Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #225

from [Marc Fossi] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #225
Date: Thu, 27 Jan 2005 13:53:57 -0700 (MST) 
SecurityFocus Microsoft Newsletter #225
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Unintended Consequences
     2. Blind Buffer Overflows In ISAPI Extensions
II. MICROSOFT VULNERABILITY SUMMARY
     1. SparkleBlog Multiple Input Validation Vulnerabilities
     2. MySQL Database MySQLAccess Local Insecure Temporary File Cre...
     3. INCA nProtect Gameguard Unprivileged Arbitrary Read/Write Ac...
     4. Research In Motion Blackberry Enterprise Server Mobile Data ...
     5. Netegrity SiteMinder HTML Page Injection Vulnerability
     6. Gallery Multiple Unspecified Input Validation Vulnerabilitie...
     7. ImageMagick Photoshop Document Parsing Remote Client-Side Bu...
     8. Kazaa Sig2Dat Protocol Multiple Remote Vulnerabilities
     9. Microsoft Internet Explorer Remote Information Disclosure Vu...
     10. VBulletin Init.PHP Unspecified Remote Vulnerability
     11. CMSimple Multiple Remote Input Validation Vulnerabilities
     12. RealNetworks RealOne Player And RealPlayer ShowPreferences A...
     13. RealNetworks RealOne Player And RealPlayer Multiple Potentia...
     14. DivX Player Skin File Directory Traversal Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
     1. AW: IIS6 on W2k3 DCs (Thread)
     2. Dhcp security (Thread)
     3. IIS6 on W2k3 DCs (Thread)
     4. [Maybe Spam] Dhcp security (Thread)
     5. PGP and Outlook (Thread)
     6. SecurityFocus Microsoft Newsletter #224 (Thread)
     7. local admin vs group policy and apps... (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
     1. CoreGuard Core Security System
     2. KeyCaptor Keylogger
     3. SpyBuster
     4. FreezeX
     5. NeoExec for Active Directory
     6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
     1. Network Equipment Performance Monitor 2.2
     2. Etherchange v1.0
     3. IPFront 1.0
     4. Azure Web Log 1.5
     5. Interface Traffic Indicator 1.2.3
     6. Colasoft Capsa 4.05
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Unintended Consequences
By Scott Granneman

The law of unintended consequences shows us how many innocent innovations
like email, anti-virus and DRM can become something far worse than the
inventors had ever imagined.

http://www.securityfocus.com/columnists/293


2. Blind Buffer Overflows In ISAPI Extensions
By Isaac Dawson

This paper will outline the risks ISAPI Extensions pose and how they can
be
exploited by third parties without any binary exposure or knowledge using
blind stack overflows. This method can enable remote code execution in
proprietary and third party applications.

http://www.securityfocus.com/infocus/1819

II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. SparkleBlog Multiple Input Validation Vulnerabilities
BugTraq ID: 12272
Remote: Yes
Date Published: Jan 15 2005
Relevant URL: http://www.securityfocus.com/bid/12272
Summary:
Multiple input validation vulnerabilities reportedly affect SparkleBlog.
These issues are due to a failure of the application to properly sanitize
user-supplied input prior to using it to carry out critical actions.

The first issue is a cross-site scripting issue and the second issue is an
SQL injection issue.

An attacker may leverage these issues to carry out cross-site scripting
and SQL injection attacks against the affected application.  This may
result in the theft of authentication credentials, destruction or
disclosure of sensitive data, and potentially other attacks.

2. MySQL Database MySQLAccess Local Insecure Temporary File Cre...
BugTraq ID: 12277
Remote: No
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12277
Summary:
A local insecure temporary file creation vulnerability affects the MySQL
Database.  This issue is due to a failure of a script bundled with the
application to securely create temporary files in globally accessible
locations.

An attacker may leverage this issue to corrupt arbitrary files with the
privileges of the user that activates the vulnerable script.

3. INCA nProtect Gameguard Unprivileged Arbitrary Read/Write Ac...
BugTraq ID: 12280
Remote: No
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12280
Summary:
It is reported that the INCA nProtect Gameguard kernel driver provides
functionality that may impact the security model of a Windows NT/2000/XP
computer. Reports indicate the affected kernel driver provides
functionality to modify the I/O permission mask of the process that
invokes the affected driver to allow for unrestricted I/O operations in
unprivileged user-mode.

An unprivileged attacker that has obtainined local interactive access to a
computer that is running the vulnerable kernel mode driver may exploit
this to make arbitrary read and write operations to a specified device.

4. Research In Motion Blackberry Enterprise Server Mobile Data ...
BugTraq ID: 12282
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12282
Summary:
Blackberry Enterprise Server is reportedly affected by a remote denial of
service vulnerability.  This issue is due to an error while processing WML
(Wireless Markup Language) pages in the 'Mobile Data Service'.
Exploitation of this issue would cause a 100% processor utilization, thus
resulting in a denial of service.

5. Netegrity SiteMinder HTML Page Injection Vulnerability
BugTraq ID: 12284
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12284
Summary:
Netegrity SiteMinder is reported prone to a vulnerability that may allow
an attacker to inject arbitrary HTML pages that may be rendered in a
user's browser through a URI link.  This issue originates in the
'smpwservicescgi.exe' script and can facilitate arbitrary script execution
and other attacks such as phishing.

An attacker can manipulate URI parameters to redirect a user to a
potentially malicious Web page after authentication to the server.

All versions of SiteMinder are considered vulnerable at the moment.

6. Gallery Multiple Unspecified Input Validation Vulnerabilitie...
BugTraq ID: 12286
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12286
Summary:
Gallery is reported prone to multiple unspecified remote input validation
vulnerabilities. It is reported that multiple instances of insufficient
sanitization performed on Gallery variables were fixed; reports indicate
that these issues may be exploited to disclose Gallery passwords contained
in the Gallery database.

7. ImageMagick Photoshop Document Parsing Remote Client-Side Bu...
BugTraq ID: 12287
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12287
Summary:
A client-side buffer overflow vulnerability affects the Photoshop document
(PSD) parsing functionality of ImageMagick. This issue is due to a failure
of the application to properly validate the length of user-supplied
strings prior to copying them into static process buffers.

An attacker may exploit this issue remotely by sending a malicious file
through email or some other means to an unsuspecting user and enticing
them to process it with the affected application.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.

8. Kazaa Sig2Dat Protocol Multiple Remote Vulnerabilities
BugTraq ID: 12291
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12291
Summary:
Multiple remote vulnerabilities reportedly affect KaZaA's Sig2Dat protocol
functionality.  These issues are due to a failure of the application to
properly sanitize user-supplied input prior to using it in critical
actions.

An attacker may leverage these issues to cause the affected application to
crash, denying service to legitimate users, and to create files in
arbitrary directories that are readable to the affected application.

9. Microsoft Internet Explorer Remote Information Disclosure Vu...
BugTraq ID: 12294
Remote: Yes
Date Published: Jan 18 2005
Relevant URL: http://www.securityfocus.com/bid/12294
Summary:
A remote information disclosure vulnerability affects Microsoft Internet
Explorer.  This issue is due to a failure of the application to properly
secure scripts that reside on a local computer.

An attacker may leverage this issue to identify any scripts that may
reside on an unsuspecting user's computer. Information disclosed in this
way may lead to further attacks against affected computers.

Any script access that occurs will take place in the context of the
unsuspecting user that views the malicious page.

10. VBulletin Init.PHP Unspecified Remote Vulnerability
BugTraq ID: 12299
Remote: Yes
Date Published: Jan 18 2005
Relevant URL: http://www.securityfocus.com/bid/12299
Summary:
VBulletin is reported prone to an unspecified vulnerability that presents
itself in the 'includes/init.php' script.

It is reported that this vulnerability may be exploited to compromise an
affected VBulletin installation; this compromise may include information
disclosure.

This BID will be updated, as further information regarding this
vulnerability is made available.

11. CMSimple Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 12303
Remote: Yes
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12303
Summary:
Multiple input validation vulnerabilities affect CMSimple.  These issues
are due to a failure of the application to properly sanitize user-supplied
input prior to including it in dynamically generated Web content.

The first issue is an HTML injection vulnerability in the guestbook
functionality of the application.  The second issue is a cross-site script
vulnerability in the search functionality of the application.

An attacker may leverage these issues to have arbitrary script code
executed in the context of the vulnerable Web site.  This will facilitate
theft of cookie based authentication credentials as well as other attacks.

12. RealNetworks RealOne Player And RealPlayer ShowPreferences A...
BugTraq ID: 12311
Remote: Yes
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12311
Summary:
RealOne Player and RealPlayer are affected by a buffer overflow
vulnerability.  This issue may be exploited by a remote attacker to
execute arbitrary code in the context of the software.

The application fails to perfrom proper boundary checks before copying the
arguments of the 'ShowPreferences' action to a static buffer through a
'sprintf()' function call.

An attacker can design a malicious Web site or skin file and trigger an
overflow condition in the application.  This issue may be leveraged to
execute arbitrary code in the context of the user running the application.

It is likely that this issue is identical the vulnerability described in
BID 11307 (RealNetworks RealOne Player And RealPlayer Unspecified Web Page
Code Execution Vulnerability).  This cannot be confirmed at the moment,
however, one of the BIDs will be retired, if it turns out that the BIDs
represent the same issue.

13. RealNetworks RealOne Player And RealPlayer Multiple Potentia...
BugTraq ID: 12315
Remote: Yes
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12315
Summary:
RealNetworks RealOne Player And RealPlayer are reported prone to multiple
potential vulnerabilities.  These issues may allow an attacker to
potentially execute arbitrary code or disclose the presence of files on a
vulnerable computer.

The following specific issues were identified:

The first issue presents itself when the application processes Real
Metadata Package files containing malformed tags.  The researchers
responsible for discovering this issue have reported that this issue may
not be exploitable and represents a potential threat.

The second issue may allow attacker to determine the existence of files on
a vulnerable computer.  The validity of this issue is not confirmed at the
moment is also considered a potential threat.

It is likely that this issues were originally released as unspecified
vulnerabilities. This cannot be confirmed at the moment, however, one of
the BIDs will be retired, if it turns out that the BIDs represent the same
issues.

14. DivX Player Skin File Directory Traversal Vulnerability
BugTraq ID: 12332
Remote: Yes
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12332
Summary:
DivX Player is reported prone to a directory traversal vulnerability. The
issue presents itself when DPS '.dps', archive files are processed.

Ultimately an attacker may exploit this issue to save a script or
executable file in an arbitrary location. This may lead to the execution
of malicious code when the affected system is restarted. Alternatively,
the attacker may overwrite a target file with the privileges of a user
that is installing a malicious skin file.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. AW: IIS6 on W2k3 DCs (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/387976

2. Dhcp security (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/387974

3. IIS6 on W2k3 DCs (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/387973

4. [Maybe Spam] Dhcp security (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/387964

5. PGP and Outlook (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/387687

6. SecurityFocus Microsoft Newsletter #224 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/387682

7. local admin vs group policy and apps... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/387556

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:

CoreGuard System profile

The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.

CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits

2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:

KeyCaptor is your solution for recording ALL keystrokes of ALL users on
your computer!  Now you have the power to record emails, websites,
documents, chats, instant messages, usernames, passwords, and MUCH MORE!

With our advanced stealth technology, KeyCaptor will not show in your
processes list and cannot be stopped from running unless you say so!

3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:

Our award winning spyware / adware scanner and removal software, SpyBuster
will scan your computer for over 4,000 known spyware and adware
applications. SpyBuster protects your computer from data stealing programs
that can expose your personal information.

SpyBuster scanning technology allows for a quick and easy sweep, so you
can resume your work in minutes.

4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:

FreezeX prevents all unauthorized programs, including viruses, keyloggers
and spy ware from executing. Powerful and secure, FreezeX ensures that any
new executable, program, or application that is downloaded, introduced via
removable media or the network will never install

5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:

NeoExec® is an operating system extension for Windows 2000/XP that allows
the setting of privileges at the application level rather than at the user
level.

NeoExec® is the ideal solution for applications that require elevated
privileges to run as the privileges are granted to the application, not
the user.

NeoExec® is the only solution on the market capable of modifying at
runtime the processes' security context -- without requiring a second
account as with RunAs and RunAs-derived products.

6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:

It's the end of your worries about top-secret data of your company, your
confidential files or the pictures from the last party. All these will be
hidden beyond the reach of ANY intruder and you will be the only one able
to handle them. And what you want to delete will be DELETED. It is the
ultimate security tool to protect your sensitive information on PC,
meeting the three most important security issues: Integrity,
Confidentiality and Availability. This product gives you the features of a
"folder locker" and a "secure eraser".

Your secret information is available only trough this software and there
is no other mean to access it. The information is protected at file system
level and it cannot be accidentally deleted or overwritten neither in Safe
mode nor in other operating system. This program doesn't make your
operating system unstable as other related product do and protects your
information from being seen, altered or deleted by an unauthorized user
with or without his wish. The program allows you to permanently erase your
sensitive data using secure wiping methods leaving no trace of your
information. Depending on the selected wiping method your data is
unrecoverable using software or even hardware recovery techniques.

V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX, Windows
2000, Windows NT, Windows XP
Summary:

NEPM is a very general, highly configurable, two part software system that
monitors any type of logged data from IP networked equipment and reports
it via E-mail and web pages. Current conditions and history from systems
based on Windows NT/2000 and UNIX can be tracked and reported. Most major
server, switch and router systems can be monitored, without running agents
on the target systems.

2. Etherchange v1.0
By: Arne Vidstrom
Relevant URL: http://www.ntsecurity.nu/toolbox/etherchange/
Platforms: Windows 2000, Windows XP
Summary:

EtherChange can change the Ethernet address of the network adapters in
Windows 2000 / XP.

3. IPFront 1.0
By: Hernán M. Racciatti
Relevant URL: http://www.hernanracciatti.com.ar/ipfront/
Platforms: Windows 2000
Summary:

IPFront is a small tool named which enables users to generate IPSec rules
easily. It really speeds-up the process of hardening Windows 2000/2003 in
Bastion Host Environment.

Additionally, it allows to set-up IPSec exceptions, and enables a couple
of TCP/IP Stack protections against DoSes.

So, IPFront is nothing more than a small Frontend/GUI that writes small
scripts that one can later execute from within IPFront, or externally, as
simple script files, in other servers,

4. Azure Web Log 1.5
By: Azure Desktop
Relevant URL: http://www.azuredesktop.com/download/awlog.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

Log analyzer tells you all you want about your web site: What are the most
popular pages and files on your site? How many visitors are there and
where are they from? What browsers and OS they use? What is your sites
traffic? Special features:Statistics for a year. Separate statistics for
every page or file - daily hits for two last months, monthly hits for a
year, referring site for particular page or file. Multiple site statistics
support.

5. Interface Traffic Indicator 1.2.3
By: Carsten Schmidt
Relevant URL: http://software.ccschmidt.de/#inftraffic
Platforms: Windows 2000, Windows NT, Windows XP
Summary:

Interface Traffic Indicator, a graph utility to measure incoming and
outgoing traffic on an interface in bits/sec, bytes/sec or utilization.
Works on all SNMP-capable devices (computers, NICs, switches, routers,
etc.) with adjustable poll intervall down to three seconds. You can use
this programm in a professional network environment to monitor selected
network interfaces (even backplane ports if the device provides the
information) or you can monitor your home network or

6. Colasoft Capsa 4.05
By: Roy Luo
Relevant URL: http://www.colasoft.com/
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:

Capsa is a powerful but easy to use network monitor and analyzer designed
for packet decoding and network diagnosis. With the abilities of real time
monitoring and data analyzing, you can capture and decode network traffic
transmitted over local host and local network. Capsa has Packet Analysis
Module and three advanced analysis modules: Email Analysis Module, Web
Analysis Module and Transaction Analysis Module.

VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.

VII. SPONSOR INFORMATION
-----------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #225, Marc Fossi <=
Previous by Date:  Users "bypassing" Group Policy restrictions, Edward VanDewars
Next by Date:  RESPONSE: Users "bypassing" Group Policy restrictions, Gerson Ricardo
Previous by Thread:  Users "bypassing" Group Policy restrictions, Edward VanDewars
Next by Thread:  RESPONSE: Users "bypassing" Group Policy restrictions, Gerson Ricardo
Indexes:  [Date] [Thread] [Top] [All Lists]