SecurityFocus Microsoft Newsletter #444 ----------------------------------------
This issue is sponsored by Thawte SExtended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers. http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f214c470a SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.A Botnet by Any Other Name 2.Projecting Borders into Cyberspace II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability 2. Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability 3. Simple Machines Forum 'image/bmp' MIME Type HTML Injection Vulnerability 4. ImageMagick TIFF File Integer Overflow Vulnerability 5. Ston3D S3DPlayer Web and StandAlone 'system.openURL()' Remote Command Injection Vulnerability 6. Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities 7. SonicWALL Global Security Client Local Privilege Escalation Vulnerability 8. SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation Vulnerability 9. Soulseek Distributed File Search Buffer Overflow Vulnerability 10. Wireshark PCNFSD Dissector Denial of Service Vulnerability 11. Novell GroupWise Internet Agent SMTP Request Processing Buffer Overflow Vulnerability 12. Novell GroupWise Internet Agent Email Address Processing Buffer Overflow Vulnerability 13. Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability 14. CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability 15. Mereo Malformed URI Remote Denial Of Service Vulnerability 16. httpdx Multiple Commands Remote Buffer Overflow Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. New Tech Tip: Configuring Windows 7 for a limited user 2. AD Password complexity - passwords too long? IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. A Botnet by Any Other Name By Gubter Ollmann The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents. http://www.securityfocus.com/columnists/501 2.Projecting Borders into Cyberspace By Jeffrey Carr Two recent stories of significant cyber attacks come close to blaming the Chinese for the intrusions but stop short. http://www.securityfocus.com/columnists/500 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability BugTraq ID: 35139 Remote: Yes Date Published: 2009-05-28 Relevant URL: http://www.securityfocus.com/bid/35139 Summary: Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component fails to properly handle QuickTime media files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition. 2. Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability BugTraq ID: 35133 Remote: No Date Published: 2009-05-27 Relevant URL: http://www.securityfocus.com/bid/35133 Summary: Citrix Password Manager is prone to a local information-disclosure vulnerability. Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in further attacks. Versions prior to Password Manager 4.6 SP1 are vulnerable. 3. Simple Machines Forum 'image/bmp' MIME Type HTML Injection Vulnerability BugTraq ID: 35130 Remote: Yes Date Published: 2009-05-28 Relevant URL: http://www.securityfocus.com/bid/35130 Summary: Simple Machines Forum (SMF) is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. NOTE: This issue was originally documented as a cross-site scripting vulnerability. After further analysis, the BID has been rewritten as an HTML-injection issue. 4. ImageMagick TIFF File Integer Overflow Vulnerability BugTraq ID: 35111 Remote: Yes Date Published: 2009-05-27 Relevant URL: http://www.securityfocus.com/bid/35111 Summary: ImageMagick is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input. The vulnerability occurs when handling malformed TIFF files. Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition. ImageMagick 6.5.2-8 is vulnerable; other versions may be affected as well. 5. Ston3D S3DPlayer Web and StandAlone 'system.openURL()' Remote Command Injection Vulnerability BugTraq ID: 35105 Remote: Yes Date Published: 2009-05-28 Relevant URL: http://www.securityfocus.com/bid/35105 Summary: S3DPlayer Web and StandAlone are prone to a remote command-injection vulnerability because they fail to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands, within the context of the affected application. 6. Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities BugTraq ID: 35100 Remote: No Date Published: 2009-05-26 Relevant URL: http://www.securityfocus.com/bid/35100 Summary: Multiple ArcaBit ArcaVir products are prone to multiple local privilege-escalation vulnerabilities that affect the 'ps_drv.sys' driver. An attacker can exploit these issues to execute arbitrary code with elevated privileges, facilitating a complete compromise of the affected computer. The following applications are vulnerable: ArcaVir 2009 Antivirus Protection ArcaVir 2009 Internet Security ArcaVir 2009 System Protection ArcaVir 2009 Home Protection 7. SonicWALL Global Security Client Local Privilege Escalation Vulnerability BugTraq ID: 35094 Remote: No Date Published: 2009-05-26 Relevant URL: http://www.securityfocus.com/bid/35094 Summary: SonicWALL Global Security Client is prone to a local privilege-escalation vulnerability because the application fails to perform adequate boundary checks on user-supplied data. A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Global Security Client 1.0.0.15 is vulnerable; other versions may also be affected. 8. SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation Vulnerability BugTraq ID: 35092 Remote: No Date Published: 2009-05-26 Relevant URL: http://www.securityfocus.com/bid/35092 Summary: SonicWALL Global VPN Client is prone to a local privilege-escalation vulnerability. Successfully exploiting this issue allows local users to execute arbitrary code with LocalSystem privileges, facilitating the complete compromise of affected computers. Global VPN Client 4.0.0.835 is vulnerable; other versions may also be affected. 9. Soulseek Distributed File Search Buffer Overflow Vulnerability BugTraq ID: 35091 Remote: Yes Date Published: 2009-05-25 Relevant URL: http://www.securityfocus.com/bid/35091 Summary: Soulseek is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempt will result in a denial-of-service condition. Soulseek 156 and 157 NS are vulnerable; other versions may also be affected. 10. Wireshark PCNFSD Dissector Denial of Service Vulnerability BugTraq ID: 35081 Remote: Yes Date Published: 2009-05-21 Relevant URL: http://www.securityfocus.com/bid/35081 Summary: Wireshark is prone to a denial-of-service vulnerability. Exploiting this issue may allow attackers to cause the application to crash. This issue affects Wireshark 0.8.20 through 1.0.7. 11. Novell GroupWise Internet Agent SMTP Request Processing Buffer Overflow Vulnerability BugTraq ID: 35065 Remote: Yes Date Published: 2009-05-21 Relevant URL: http://www.securityfocus.com/bid/35065 Summary: Novell GroupWise Internet Agent is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application, possibly with root or SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. 12. Novell GroupWise Internet Agent Email Address Processing Buffer Overflow Vulnerability BugTraq ID: 35064 Remote: Yes Date Published: 2009-05-21 Relevant URL: http://www.securityfocus.com/bid/35064 Summary: Novell GroupWise Internet Agent is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application, possibly with root or SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. 13. Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability BugTraq ID: 35052 Remote: Yes Date Published: 2009-05-20 Relevant URL: http://www.securityfocus.com/bid/35052 Summary: Nullsoft Winamp is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Winamp 5.55 and prior versions are vulnerable. 14. CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability BugTraq ID: 35040 Remote: Yes Date Published: 2009-05-20 Relevant URL: http://www.securityfocus.com/bid/35040 Summary: CiscoWorks Common Services TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to upload and download arbitrary files outside of the TFTP server root directory. This may result in a denial-of-service condition or lead to a complete compromise of the affected computer. This issue is tracked by Cisco Bug ID CSCsx07107. CiscoWorks Common Services 3.0.x, 3.1.x, and 3.2.x running on Microsoft Windows are vulnerable. 15. Mereo Malformed URI Remote Denial Of Service Vulnerability BugTraq ID: 35014 Remote: Yes Date Published: 2009-05-18 Relevant URL: http://www.securityfocus.com/bid/35014 Summary: Mereo is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Mereo 1.8.0 is vulnerable; other versions may also be affected. 16. httpdx Multiple Commands Remote Buffer Overflow Vulnerabilities BugTraq ID: 35006 Remote: Yes Date Published: 2009-05-18 Relevant URL: http://www.securityfocus.com/bid/35006 Summary: The 'httpdx' program is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. These issues affect httpdx 0.5b; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. New Tech Tip: Configuring Windows 7 for a limited user http://www.securityfocus.com/archive/88/503884 2. AD Password complexity - passwords too long? http://www.securityfocus.com/archive/88/503573 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Thawte SExtended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers. http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f214c470a
