Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #210

from [Marc Fossi] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #210
Date: Wed, 13 Oct 2004 08:15:09 -0600 (MDT) 
SecurityFocus Microsoft Newsletter #210
----------------------------------------

This issue sponsored by: Internet Security Systems

Internet Security Systems - Keeping You Ahead of the Threat
When business losses are measured in seconds, Internet threats must be
stopped before they impact your network. To learn how Internet Security
Systems keeps organizations ahead of the threat with preemptive intrusion
prevention, download the new whitepaper, Defining the Rules of Preemptive
Protection, and end your reliance on reactive security technology.

http://www.securityfocus.com/sponsor/ISS_ms-secnews_041012

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Defeating Honeypots: Network Issues, Part 2
     2. Fueling the Fire
II. MICROSOFT VULNERABILITY SUMMARY
     1. Mozilla Firefox DATA URI File Deletion Vulnerability
     2. Macromedia ColdFusion MX Template Handling Privilege Escalat...
     3. NetworkActiv Web Server Remote Denial of Service Vulnerabili...
     4. Symantec Norton AntiVirus MS-DOS Name Scan Evasion Vulnerabi...
     5. Jetty Directory Traversal Vulnerability
     6. Macromedia ColdFusion MX Remote File Content Disclosure Vuln...
     7. Invision Power Board Referer Cross-Site Scripting Vulnerabil...
     8. RealOne Player and RealPlayer Multiple Unspecified Remote Vu...
     9. Microsoft ASP.NET URI Canonicalization Remote Information Di...
     10. TriDComm Built-in FTP Server Directory Traversal Vulnerabili...
     11. Microsoft Internet Explorer Local XML Document Disclosure Vu...
     12. Microsoft Word Multiple Remote Denial Of Service Vulnerabili...
     13. Jera Technology Flash Messaging Server Remote Denial of Serv...
     14. Real Networks Helix Universal Server Remote Integer Handling...
III. MICROSOFT FOCUS LIST SUMMARY
     1. Can we really block users from installing applicatio... (Thread)
     2. Can we really block users from installing applicatio... (Thread)
     3. MS ISA activeX Filtering (Thread)
     4. Can we really block users from installing applicatio... (Thread)
     5. Can we really block users from installing applicatio... (Thread)
     6. Restricting account to a computer only (Thread)
     7. SecurityFocus Microsoft Newsletter #209 (Thread)
     8. Application sniffer-next step (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
     1. Firewall RuleMaker
     2. CAT Cellular Authentication Token and eAuthentication Servic...
     3. KeyCaptor Keylogger
     4. SpyBuster
     5. FreezeX
     6. NeoExec for Active Directory
V. NEW TOOLS FOR MICROSOFT PLATFORMS
     1. DiskInternals Uneraser 2.01
     2. DiskInternals NTFS Reader 1.01
     3. Airscanner Mobile Firewall 1.0
     4. SiVuS, The VoIP Vulnerability Scanner 1.07
     5. XArp 0.1.5
     6. Extreme Editor: 5.2.2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Defeating Honeypots: Network Issues, Part 2
By Laurent Oudot and Thorsten Holz

The purpose of this paper is to explain how attackers behave when they
attempt to identify and defeat honeypots, and is useful information for
security professionals who need to deploy honeypots in a more stealthy
manner. Part 2 looks at Sebek-based honeypots, snort_inline, Fake AP, and
Bait and Switch honeypots.

http://www.securityfocus.com/infocus/1805


2. Fueling the Fire
By Scott Granneman

The latest Symantec Threat Report can provide us with information,
knowledge, and even a little bit of wisdom -- about what has truly become
an epidemic and an avenue for organized crime.

http://www.securityfocus.com/columnists/271

II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Mozilla Firefox DATA URI File Deletion Vulnerability
BugTraq ID: 11311
Remote: Yes
Date Published: Oct 02 2004
Relevant URL: http://www.securityfocus.com/bid/11311
Summary:
It is reported that Mozilla Firefox is susceptible to a file deletion 
vulnerability.

This vulnerability allows attackers that can lure unsuspecting users to view 
malicious HTML or script code to cause the recursive deletion of the victim 
users configured download directory. They can achieve this by crafting 
malicious web pages containing either HTML or script code that utilizes the 
'data:' URI scheme.

This vulnerability is reported to exist in Mozilla Firefox in versions prior to 
0.10.1.

2. Macromedia ColdFusion MX Template Handling Privilege Escalat...
BugTraq ID: 11316
Remote: Yes
Date Published: Oct 04 2004
Relevant URL: http://www.securityfocus.com/bid/11316
Summary:
Reportedly Macromedia ColdFusion MX is affected by privilege escalation 
vulnerability when handling templates.  This issue is due to an access 
validation error that allows a user to perform actions with administrator 
privileges.

An attacker may exploit this issue to gain administrative privileges on a 
computer running the vulnerable application.

3. NetworkActiv Web Server Remote Denial of Service Vulnerabili...
BugTraq ID: 11326
Remote: Yes
Date Published: Oct 05 2004
Relevant URL: http://www.securityfocus.com/bid/11326
Summary:
NetworkActiv Web Server is reported prone to a remote denial of service 
vulnerability.  This issue arises because the application fails to handle 
exceptional conditions leading to a crash.

NetworkActiv Web Server version 1.0 is reported prone to this vulnerability.  
It is possible that other versions are affected as well.

4. Symantec Norton AntiVirus MS-DOS Name Scan Evasion Vulnerabi...
BugTraq ID: 11328
Remote: Yes
Date Published: Oct 05 2004
Relevant URL: http://www.securityfocus.com/bid/11328
Summary:
Norton AntiVirus is affected by a scan evasion vulnerability when handling 
files with MS-DOS reserve device names.  This issue is due to a design error 
that allows the files to avoid being scanned.  It should be noted that this 
vulnerability only arises once the file is already present on a vulnerable 
computer.  All Norton AntiVirus products are able to detect malicious files 
through incoming email.

5. Jetty Directory Traversal Vulnerability
BugTraq ID: 11330
Remote: Yes
Date Published: Oct 05 2004
Relevant URL: http://www.securityfocus.com/bid/11330
Summary:
It is reported that Jetty is susceptible to a directory traversal 
vulnerability. This issue is due to a failure of the application to properly 
sanitize HTTP request URIs.

This vulnerability allows remote attackers to retrieve the contents of 
arbitrary, potentially sensitive files located on the serving computer with the 
credentials of the affected process.

It is unclear at this time exactly which versions of Jetty are affected by this 
vulnerability. This BID will be updated as further information is disclosed.

This vulnerability may be related to BID 4360.

6. Macromedia ColdFusion MX Remote File Content Disclosure Vuln...
BugTraq ID: 11331
Remote: Yes
Date Published: Oct 05 2004
Relevant URL: http://www.securityfocus.com/bid/11331
Summary:
Macromedia ColdFusion MX is affected by a remote file content disclosure 
vulnerability.  This vulnerability is caused by access validation issue that 
allows an attacker to bypass protections to reveal the contents of files.

It should be noted that this issue does not reveal directory contents, 
therefore attackers must have prior knowledge of target files.

An attacker may leverage this issue to read the contents of files contained 
under the webroot directory that are readable by the ColdFusion process on the 
affected computer; affectively bypassing access restrictions set in the IIS 
management system.

7. Invision Power Board Referer Cross-Site Scripting Vulnerabil...
BugTraq ID: 11332
Remote: Yes
Date Published: Oct 05 2004
Relevant URL: http://www.securityfocus.com/bid/11332
Summary:
Reportedly Invision Power Board is affected by a remote cross-site scripting 
vulnerability.  This issue is due to a failure of the application to validate 
or sanitize user supplied input prior to including it in dynamic Web content.

An attacker may leverage this issue to execute arbitrary script code in the 
browser of an unsuspecting user in the context of the vulnerable application, 
facilitating the theft of cookie-based authentication credentials as well as 
other attacks.

8. RealOne Player and RealPlayer Multiple Unspecified Remote Vu...
BugTraq ID: 11335
Remote: Yes
Date Published: Oct 06 2004
Relevant URL: http://www.securityfocus.com/bid/11335
Summary:
NGSSoftware have reported that multiple buffer overflow and unauthorized file 
access vulnerabilities exist in RealOne and RealPlayer.  Details about these 
vulnerabilities have been withheld until a later date, but it appears that some 
of the issues may overlap with existing BIDs 11307 and 11308.  There also 
appears to be other vulnerabilities that are not covered in these two BIDs.

Real Networks have reportedly released fixes for all of the issues.

9. Microsoft ASP.NET URI Canonicalization Remote Information Di...
BugTraq ID: 11342
Remote: Yes
Date Published: Oct 06 2004
Relevant URL: http://www.securityfocus.com/bid/11342
Summary:
Microsoft ASP.NET is reported prone to a remote information disclosure 
vulnerability. This issue is due to a failure of the application to properly 
secure documents when handling malformed URI requests.

An attacker may leverage this issue to bypass authentication required to access 
files in secured directories.

10. TriDComm Built-in FTP Server Directory Traversal Vulnerabili...
BugTraq ID: 11343
Remote: Yes
Date Published: Oct 06 2004
Relevant URL: http://www.securityfocus.com/bid/11343
Summary:
It is reported that TriDComm is susceptible to a directory traversal 
vulnerability in its built-in FTP server. The FTP server is not enabled by 
default.

This vulnerability allows attackers to write, or access files contained outside 
of the configured document root of the affected FTP server with the privileges 
of the affected process. This may allow them to overwrite critical files, 
resulting in denial of service conditions, or assist them in full system 
compromise. They may also retrieve the contents of potentially sensitive files, 
aiding them in further attacks.

This vulnerability is reported to exist in versions 1.2 and 1.3 of the package.

11. Microsoft Internet Explorer Local XML Document Disclosure Vu...
BugTraq ID: 11345
Remote: Yes
Date Published: Oct 07 2004
Relevant URL: http://www.securityfocus.com/bid/11345
Summary:
Reportedly Microsoft Internet Explorer is affected by a vulnerability that 
could expose sensitive information from client computers.  This issue is due to 
an access validation error that allows a malicious Web page to access XML 
documents on a client computer.

An attacker may leverage this issue to read XML documents on an unsuspecting 
user's computer when they open a malicious HTML document. The reading of such 
files will take place with the privileges of the user running the vulnerable 
Web browser.

**UPDATE:  This appears to be the same issue as BID 5560, discovered by 
GreyMagic Software and patched in MS02-047.  It appears that the vulnerability 
is present in patched systems when the <script> tag is in a static HTML 
document.  Exploitation of this vulnerability using dynamic insertion (e.g. 
document.write) of the <script> tag into a document is blocked.

12. Microsoft Word Multiple Remote Denial Of Service Vulnerabili...
BugTraq ID: 11350
Remote: Yes
Date Published: Oct 07 2004
Relevant URL: http://www.securityfocus.com/bid/11350
Summary:
Reportedly Microsoft Word is affected by multiple remote denial of service 
vulnerabilities.  These issues are due to input validation errors surrounding 
malformed '.doc' formatted files.

An attacker may leverage these issues to cause the affected software to hang or 
crash, denying service to legitimate users.

13. Jera Technology Flash Messaging Server Remote Denial of Serv...
BugTraq ID: 11351
Remote: Yes
Date Published: Oct 07 2004
Relevant URL: http://www.securityfocus.com/bid/11351
Summary:
Flash Messaging server is reported prone to a remote denial of service 
vulnerability.  This issue arises due to the inability of the server to handle 
exceptional conditions properly.  A remote attacker may cause a vulnerable 
server to crash, denying service to legitimate users.

Flash Messaging server 5.2.0g and prior versions are reported prone to this 
issue.

14. Real Networks Helix Universal Server Remote Integer Handling...
BugTraq ID: 11352
Remote: Yes
Date Published: Oct 07 2004
Relevant URL: http://www.securityfocus.com/bid/11352
Summary:
A remote integer handling denial of service vulnerability affects the Real 
Networks Helix Universal Server.  The problem surrounds the mishandling of some 
POST headers values.

An attacker can exploit this issue to cause the affected server to consume 
excessive computer resources and hang, denying service to legitimate users.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Can we really block users from installing applicatio... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/378105

2. Can we really block users from installing applicatio... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/378101

3. MS ISA activeX Filtering (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/377991

4. Can we really block users from installing applicatio... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/377988

5. Can we really block users from installing applicatio... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/377970

6. Restricting account to a computer only (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/377710

7. SecurityFocus Microsoft Newsletter #209 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/377607

8. Application sniffer-next step (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/377563

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:

Firewall RuleMaker is a Windows-based firewall configuration version control 
software product for managers of Cisco PIX and Netscreen firewalls.

2. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, 
Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:

Low cost, easy to use Two Factor Authentication One Time Password token using 
the Cellular. Does not use SMS or communication, manages multiple OTP accounts 
- new technology. For any business that want a safer access to its Internet 
Services. More information at our site.

We also provide eAuthentication service for businesses that will not buy an 
Authentication product but would prefer to pay a monthly charge for 
authentication services from our our CAT Server.

3. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:

KeyCaptor is your solution for recording ALL keystrokes of ALL users on your 
computer!  Now you have the power to record emails, websites, documents, chats, 
instant messages, usernames, passwords, and MUCH MORE!

With our advanced stealth technology, KeyCaptor will not show in your processes 
list and cannot be stopped from running unless you say so!

4. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:

Our award winning spyware / adware scanner and removal software, SpyBuster will 
scan your computer for over 4,000 known spyware and adware applications. 
SpyBuster protects your computer from data stealing programs that can expose 
your personal information.

SpyBuster scanning technology allows for a quick and easy sweep, so you can 
resume your work in minutes.

5. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:

FreezeX prevents all unauthorized programs, including viruses, keyloggers and 
spy ware from executing. Powerful and secure, FreezeX ensures that any new 
executable, program, or application that is downloaded, introduced via 
removable media or the network will never install

6. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:

NeoExec® is an operating system extension for Windows 2000/XP that allows the 
setting of privileges at the application level rather than at the user level.

NeoExec® is the ideal solution for applications that require elevated 
privileges to run as the privileges are granted to the application, not the 
user.

NeoExec® is the only solution on the market capable of modifying at runtime the 
processes' security context -- without requiring a second account as with RunAs 
and RunAs-derived products.

V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. DiskInternals Uneraser 2.01
By: Alexey Babenko
Relevant URL: http://diskinternals.com/download/Uneraser_Setup.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

DiskInternals Uneraser can recover any deleted file, including documents, 
photos, mp3 and zip files, or even folders and damaged disks. In addition to 
HDD, the program supports any type of storage media (music sticks, cameras, 
flash drives, USB drives, etc)! It works with encrypted files and helps you 
undelete file lost because of a virus attack or an employee's malicious 
behavior. No special skills needed; 100% free to try.

2. DiskInternals NTFS Reader 1.01
By: Alexey Babenko
Relevant URL: http://diskinternals.com/download/NTFS_Reader_Setup.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

Provides read access to NTFS disks from Windows 95, 98 and Me. Allows you to 
save any files to any disk visible on the system or on the network. Supports 
saving compressed or encrypted files.

While saving, it ignores file security policies. It means that it is possible 
to access absolutely any file on a NTFS disk from Windows 9x.

3. Airscanner Mobile Firewall 1.0
By: Airscanner Corp
Relevant URL: http://www.airscanner.com/downloads/fw/amfw.exe
Platforms: Windows CE
Summary:

A Full-Strength Personal Firewall for Your Windows Mobile/Pocket PC handheld.

Airscanner Mobile Firewall for Windows Mobile Pocket PC is a low-level, 
bi-directional, packet filtering firewall that examines all incoming and 
outgoing TCP/IP traffic.

This personal firewall ensures that data is permitted based on access control 
lists that you select from a set of predefined filters, or from filters that 
you create yourself.

The firewall parses packets as they come in (or go out)

4. SiVuS, The VoIP Vulnerability Scanner 1.07
By: SiVuS
Relevant URL: http://www.vopsecurity.org/html/downloads.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

New release of the first free VoIP vulnerability scanner with enhanced 
features. Additional vulnerability checks,  faster discovery scanner, ability 
to save and reload configurations and more. SiVuS can be downloaded from 
www.vopsecurity.org

5. XArp 0.1.5
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:

XArp is a graphical tool to monitor the ARP cache. It periodically requests the 
local ARP cache and reports changes in the IP to MAC mapping. Thus it can be 
used to recognize ARP poisoning which is used to prepare 'man in the middle' 
attacks on switched networks.

6. Extreme Editor: 5.2.2
By: Uri Fridman
Relevant URL: http://www.geocities.com/urifrid/soft.html
Platforms: Windows 2000, Windows NT, Windows XP
Summary:

multi-tabbed ASCII editor with encryption capabilities. Encryption of edited 
text and clipboard using Twofish.

VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

VII. SPONSOR INFORMATION
-----------------------

This issue sponsored by: Internet Security Systems

Internet Security Systems - Keeping You Ahead of the Threat
When business losses are measured in seconds, Internet threats must be
stopped before they impact your network. To learn how Internet Security
Systems keeps organizations ahead of the threat with preemptive intrusion
prevention, download the new whitepaper, Defining the Rules of Preemptive
Protection, and end your reliance on reactive security technology.

http://www.securityfocus.com/sponsor/ISS_ms-secnews_041012

------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #210, Marc Fossi <=
Previous by Date:  Re: Remote connections, agflem
Next by Date:  RE: Remote connections, Jim Harrison (ISA)
Previous by Thread:  Remote connections, Paul Aviles
Next by Thread:  RE: Can we really block users from installing applications throug h Group policy?, Jensen, Peter
Indexes:  [Date] [Thread] [Top] [All Lists]