Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #208

from [Marc Fossi] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #208
Date: Wed, 29 Sep 2004 08:14:29 -0600 (MDT) 
SecurityFocus Microsoft Newsletter #208
----------------------------------------

This Issue is Sponsored By: SecurityFocus

Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Online Theft
     2. Detecting Worms and Abnormal Activities with NetFlow, Part 2
     3. Defeating Honeypots : Network issues, Part 1
II. MICROSOFT VULNERABILITY SUMMARY
     1. Microsoft Windows CE KDatastruct Information Disclosure Vuln...
     2. ReMOSitory SQL Injection Vulnerability
     3. Mambo Open Source Multiple Input Validation Vulnerabilities
     4. Tutos Multiple Remote Input Validation Vulnerabilities
     5. Impressions Games Lords of the Realm III Nickname Remote Den...
     6. Symantec ON Command CCM Remote Database Default Password Vul...
     7. EmuLive Server4 Authentication Bypass And Denial Of Service ...
     8. LeadMind Pop Messenger Illegal Character Remote Denial Of Se...
     9. YaBB 1 Gold Multiple Input Validation Vulnerabilities
     10. Alt-N MDaemon IMAP/SMTP Server Multiple Remote Buffer Overfl...
     11. Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
     12. Macromedia JRun Multiple Remote Vulnerabilities
     13. Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
III. MICROSOFT FOCUS LIST SUMMARY
     1. Items within XP SP2 and Win2003 (Thread)
     2. VBScript to audit shares and share permissions (Thread)
     3. Serious Security Issue in Windows XP SP2's Firewall (Thread)
     4. Are MS Powerpoint's vulnerable to this JPEG Vuln? (Thread)
     5. Change password shortcut (Thread)
     6. Fw: Serious Security Issue in Windows XP SP2's Firew... (Thread)
     7. AW: Serious Security Issue in Windows XP SP2's Firew... (Thread)
     8. Application sniffer-next step (Thread)
     9. Hardening Desktop (Thread)
     10. How to Enforce Complex Password Policy for Selected ... (Thread)
     11. Restrict Anonymous (Thread)
     12. Application sniffer (Thread)
     13. Restrict Clinet IP address on Terminal Service (Thread)
     14. SecurityFocus Microsoft Newsletter #207 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
     1. Firewall RuleMaker
     2. CAT Cellular Authentication Token and eAuthentication Servic...
     3. KeyCaptor Keylogger
     4. SpyBuster
     5. FreezeX
     6. NeoExec for Active Directory
V. NEW TOOLS FOR MICROSOFT PLATFORMS
     1. ATK Plugin Creator 1.0
     2. PlugAPOP 1.00
     3. TX 1.0
     4. EPX Crypting Software 2.1
     5. Hacme Bank 1.0
     6. ID-Synch 3.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Online Theft
By Kelly Martin

Identity theft meets the global virus epidemic, enabling fraud that has
finally started to get people's attention.

http://www.securityfocus.com/columnists/268


2. Detecting Worms and Abnormal Activities with NetFlow, Part 2
By Yiming Gong

This paper discusses the use of NetFlow, a traffic profile monitoring
technology available on many routers, for use in the early detection of
worms, spammers, and other abnormal network activity in large enterprise
networks and service providers. Part 2 of 2.

http://www.securityfocus.com/infocus/1802


3. Defeating Honeypots : Network issues, Part 1
By Laurent Oudot and Thorsten Holz

The purpose of this paper is to explain how attackers behave when they
attempt to identify and defeat honeypots, and is useful for security
professionals to deploy honeypots in a more stealthy manner.

http://www.securityfocus.com/infocus/1803

II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Windows CE KDatastruct Information Disclosure Vuln...
BugTraq ID: 11218
Remote: No
Date Published: Sep 18 2004
Relevant URL: http://www.securityfocus.com/bid/11218
Summary:
An information disclosure vulnerability is reported to affect the Windows CE 
kernel.

It is reported that the kernel memory structure KDataStruct is available to 
userland applications. This can be ultimately employed on any Windows CE system 
to gain addresses of the export sections of several kernel libraries.

This vulnerability is exploited by the virus WinCE.Duts.A (MCID 3238) in order 
to provide portability and reliability.

2. ReMOSitory SQL Injection Vulnerability
BugTraq ID: 11219
Remote: Yes
Date Published: Sep 18 2004
Relevant URL: http://www.securityfocus.com/bid/11219
Summary:
It is reported that the ReMOSitory module for Mambo is prone to an SQL 
injection vulnerability. This issue is due to a failure of the module to 
properly validate user supplied URI input.

Because of this, a malicious user may influence database queries in order to 
view or modify sensitive information, potentially compromising the software or 
the database. It may be possible for an attacker to disclose the administrator 
password hash by exploiting this issue.

3. Mambo Open Source Multiple Input Validation Vulnerabilities
BugTraq ID: 11220
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11220
Summary:
Mambo open source is reportedly affected by multiple input validation 
vulnerabilities.  These issues are due to a failure of the application to 
properly validate user-supplied URI parameters.

An attacker may leverage these issues to execute arbitrary server-side script 
code on an affected computer, to carry out cross-site scripting attacks, and to 
make SLQ injection attacks against the vulnerable application.

4. Tutos Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 11221
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11221
Summary:
Tutos is reported prone to multiple remote input validation vulnerabilities.  
These issues exist due to insufficient sanitization of user-supplied data and 
may allow an attacker to carry out cross-site scripting and SQL injection 
attacks.

These issue reportedly affect Tutos 1.1.2004-04-14.

5. Impressions Games Lords of the Realm III Nickname Remote Den...
BugTraq ID: 11223
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11223
Summary:
A problem in the handling of nicknames is reported in the Lords of the Realm 
III server. Because of this, an attacker may be able to deny service to users 
of the game server.

The problem is in the handling of nicknames of excessive length.

It should be noted that this vulnerability only occurs when the server enters 
"lobby mode," which is a brief window of time before the initiation of a new 
game.

6. Symantec ON Command CCM Remote Database Default Password Vul...
BugTraq ID: 11225
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11225
Summary:
Reportedly Symantec ON Command CCM is affected by a remote default password 
vulnerability in the underlying database.  This issue is due to a design error 
in the application that provides a number of default usernames and passwords, 
some of which cannot be changed.

An attacker may exploit these issues to gain full access to the underlying 
database.  This will allow attackers to view plaintext user credentials as well 
as other sensitive data.

7. EmuLive Server4 Authentication Bypass And Denial Of Service ...
BugTraq ID: 11226
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11226
Summary:
Reportedly EmuLive Server4 is affected by an authentication bypass 
vulnerability and a denial of service vulnerability.  These issues are due to 
an access validation issue and a failure to handle exceptional conditions.

An attacker may leverage the authentication bypass issue to gain unauthorized 
access to the administrator scripts of the affected application, facilitating 
manipulation of various server settings.  The denial of service issue may be 
exploited to cause the affected computer to freeze, denying service to 
legitimate users.

8. LeadMind Pop Messenger Illegal Character Remote Denial Of Se...
BugTraq ID: 11230
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11230
Summary:
LeadMind Pop Messenger is reported prone to a remote denial of service 
vulnerability. The issue exists because the messenger application fails to 
gracefully handle certain characters that are received.

A remote attacker may exploit this vulnerability to crash the LeadMind Pop 
Messenger client. Additionally, it is reported that an attacker may broadcast a 
malicious message to all clients on the connected local network segment and 
deny service to all of the clients at once.

9. YaBB 1 Gold Multiple Input Validation Vulnerabilities
BugTraq ID: 11235
Remote: Yes
Date Published: Sep 22 2004
Relevant URL: http://www.securityfocus.com/bid/11235
Summary:
YaBB 1 Gold is affected by multiple input validation vulnerabilities.  These 
issues are due to a failure of the application to properly sanitize 
user-supplied input.

An attacker may leverage a cross-site scripting issue to execute arbitrary HTML 
and script code in the browser of an unsuspecting user in the context of the 
vulnerable site.  This may facilitate the theft of cookie-based authentication 
credentials as well as other attacks.

An attacker may exploit a HTTP response splitting issue to manipulate or 
misrepresent pages in the context of the vulnerable site, potentially 
facilitating phishing attacks.

10. Alt-N MDaemon IMAP/SMTP Server Multiple Remote Buffer Overfl...
BugTraq ID: 11238
Remote: Yes
Date Published: Sep 22 2004
Relevant URL: http://www.securityfocus.com/bid/11238
Summary:
Alt-N MDaemon is reportedly prone to multiple remote buffer overflow 
vulnerabilities.  The vulnerabilities are likely due to a failure of the 
application to properly validate buffer sizes when processing command argument 
input.

By sending a large argument to certain SMTP commands or an IMAP command it is 
possible to cause this issue to present itself. Apparently, the application 
will not validate the size of the input before copying it into a finite buffer 
in process memory.

These issues can be leveraged to cause the affected process to crash, denying 
service to legitimate users.  It is conjectured that these issues can also be 
leveraged to execute arbitrary code with the privileges of the user running the 
server on an affected computer.

11. Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
BugTraq ID: 11243
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11243
Summary:
It is reported that Subversions mod_authz_svn module is susceptible to an 
information disclosure vulnerability.

This vulnerability is presents itself when paths that are marked as unreadable 
are accessed by particular Subversion client commands. It is reportedly 
possible to disclose the existence of files that are inaccessible to users. 
Under certain circumstances it may also be possible to disclose commit log 
messages, or even the contents of files that are configured to be inaccessible 
to users.

This vulnerability is reported to exist in versions prior to 1.0.8 and 
1.1.0-rc4.

12. Macromedia JRun Multiple Remote Vulnerabilities
BugTraq ID: 11245
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11245
Summary:
Multiple vulnerabilities have been reported in Macromedia JRun.

The first vulnerability is reported to exist in an insecure implementation of a 
session variable, 'JSESSIONID'. This vulnerability allows remote attackers to 
bypass authentication checks, and possibly allow them to gain administrative 
access to the web application.

The second issue is a source code disclosure vulnerability. This vulnerability 
allows attackers to retrieve the contents of potentially sensitive script 
files. This may aid them in further attacks.

The third issue is a buffer overflow vulnerability allowing remote attackers to 
reportedly crash affected servers.

Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.

13. Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
BugTraq ID: 11248
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11248
Summary:
Zinf is reported prone to a remote buffer overflow vulnerability when 
processing malformed playlist files.  This issue exists due to insufficient 
boundary checks performed by the application and may allow an attacker to gain 
unauthorized access to a vulnerable computer.

Reportedly, this issue affects Zinf version 2.2.1 for Windows.  Zinf version 
2.2.5 for Linux is reportedly fixed, however, this is not confirmed at the 
moment.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Items within XP SP2 and Win2003 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376680

2. VBScript to audit shares and share permissions (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376653

3. Serious Security Issue in Windows XP SP2's Firewall (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376510

4. Are MS Powerpoint's vulnerable to this JPEG Vuln? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376476

5. Change password shortcut (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376472

6. Fw: Serious Security Issue in Windows XP SP2's Firew... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376465

7. AW: Serious Security Issue in Windows XP SP2's Firew... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376386

8. Application sniffer-next step (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376364

9. Hardening Desktop (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376286

10. How to Enforce Complex Password Policy for Selected ... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376209

11. Restrict Anonymous (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376181

12. Application sniffer (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376106

13. Restrict Clinet IP address on Terminal Service (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376085

14. SecurityFocus Microsoft Newsletter #207 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/376011

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:

Firewall RuleMaker is a Windows-based firewall configuration version control 
software product for managers of Cisco PIX and Netscreen firewalls.

2. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, 
Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:

Low cost, easy to use Two Factor Authentication One Time Password token using 
the Cellular. Does not use SMS or communication, manages multiple OTP accounts 
- new technology. For any business that want a safer access to its Internet 
Services. More information at our site.

We also provide eAuthentication service for businesses that will not buy an 
Authentication product but would prefer to pay a monthly charge for 
authentication services from our our CAT Server.

3. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:

KeyCaptor is your solution for recording ALL keystrokes of ALL users on your 
computer!  Now you have the power to record emails, websites, documents, chats, 
instant messages, usernames, passwords, and MUCH MORE!

With our advanced stealth technology, KeyCaptor will not show in your processes 
list and cannot be stopped from running unless you say so!

4. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:

Our award winning spyware / adware scanner and removal software, SpyBuster will 
scan your computer for over 4,000 known spyware and adware applications. 
SpyBuster protects your computer from data stealing programs that can expose 
your personal information.

SpyBuster scanning technology allows for a quick and easy sweep, so you can 
resume your work in minutes.

5. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:

FreezeX prevents all unauthorized programs, including viruses, keyloggers and 
spy ware from executing. Powerful and secure, FreezeX ensures that any new 
executable, program, or application that is downloaded, introduced via 
removable media or the network will never install

6. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:

NeoExec® is an operating system extension for Windows 2000/XP that allows the 
setting of privileges at the application level rather than at the user level.

NeoExec® is the ideal solution for applications that require elevated 
privileges to run as the privileges are granted to the application, not the 
user.

NeoExec® is the only solution on the market capable of modifying at runtime the 
processes' security context -- without requiring a second account as with RunAs 
and RunAs-derived products.

V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. ATK Plugin Creator 1.0
By: Nico 'Triplex' Spicher
Relevant URL: http://www.computec.ch/projekte/atk/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

This freeware for Windows provides a small and handy interface to create and 
enhance ATK plugins. This first public release is fully compatible with ATK 2.x 
but can also be used with ATK 1.x (some new fields are not fully supported in 
the first releases).

2. PlugAPOP 1.00
By: waffle soft
Relevant URL: http://www.wafflesoft.com/PlugAPOP/manual_en.html
Platforms: Windows XP
Summary:

PlugAPOP is software to use APOP feature in Microsoft Outlook/Outlook Express 
which doesn't have APOP feature.

[Easy]
You can install and setup very easily. You can use APOP access immediately if 
you change the account name and server name field in your e-mail client. No 
special settings are needed in PlugAPOP.

[Tiny]
PlugAPOP doesn't waste a lot of CPU resource and memory, it doesn't effect to 
OS core and other application. PlugAPOP is implemented by using just SD

3. TX 1.0
By: Goldie Rejuven
Relevant URL: http://www.checksum.org/download/RX/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:

The Smallest VC++ Coded Universal Windows Reverse Shell for all versions of 
Windows NT/2K/XP/2003 with any service pack. But not for Windows 98/ME. A Tini 
app that connects back to the specified IP to a fixedport and uses a fixed 
source port on the source machine to evade the firewalls.

Default port from which it connects :443
Default port to which it connects is :8080
More on the readme.txt

4. EPX Crypting Software 2.1
By: EdronSoft
Relevant URL: http://www.edronsoft.com/epx_pro.php
Platforms: Windows XP
Summary:

Protect your documents from others by encrypting them with DES and Triple DES 
strong algorithms. No need to remember passwords because you keep the key used 
for the decryption in a removable media device such as usb pen-drive (or floppy 
disk).
Wipe function to destroy data and full Drag'N Drop support.

5. Hacme Bank 1.0
By: Mark Curphey / Rudolph Araujo
Relevant URL: http://www.foundstone.com/s3i
Platforms: Windows XP
Summary:

A web application security training application

6. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, MacOS, 
MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris, SunOS, True64 
UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:

ID-Synch is enterprise user provisioning software. It reduces the cost of user 
administration, helps new and reassigned users get to work more quickly, and 
ensures prompt and reliable access termination. This is accomplished through 
automatic propagation of changes to user profiles from systems of record to 
managed systems, with self service workflow for security change requests, 
through consolidated and delegated user administration, and with federation.

VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

VII. SPONSOR INFORMATION
-----------------------

This Issue is Sponsored By: SecurityFocus

Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #208, Marc Fossi <=
Previous by Date:  Re: Items within XP SP2 and Win2003, James Riden
Next by Date:  Re: Fw: Serious Security Issue in Windows XP SP2's Firewall, Thor
Previous by Thread:  Are MS Powerpoint's vulnerable to this JPEG Vuln?, Danny
Next by Thread:  RE: Application sniffer-next step, James Baird
Indexes:  [Date] [Thread] [Top] [All Lists]