rosoft Media Player 'rml' File Buffer Overflow Vulnerability 16. Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability 17. Symantec pcAnywhere Local Format String Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Time to Shield Researchers By Oliver Day Research is the backbone of the security industry but the legal climate has become so adverse that researchers have had to worry about injunctions, FBI visits, and even arrest. http://www.securityfocus.com/columnists/495 2. Contracting For Secure Code By Chris Wysopal Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask Kaspersky Lab. http://www.securityfocus.com/columnists/494 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft Windows Services for UNIX / Subsystem for UNIX-based Applications Multiple Vulnerabilities BugTraq ID: 34258 Remote: Yes Date Published: 2009-03-23 Relevant URL: http://www.securityfocus.com/bid/34258 Summary: Microsoft Windows Services for UNIX and Subsystem for UNIX-based Applications (SUA) are prone to multiple remote code-execution vulnerabilities. Exploiting these issues can allow an attacker to execute arbitrary code within the context of the affected applications. Various versions of Windows 2008, Windows Vista, and Windows Services for UNIX are affected. 2. Microsoft GDI+ EMF 'GpFont.SetData()' Buffer Overflow Vulnerability BugTraq ID: 34250 Remote: Yes Date Published: 2009-03-24 Relevant URL: http://www.securityfocus.com/bid/34250 Summary: Microsoft GDI+ is prone to a stack-based buffer-overflow vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user. NOTE (March 25, 2009): Further investigation reveals that this issue is in fact a new issue and has been assigned its own BID. Information that was added on March 24, 2009 to BID 31019 ('Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability') is now provided in this BID. 3. Sysax Multi Server FTP 'DELE' Directory Traversal Vulnerability BugTraq ID: 34209 Remote: Yes Date Published: 2009-03-23 Relevant URL: http://www.securityfocus.com/bid/34209 Summary: Sysax Multi Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow a remote attacker to access arbitrary files outside of the FTP server root directory. This can expose sensitive information that could help the attacker launch further attacks. Sysax Multi Server 4.3 is vulnerable; other versions may also be affected. 4. Orbit Downloader ActiveX Control 'download()' Method Arbitrary File Delete Vulnerability BugTraq ID: 34200 Remote: Yes Date Published: 2009-03-23 Relevant URL: http://www.securityfocus.com/bid/34200 Summary: Orbit Downloader ActiveX control is prone to a vulnerability that lets attackers delete arbitrary files on the affected computer in the context of the application using the ActiveX control (typically Internet Explorer). Successful attacks can result in denial-of-service conditions. Orbit Downloader 2.8.7 is vulnerable; other versions may also be affected. 5. POP Peeper 'From' Mail Header Remote Buffer Overflow Vulnerability BugTraq ID: 34192 Remote: Yes Date Published: 2009-03-20 Relevant URL: http://www.securityfocus.com/bid/34192 Summary: POP Peeper is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. UPDATE (March 23, 2009): This issue may also be triggered by loading an '.eml' mail file that includes an overly long string as a 'From' mail header. POP Peeper 3.4.0.0 is vulnerable; other versions may also be affected. 6. BS.Player '.bsl' File Hostname Remote Buffer Overflow Vulnerability BugTraq ID: 34190 Remote: Yes Date Published: 2009-03-20 Relevant URL: http://www.securityfocus.com/bid/34190 Summary: BS.Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. 7. Internet Explorer Unspecified Remote Code Execution Vulnerability BugTraq ID: 34182 Remote: Yes Date Published: 2009-03-19 Relevant URL: http://www.securityfocus.com/bid/34182 Summary: Internet Explorer is prone to an unspecified remote code-execution vulnerability. This issue was demonstrated at the CanSecWest 2009 conference. Technical details are not yet available; we will update this BID as more information emerges. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions. 8. Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability BugTraq ID: 34167 Remote: Yes Date Published: 2009-03-18 Relevant URL: http://www.securityfocus.com/bid/34167 Summary: Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Icarus 2.0 is vulnerable; other versions may also be affected. 9. CDex 'ogg' File Buffer Overflow Vulnerability BugTraq ID: 34164 Remote: Yes Date Published: 2009-03-18 Relevant URL: http://www.securityfocus.com/bid/34164 Summary: CDex is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. CDex 1.70 (Beta 2) is vulnerable; other versions may also be affected. 10. PHPRunner 'SearchField' Parameter SQL Injection Vulnerability BugTraq ID: 34146 Remote: Yes Date Published: 2009-03-17 Relevant URL: http://www.securityfocus.com/bid/34146 Summary: PHPRunner generates scripts that are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. PHPRunner 4.2 is vulnerable; other versions may also be affected. 11. Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability BugTraq ID: 34141 Remote: Yes Date Published: 2009-03-17 Relevant URL: http://www.securityfocus.com/bid/34141 Summary: Talkative IRC is prone to a stack-based buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Talkative IRC 0.4.4.16 is vulnerable; other versions may also be affected. 12. JustSystems Ichitaro Unspecified Code Execution Vulnerability BugTraq ID: 34138 Remote: Yes Date Published: 2009-03-16 Relevant URL: http://www.securityfocus.com/bid/34138 Summary: Ichitaro is prone to an unspecified remote code-execution vulnerability. Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition. Ichitaro 2008 and prior versions are vulnerable. 13. WinAsm Studio '.wap' Project File Heap-Based Buffer Overflow Vulnerability BugTraq ID: 34132 Remote: Yes Date Published: 2009-03-16 Relevant URL: http://www.securityfocus.com/bid/34132 Summary: WinAsm Studio is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. WinAsm Studio 5.1.5.0 is vulnerable; other versions may also be affected. 14. Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability BugTraq ID: 34125 Remote: Yes Date Published: 2009-03-16 Relevant URL: http://www.securityfocus.com/bid/34125 Summary: Serv-U FTP Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an authenticated user to create directories outside the FTP root directory, which may lead to other attacks. Serv-U FTP Server 7.4.0.1 is vulnerable; other versions may also be affected. 15. Rosoft Media Player 'rml' File Buffer Overflow Vulnerability BugTraq ID: 34124 Remote: Yes Date Published: 2009-03-16 Relevant URL: http://www.securityfocus.com/bid/34124 Summary: Rosoft Media Player is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. 16. Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability BugTraq ID: 34086 Remote: Yes Date Published: 2009-03-17 Relevant URL: http://www.securityfocus.com/bid/34086 Summary: Autonomy KeyView module is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Exploiting this issue will allow an attacker to corrupt memory and to cause denial-of-service conditions or potentially to execute arbitrary code in the context of the application using the module. Multiple products using the KeyView module are affected. 17. Symantec pcAnywhere Local Format String Vulnerability BugTraq ID: 33845 Remote: No Date Published: 2009-03-17 Relevant URL: http://www.securityfocus.com/bid/33845 Summary: Symantec pcAnywhere is prone to a local format-string vulnerability. A local attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. The attacker may also be able to execute arbitrary code within the context of the application, but this has not been confirmed. pcAnywhere 12.0, 12.1, and 12.5 are vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Entrust Securing What's at Risk: A Common Sense Approach to Protecting Users Online This white paper outlines issues with managing online identities across a diverse customer base when faced with increasing threats. It proposes a common sense approach that matches security to the assessed risk for users, actions and applications. http://dinclinx.com/Redirect.aspx?36;3123;45;189;0;7;259;4e7f07a589d94938
