SecurityFocus Microsoft Newsletter #217
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Profitware
2. Seeds of Disaster
II. MICROSOFT VULNERABILITY SUMMARY
1. PHPBB Login Form Multiple Input Validation Vulnerabilities
2. Computer Associates eTrust EZAntivirus User Interface Local ...
3. Citrix MetaFrame Presentation Server Client Debugging Utilit...
4. WeOnlyDo! wodFtpDLX ActiveX Component Remote Buffer Overflow...
5. Sacred Multiple Connection Denial Of Service Vulnerability
6. Gearbox Software Halo Game Client Remote Denial Of Service V...
7. Nullsoft Winamp IN_CDDA.dll Remote Buffer Overflow Vulnerabi...
8. Van Dyke SecureCRT Remote Command Execution Vulnerability
9. Soldier Of Fortune 2 Buffer Overflow Vulnerability
10. Alt-N MDaemon Local Privilege Escalation Vulnerability
11. SugarCRM Unspecified Vulnerabilities
12. Youngzsoft CMailServer Multiple Remote Vulnerabilities
13. Win FTP Server Plaintext Password Storage Weakness
14. LucasArts Star Wars Battlefront Game Server Multiple Remote ...
15. Microsoft Internet Explorer Infinite Array Sort Denial Of Se...
16. MailEnable IMAP Service Multiple Remote Pre-Authentication B...
17. Opera Web Browser Infinite Array Sort Denial Of Service Vuln...
18. Microsoft Windows WINS Replication Protocol Remote Memory Co...
19. YaBB Shadow BBCode Tag JavaScript Injection Vulnerability
20. Microsoft Internet Explorer Image Download Filename Extensio...
21. Microsoft Windows WINS Arbitrary Association Delete Unspecif...
III. MICROSOFT FOCUS LIST SUMMARY
1. A little nervous about service packs (Thread)
2. Microsoft rights management server alternatives (Thread)
3. SecurityFocus Microsoft Newsletter #216 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Dekart Private Disk 2.03
2. Remote Process Watcher 1.0
3. Rkdscan 1.0
4. Spybot-S&D 1.3
5. lock 2.0
6. WapgGui 1.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Profitware
By Kelly Martin
Some of the largest anti-virus companies have virtually ignored the spyware
problem because there is no profit incentive for them to do otherwise.
Meanwhile, spyware companies make millions.
http://www.securityfocus.com/columnists/278
2. Seeds of Disaster
By Mark Burnett
Internet Explorer's problems can be traced to Microsoft's shortsightedness
during the browser wars of the 1990s. Is the company sowing tomorrow's
security woes today?
http://www.securityfocus.com/columnists/279
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. PHPBB Login Form Multiple Input Validation Vulnerabilities
BugTraq ID: 11716
Remote: Yes
Date Published: Nov 20 2004
Relevant URL: http://www.securityfocus.com/bid/11716
Summary:
Multiple input validation vulnerabilities affect the login form of phpBB. These
issues are due to a failure of the application to perform proper sanitization
prior to including user-supplied input in dynamically generated content and SQL
queries.
An attacker may leverage these issues to execute arbitrary client side script
code in the browser of an unsuspecting user and inject arbitrary SQL syntax
into SQL queries. This may potentially lead to theft of cookie-based
authentication credentials, theft of sensitive information or corruption of
data as well as other attacks.
It should be noted that it is possible that one or more of these issues has
been reported in a previous BID. This BID will be updated as more information
becomes available.
2. Computer Associates eTrust EZAntivirus User Interface Local ...
BugTraq ID: 11717
Remote: No
Date Published: Nov 20 2004
Relevant URL: http://www.securityfocus.com/bid/11717
Summary:
A local authentication bypass vulnerability affects the user interface of
eTrust EZAntivirus. This issue is due to a design error that allows a local
attacker to bypass the implemented authentication.
A local attacker may exploit this issue to bypass the user interface
authentication mechanisms, facilitating unauthorized access the software. This
may allow manipulation of virus scanning rules that may subsequently facilitate
further attacks against the affected computer.
3. Citrix MetaFrame Presentation Server Client Debugging Utilit...
BugTraq ID: 11720
Remote: No
Date Published: Nov 22 2004
Relevant URL: http://www.securityfocus.com/bid/11720
Summary:
A vulnerability affects the Citrix MetaFrame Presentation Server client
debugging utility. This issue is due to a design error in the affected
debugging utility that may aid an attacker in the theft of sensitive
information.
An attacker may leverage this issue to record keystrokes of unsuspecting users,
potentially revealing sensitive information and facilitating privilege
escalation or other attacks.
4. WeOnlyDo! wodFtpDLX ActiveX Component Remote Buffer Overflow...
BugTraq ID: 11721
Remote: Yes
Date Published: Nov 22 2004
Relevant URL: http://www.securityfocus.com/bid/11721
Summary:
A remote buffer overflow vulnerability reportedly affects the WeOnlyDo!
wodFtpDLX ActiveX Component. This issue is due to a failure of the application
to properly validate the length of user-supplied strings prior to copying them
into finite process buffers.
An attacker may exploit this issue to execute arbitrary code with the
privileges of a user that started an application that implements the vulnerable
ActiveX conmponent.
5. Sacred Multiple Connection Denial Of Service Vulnerability
BugTraq ID: 11722
Remote: Yes
Date Published: Nov 22 2004
Relevant URL: http://www.securityfocus.com/bid/11722
Summary:
Sacred is reported susceptible to a multiple connection denial of service
vulnerability.
This vulnerability allows remote attackers to block further network access to a
Sacred server, denying access to legitimate users.
6. Gearbox Software Halo Game Client Remote Denial Of Service V...
BugTraq ID: 11724
Remote: Yes
Date Published: Nov 22 2004
Relevant URL: http://www.securityfocus.com/bid/11724
Summary:
The Halo game client is reported prone to a remote denial of service
vulnerability. It is reported that when using the in game browser to view a
server list, a malicious reply from a server may crash the affected client.
A remote attacker may exploit this vulnerability to deny service to legitimate
users.
7. Nullsoft Winamp IN_CDDA.dll Remote Buffer Overflow Vulnerabi...
BugTraq ID: 11730
Remote: Yes
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11730
Summary:
A remote buffer overflow vulnerability affects the IN_CDDA.dll library of
Nullsoft's Winamp. This issue is due to a failure of the application to
properly validate the length of user-supplied strings prior to copying them
into finite process buffers. The issue would most likely be exposed through a
malicious playlist designed to trigger the issue.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application.
8. Van Dyke SecureCRT Remote Command Execution Vulnerability
BugTraq ID: 11731
Remote: Yes
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11731
Summary:
A remote command execution vulnerability affects Van Dyke's SecureCRT. This
issue is due to a design error that allows a remote attacker to execute
arbitrary script on the affected computer with the privileges of the affected
application.
An attacker may leverage this issue to execute arbitrary code with the
privileges of the user that activated the affected application; this may
facilitate privilege escalation or unauthorized access.
9. Soldier Of Fortune 2 Buffer Overflow Vulnerability
BugTraq ID: 11735
Remote: Yes
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11735
Summary:
It is reported that Soldier of Fortune 2 is susceptible to a buffer overflow
vulnerability. This issue is due to a failure of the application to perform
sufficient bounds checking on user-supplied input prior to copying it to a
fixed-sized memory buffer.
A remote attacker may exploit this vulnerability to deny service to legitimate
users. Due to the nature of this vulnerability, it is conjectured that remote
code execution may be possible, but this is not confirmed.
10. Alt-N MDaemon Local Privilege Escalation Vulnerability
BugTraq ID: 11736
Remote: No
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11736
Summary:
A local privilege escalation vulnerability reportedly affects Alt-N MDaemon.
This issue is due to a failure of the application to properly drop privileges
prior to executing child processes.
An attacker may leverage this issue to execute applications with SYSTEM
privileges, facilitating privilege escalation.
11. SugarCRM Unspecified Vulnerabilities
BugTraq ID: 11740
Remote: Yes
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11740
Summary:
SugarCRM version 2.0.1a has been released to address multiple security
vulnerabilities. The vendor has not publicized specific details about the
vulnerabilities that were addressed in this release.
12. Youngzsoft CMailServer Multiple Remote Vulnerabilities
BugTraq ID: 11742
Remote: Yes
Date Published: Nov 24 2004
Relevant URL: http://www.securityfocus.com/bid/11742
Summary:
Multiple remote vulnerabilities affect the Youngzsoft CMailServer. These
issues are due to a failure of the application to properly sanitize user input
and perform sufficient bounds checking.
The first issue is a buffer overflow vulnerability in the attachment
functionality. The second and third issues are SQL injection vulnerabilities.
The final issue is an HTML injection issue.
An attacker may leverage these issues to execute arbitrary code on an affected
computer, carry out SQL injection attacks that may delete sensitive data and
perform HTML injection attacks facilitating the theft of authentication
credentials.
13. Win FTP Server Plaintext Password Storage Weakness
BugTraq ID: 11749
Remote: No
Date Published: Nov 24 2004
Relevant URL: http://www.securityfocus.com/bid/11749
Summary:
It is reported that Win FTP Server stores user account information in a
plaintext file on the server filesystem.
As a result, FTP user credentials could be exposed to other local users who
have permissions to access this file. Malicious users that gain access to FTP
user credentials may be able to gain access to potentially sensitive files
served by the application.
Version 1.6 of the application is reportedly affected by this weakness. Other
versions are also likely affected.
14. LucasArts Star Wars Battlefront Game Server Multiple Remote ...
BugTraq ID: 11750
Remote: Yes
Date Published: Nov 24 2004
Relevant URL: http://www.securityfocus.com/bid/11750
Summary:
LucasArts Star Wars Battlefront game server is reported prone to multiple
remote denial of service vulnerabilities. The following issues are reported:
It is reported that the Star Wars Battlefront game server fails to perform
sufficient boundary checks on 'nickname' data that is supplied by a client.
A remote attacker may exploit this vulnerability to deny service to legitimate
users.
Additionally, it is reported that the Star Wars Battlefront game server
provides debugging functionality that may be leveraged by a malicious client to
trigger a server crash.
A remote attacker may exploit this vulnerability to deny service to legitimate
users.
This vulnerability is reported to affect LucasArts Star Wars Battlefront up to
and including version 1.11.
15. Microsoft Internet Explorer Infinite Array Sort Denial Of Se...
BugTraq ID: 11751
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11751
Summary:
Microsoft Internet is prone to a vulnerability that may result in a browser
crash. This issue is exposed when the browser performs an infinite JavaScript
array sort operation. It is conjectured that this will only result in a denial
of service and is not further exploitable to execute arbitrary code, though
this has not been confirmed.
16. MailEnable IMAP Service Multiple Remote Pre-Authentication B...
BugTraq ID: 11755
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11755
Summary:
MailEnable IMAP service is reported prone to multiple remote buffer overflow
vulnerabilities. The following individual issues are reported:
The first buffer overflow vulnerability is reported to exist due to a lack of
sufficient bounds checking performed on IMAP command arguments before the
argument is copied into a finite process memory buffer.
A remote attacker may exploit this vulnerability prior to authentication to
execute arbitrary code in the context of the affected service.
The second buffer overflow vulnerability presents itself due to a lack of
boundary checks performed on request data sent to the IMAP service.
A remote attacker may exploit this vulnerability prior to authentication to
execute arbitrary code in the context of the affected service.
17. Opera Web Browser Infinite Array Sort Denial Of Service Vuln...
BugTraq ID: 11762
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11762
Summary:
The Opera Web browser is prone to a vulnerability that may result in a browser
crash. This issue is exposed when the browser performs an infinite JavaScript
array sort operation. It is conjectured that this will only result in a denial
of service and is not further exploitable to execute arbitrary code, though
this has not been confirmed.
18. Microsoft Windows WINS Replication Protocol Remote Memory Co...
BugTraq ID: 11763
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11763
Summary:
It is reported that the WINS replication protocol contains a vulnerability that
when exploited will result in memory corruption. The issue exists due to a
protocol design flaw that allows a remote user to specify the location of a
data structure in memory.
Because the attacker may control the location of the data structure, this
vulnerability may be exploited to corrupt process memory.
This issue could potentially be exploited remotely by a WINS client to execute
arbitrary code with SYSTEM level privileges on a target WINS server. The
service may be exposed via TCP/UDP port 42 by default, but the vendor has
stated that other attack vectors may exist though none are known at this time.
19. YaBB Shadow BBCode Tag JavaScript Injection Vulnerability
BugTraq ID: 11764
Remote: Yes
Date Published: Nov 26 2004
Relevant URL: http://www.securityfocus.com/bid/11764
Summary:
YaBB is reported prone to a JavaScript injection vulnerability. It is reported
that the BBCode 'shadow' tag is not sufficiently sanitized of malicious script
content.
An attacker that has an account on the affected bulletin board may exploit this
vulnerability to inject arbitrary JavaScript code into forum posts through the
'shadow' tag.
20. Microsoft Internet Explorer Image Download Filename Extensio...
BugTraq ID: 11768
Remote: Yes
Date Published: Nov 26 2004
Relevant URL: http://www.securityfocus.com/bid/11768
Summary:
Microsoft Internet Explorer is reported susceptible to a filename extension
spoofing vulnerability when utilizing the 'Save Image As' feature.
Reportedly, this vulnerability is only possible when Internet Explorer is
configured with 'Hide extension for known file types' enabled. This is the
default configuration.
This vulnerability may facilitate the spoofing of filename extensions,
resulting in malicious content being inadvertently downloaded to vulnerable Web
users.
This issue may be related to BID 3597.
21. Microsoft Windows WINS Arbitrary Association Delete Unspecif...
BugTraq ID: 11769
Remote: Yes
Date Published: Nov 26 2004
Relevant URL: http://www.securityfocus.com/bid/11769
Summary:
Microsoft Windows Internet Name Service (WINS) is reported prone to an
unspecified buffer overflow vulnerability.
This issue could potentially be exploited remotely by a WINS client to execute
arbitrary code with SYSTEM level privileges on a target WINS server. The
service may be exposed via TCP/UDP port 42 by default, but the vendor has
stated that other attack vectors may exist for WINS-related vulnerabilities
though none are known at this time.
This BID may be related to the issue described in BID 11763 (Microsoft Windows
WINS Replication Protocol Remote Memory Corruption Vulnerability), however this
is not confirmed. Few details regarding this vulnerability are available at the
time of writing; this BID will be updated as further details are released.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. A little nervous about service packs (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/382419
2. Microsoft rights management server alternatives (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/382252
3. SecurityFocus Microsoft Newsletter #216 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/382078
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your
computer! Now you have the power to record emails, websites, documents, chats,
instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes
list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will
scan your computer for over 4,000 known spyware and adware applications.
SpyBuster protects your computer from data stealing programs that can expose
your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can
resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and
spy ware from executing. Powerful and secure, FreezeX ensures that any new
executable, program, or application that is downloaded, introduced via
removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the
setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated
privileges to run as the privileges are granted to the application, not the
user.
NeoExec® is the only solution on the market capable of modifying at runtime the
processes' security context -- without requiring a second account as with RunAs
and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your
confidential files or the pictures from the last party. All these will be
hidden beyond the reach of ANY intruder and you will be the only one able to
handle them. And what you want to delete will be DELETED. It is the ultimate
security tool to protect your sensitive information on PC, meeting the three
most important security issues: Integrity, Confidentiality and Availability.
This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no
other mean to access it. The information is protected at file system level and
it cannot be accidentally deleted or overwritten neither in Safe mode nor in
other operating system. This program doesn't make your operating system
unstable as other related product do and protects your information from being
seen, altered or deleted by an unauthorized user with or without his wish. The
program allows you to permanently erase your sensitive data using secure wiping
methods leaving no trace of your information. Depending on the selected wiping
method your data is unrecoverable using software or even hardware recovery
techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Dekart Private Disk 2.03
By: Dekart
Relevant URL: http://www.private-disk.net/
Platforms: Windows XP
Summary:
Private Disk - is an easy-to-use, reliable, user-friendly and smart program
that lets you create encrypted disk partitions (drive letters) to keep your
private and confidential data secure. Uses 256-bit AES encryption.
2. Remote Process Watcher 1.0
By: Fitsec Tmi
Relevant URL: http://www.fitsec.com/downloads
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
A Java based software that watches processes running on the computers inside a
domain. Gives out warnings when it spots a process that it doesn't recognize or
processes that have been marked on the warning list. It is also able to
autokill processes marked as critical.
3. Rkdscan 1.0
By: Andres Tarasco - www.sia.es
Relevant URL: http://cyruxnet.org/download/rkdscan.rar
Platforms: Windows 2000
Summary:
Rkdscan is able to remotely detect if NT based Computers are compromised With
"Hacker Defender" Rootkit
4. Spybot-S&D 1.3
By: Patrick M. Kolla
Relevant URL: http://www.spybot.info/en/index.html
Platforms: Windows XP
Summary:
Spybot - Search & Destroy can detect and remove spyware of different kinds
from your computer. Spyware is a relatively new kind of threat that
common anti-virus applications do not yet cover. If you see new toolbars in
your Internet Explorer that you didn't intentionally install, if your browser
crashes, or if you browser start page has changed without your knowing, you
most probably have spyware. But even if you don't see anything, you may be
infected.
5. lock 2.0
By: Uri Fridman
Relevant URL: http://www.geocities.com/urifrid/lock-2.0-src.zip
Platforms: Windows 2000
Summary:
Lock is a command line tool to lock the
workstation, options include:
- lock the workstation
- lock workstation and run default
screensaver
- minimize all open windows and lock the
workstation
- send the system to sleep (standby)
open source, free and small.
6. WapgGui 1.0
By: William D. Bartholomew
Relevant URL: http://www.bartholomew.id.au/Default.aspx?tabid=32
Platforms: Windows 2000, Windows XP
Summary:
A free, open-source, user-friendly interface to run the WAPG password
generator. Supports generation of random and pronounceable passwords,
specifying minimum and maximum length, specifying what character classes should
or must be used, and much more.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
