-------- Original Message -------- Subject: SecurityFocus Microsoft Newsletter #258 Date: Thu, 29 Sep 2005 07:48:05 -0600 (MDT) From: Marc Fossi <[EMAIL PROTECTED]> To: Focus-MS <[EMAIL PROTECTED]>
SecurityFocus Microsoft Newsletter #258 ---------------------------------------- Need to know what's happening on YOUR network? Symantec DeepSight Analyzer is a free service that gives you the ability to track and manage attacks. Analyzer automatically correlates attacks from various Firewall and network based Intrusion Detection Systems, giving you a comprehensive view of your computer or general network. Sign up today! http://www.securityfocus.com/sponsor/Symantec_sf-news_041130 ------------------------------------------------------------------ I. FRONT AND CENTER 1. Anonymity made easy 2. Skype security and privacy concerns 3. Windows rootkits come of age II. MICROSOFT VULNERABILITY SUMMARY 1. Veritas Storage Exec Multiple Remote DCOM Buffer Overflow Vulnerabilities 2. VBulletin Multiple Moderator And Administrator SQL Injection Vulnerabilities 3. VBulletin Multiple Cross-Site Scripting Vulnerabilities 4. Opera Web Browser Mail Client Multiple Vulnerabilities 5. Opera Web Browser Unspecified Drag And Drop File Upload Vulnerability 6. Microsoft Internet Explorer for Mac OS Denial of Service Vulnerability 7. Mozilla Browser/Firefox JavaScript Engine Integer Overflow Vulnerability 8. PowerArchiver Long Filename Buffer Overflow Vulnerability 9. 7-Zip ARJ File Buffer Overflow Vulnerability 10. Wzdftpd SITE Command Arbitrary Command Execution Vulnerability 11. RealNetworks RealPlayer And Helix Player Format String Vulnerability 12. FL Studio FLP File Processing Heap Overflow Vulnerability 13. SecureW2 Insecure Pre-Master Secret Generation Vulnerability 14. Novell GroupWise Client Local Integer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. Active Directory and IIS on production servers, and clustering 2. ElseNot Project 3. Group Policy Question on firewalls 4. SecurityFocus Microsoft Newsletter #257 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Anonymity made easy By Matthew Tanase The opening passage to True Names, a novella written by noted science fiction author Vernor Vinge nearly 25 years ago, delivers an eerily prescient summary of modern Internet usage. http://www.securityfocus.com/columnists/356 2. Skype security and privacy concerns By Scott Granneman One of my stranger hobbies is collecting interesting and weird anecdotes I find in the news. http://www.securityfocus.com/columnists/357 3.Windows rootkits come of age By Federico Biancuzzi SecurityFocus interviews Greg Hoglund and Jamie Butler on the state of Windows rootkits and how quickly they have evolved. http://www.securityfocus.com/columnists/358 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Veritas Storage Exec Multiple Remote DCOM Buffer Overflow Vulnerabilities BugTraq ID: 14801 Remote: Yes Date Published: 2005-09-19 Relevant URL: http://www.securityfocus.com/bid/14801 Summary: Veritas Storage Exec is susceptible to multiple remote buffer overflow vulnerabilities. These issues are due to the lack of proper bounds checking of user-supplied data prior to copying it to fixed size memory buffers. These issues are located in multiple DCOM servers in the affected product. Both stack-based, and heap-based overflows are identified. By calling associated ActiveX controls, attackers may exploit these overflows to execute arbitrary machine code. These vulnerabilities may be exploited by visiting malicious Web sites, or viewing HTML email containing malicious script code. 2. VBulletin Multiple Moderator And Administrator SQL Injection Vulnerabilities BugTraq ID: 14872 Remote: Yes Date Published: 2005-09-19 Relevant URL: http://www.securityfocus.com/bid/14872 Summary: vBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 3. VBulletin Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 14874 Remote: Yes Date Published: 2005-09-19 Relevant URL: http://www.securityfocus.com/bid/14874 Summary: vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 4. Opera Web Browser Mail Client Multiple Vulnerabilities BugTraq ID: 14880 Remote: Yes Date Published: 2005-09-20 Relevant URL: http://www.securityfocus.com/bid/14880 Summary: Opera Web Browser Mail client is affected by multiple vulnerabilities. These issues could allow remote attackers to spoof attachment names and carry out script injection attacks. These vulnerabilities may also be combined to carry out various attacks. Opera Web Browser 8.02 is reportedly vulnerable, however, it is likely that other versions are affected as well. 5. Opera Web Browser Unspecified Drag And Drop File Upload Vulnerability BugTraq ID: 14884 Remote: Yes Date Published: 2005-09-20 Relevant URL: http://www.securityfocus.com/bid/14884 Summary: Opera Web Browser is affected by an unspecified drag and drop file upload vulnerability. The cause of this issue was not specified, however, it may allow remote attackers to upload arbitrary files to a computer. This can lead to various attacks including arbitrary code execution in the context of the user running the browser. Due to lack of information, further details cannot be provided at the moment. This BID will be update when more information becomes available. 6. Microsoft Internet Explorer for Mac OS Denial of Service Vulnerability BugTraq ID: 14899 Remote: Yes Date Published: 2005-09-22 Relevant URL: http://www.securityfocus.com/bid/14899 Summary: Microsoft Internet Explorer for Mac OS is prone to a denial of service vulnerability. This issue occurs when Internet Explorer attempts to render a Web page with malformed content. This vulnerability exists in Internet Explorer 5.2.3 for Mac OS. 7. Mozilla Browser/Firefox JavaScript Engine Integer Overflow Vulnerability BugTraq ID: 14917 Remote: Yes Date Published: 2005-09-23 Relevant URL: http://www.securityfocus.com/bid/14917 Summary: Mozilla Browser/Firefox are affected by an integer overflow vulnerability in their JavaScript engine. This issue may be exploited by a remote attacker who entices a user to visit a malicious site. A successful attack may facilitate unauthorized remote access to a vulnerable computer. Netscape Browser 8.0.3.3, Netscape 7.2, and K-Meleon 0.9 are vulnerable to this issue as well. 8. PowerArchiver Long Filename Buffer Overflow Vulnerability BugTraq ID: 14922 Remote: Yes Date Published: 2005-09-23 Relevant URL: http://www.securityfocus.com/bid/14922 Summary: A remote buffer overflow vulnerability exists in the PowerArchiver application that could result in arbitrary code execution. This issue arises because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers. An attacker may exploit this vulnerability to gain unauthorized remote access in the context of SYSTEM. Further attacks are also possible. 9. 7-Zip ARJ File Buffer Overflow Vulnerability BugTraq ID: 14925 Remote: Yes Date Published: 2005-09-23 Relevant URL: http://www.securityfocus.com/bid/14925 Summary: 7-Zip is prone to a stack-based buffer overflow vulnerability. Successful exploitation of this vulnerability will allow arbitrary code execution. Other attacks are also possible. The vulnerability has been confirmed in version 3.13, 4.23, and 4.26 BETA. Other versions may also be affected. 10. Wzdftpd SITE Command Arbitrary Command Execution Vulnerability BugTraq ID: 14935 Remote: Yes Date Published: 2005-09-24 Relevant URL: http://www.securityfocus.com/bid/14935 Summary: wzdftpd is affected by a remote arbitrary command execution vulnerability. This issue can allow an attacker to execute commands in the context of an affected server and potentially gain unauthorized access. wzdftpd 0.5.4 is reported to be vulnerable. Other versions may be affected as well. 11. RealNetworks RealPlayer And Helix Player Format String Vulnerability BugTraq ID: 14945 Remote: Yes Date Published: 2005-09-26 Relevant URL: http://www.securityfocus.com/bid/14945 Summary: RealPlayer and Helix player are susceptible to a format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input, allowing a remote attacker to supply format specifiers directly to a formatted printing function. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. This issue was reported on RealNetworks RealPlayer 10.0.5.756 Gold on Linux. Other versions are also likely affected. 12. FL Studio FLP File Processing Heap Overflow Vulnerability BugTraq ID: 14946 Remote: Yes Date Published: 2005-09-26 Relevant URL: http://www.securityfocus.com/bid/14946 Summary: FL Studio is susceptible to a remote heap overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. The application fails to bounds check user-supplied data contained in FLP files, resulting in the possibility of overflowing a destination heap buffer. This allows attackers to control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations. This issue likely allows attackers to execute arbitrary machine code in the context of the user running the affected application. This issue is reported in version 5.0.1 of FL Studio. Other versions may also be affected. 13. SecureW2 Insecure Pre-Master Secret Generation Vulnerability BugTraq ID: 14947 Remote: Yes Date Published: 2005-09-26 Relevant URL: http://www.securityfocus.com/bid/14947 Summary: SecureW2 is susceptible to an insecure pre-master secret generation vulnerability. This issue is due to a design flaw in the application that causes weak random numbers to be used in a cryptographic operation. Due to the insecure use of random number generator functions, the secret used in further client-server communications may be predicted by attackers. This may lead to the loss of security properties associated with the EAP-TTLS protocol, leading to a false sense of security. By exploiting this vulnerability, attackers may gain access to the cleartext contents of encrypted communication, aiding them in further attacks. Man-in-the-middle, and other attacks may also be possible. 14. Novell GroupWise Client Local Integer Overflow Vulnerability BugTraq ID: 14952 Remote: No Date Published: 2005-09-27 Relevant URL: http://www.securityfocus.com/bid/14952 Summary: Novell GroupWise Client is prone to a local integer overflow vulnerability. The attacker may leverage this issue to corrupt process memory, which may lead to a crash or arbitrary code execution. A complete compromise of the affected system may be possible. GroupWise 6.5.3 is reported to be vulnerable. It is possible that other versions are affected as well. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Active Directory and IIS on production servers, and clustering http://www.securityfocus.com/archive/88/411805 2. ElseNot Project http://www.securityfocus.com/archive/88/411721 3. Group Policy Question on firewalls http://www.securityfocus.com/archive/88/411323 4. SecurityFocus Microsoft Newsletter #257 http://www.securityfocus.com/archive/88/411282 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ Need to know what's happening on YOUR network? Symantec DeepSight Analyzer is a free service that gives you the ability to track and manage attacks. Analyzer automatically correlates attacks from various Firewall and network based Intrusion Detection Systems, giving you a comprehensive view of your computer or general network. Sign up today! http://www.securityfocus.com/sponsor/Symantec_sf-news_041130 --------------------------------------------------------------------------- ---------------------------------------------------------------------------