SecurityFocus Microsoft Newsletter #230
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Do We Need a New SPIM Law?
II. MICROSOFT VULNERABILITY SUMMARY
1. PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabil...
2. Microsoft Internet Explorer Pop-up Window Title Bar Spoofing...
3. Bontago Game Server Remote Nickname Buffer Overrun Vulnerabi...
4. Mambo Open Source Tar.PHP Remote File Include Vulnerability
5. PHPBB Multiple Remote Path Disclosure Vulnerabilities
6. PHPBB Arbitrary File Disclosure Vulnerability
7. VBulletin Misc.PHP Arbitrary PHP Script Code Execution Vulne...
8. PHPBB Arbitrary File Deletion Vulnerability
9. Mono Unicode Character Conversion Multiple Cross-Site Script...
10. Microsoft Windows 2000 Group Policy Bypass Vulnerability
11. Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability
12. PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site S...
13. PHPMyAdmin Multiple Local File Include Vulnerabilities
14. Raven Software Soldier Of Fortune 2 Remote Denial Of Service...
15. PHPWebSite Image File Processing Remote Arbitrary PHP File U...
16. Mozilla Firefox Scrollbar Remote Code Execution Vulnerabilit...
17. PHP4 Readfile Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Terminal Services - Domain Controller - Normal User (Thread)
2. Computer accounts in NTFS permissions (Thread)
3. Domain Controller Best Practice - Thanks! (Thread)
4. Prohibit Folder Compression (Thread)
5. Com+ permissions (Thread)
6. Domain Controller Best Practice (Thread)
7. SecurityFocus Microsoft Newsletter #229 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. SafeLogon 2.0
2. SafeSystem 1.5
3. SQL column finder 0.1
4. Secure Hive 1.0.0.1
5. SigupShield 3.0
6. PE Explorer 1.96
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Do We Need a New SPIM Law?
By Mark Rasch
Existing statutes may not be enough to crack down on Instant Messaging
spammers.
http://www.securityfocus.com/columnists/303
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. PuTTY/PSFTP/PSCP Multiple Remote Integer Overflow Vulnerabil...
BugTraq ID: 12601
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12601
Summary:
PuTTY, PSFTP and PSCP are reported prone to multiple integer overflow
vulnerabilities. The following individual issues are reported:
The first reported vulnerability, an integer overflow, exists in the
'fxp_readdir_recv()' function of the 'sftp.c' source file.
A remote malicious server may trigger this vulnerability in order to execute
arbitrary code in the context of the user that is running the affected client.
It should be noted that this vulnerability exists in a code path that is
executed after host key verification occurs, this may hinder exploitation.
The second issue, another integer overflow, is reported to exist in the
'sftp_pkt_getstring()' of the 'sftp.c' source file.
A remote malicious server may trigger this vulnerability in order to crash the
affected client or to potentially execute arbitrary code. It should be noted
that this vulnerability exists in a code path that is executed after host key
verification occurs, this may also hinder exploitation.
These vulnerabilities are reported to exist in versions of PSFTP and PSCP prior
to version 0.57.
2. Microsoft Internet Explorer Pop-up Window Title Bar Spoofing...
BugTraq ID: 12602
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12602
Summary:
Internet Explorer is reported prone to a pop-up window title bar spoofing
weakness.
The weakness is reported to exist due to a flaw that manifests in
script-initiated pop-up windows.
This issue may be leveraged by an attacker to display false URI information in
the title bar of an Internet Explorer pop-up dialog window. This may facilitate
phishing style attacks; other attacks may also be possible.
3. Bontago Game Server Remote Nickname Buffer Overrun Vulnerabi...
BugTraq ID: 12603
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12603
Summary:
The Bontago game server is reported to be affected by a remote buffer overrun
vulnerability. The issue is reported to exist due to a lack of sufficient
boundary checks performed on client-supplied 'nickname' values.
It is conjectured that a remote attacker may exploit this vulnerability to
influence execution flow of a target game server and have arbitrary supplied
instructions executed in the context of the affected process.
This vulnerability is reported to exist in Bontago versions up to an including
version 1.1.
4. Mambo Open Source Tar.PHP Remote File Include Vulnerability
BugTraq ID: 12608
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12608
Summary:
It is reported that Mambo Open Source is affected by a remote PHP file include
vulnerability. This issue is due in part to the application failing to
properly sanitize user-supplied input to the 'Tar.php' script.
Remote attackers could potentially exploit this issue to include a remote
malicious PHP script, which will be executed in the context of the Web server
hosting the vulnerable software.
This issue reportedly affects Mambo Open Source version 4.5.2 and earlier.
5. PHPBB Multiple Remote Path Disclosure Vulnerabilities
BugTraq ID: 12618
Remote: Yes
Date Published: Feb 21 2005
Relevant URL: http://www.securityfocus.com/bid/12618
Summary:
phpBB is affected by multiple remote vulnerabilities.
The vendor has released phpBB 2.0.12 to address multiple path disclosure
vulnerabilities affecting prior versions. These issues can allow an attacker
to disclose sensitive data that may be used to launch further attacks against a
vulnerable computer.
Due to a lack of details, further information is not available at the moment.
It is possible that some of these issues were previously identified in other
BIDS. This is not confirmed at the moment. This BID will be updated when more
information becomes available.
6. PHPBB Arbitrary File Disclosure Vulnerability
BugTraq ID: 12621
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12621
Summary:
phpBB is affected by an arbitrary file disclosure vulnerability. This issue
arises due to an input validation error allowing an attacker to disclose files
in the context of a Web server running the application.
This may allow the attacker to gain access to sensitive data that may be used
to carry out further attacks against a vulnerable computer.
A successful attack requires the attacker to have a user account and the
presence of some non-default settings allowing for the uploading of remote
avatars.
phpBB 2.0.11 and prior versions are affected by this issue.
7. VBulletin Misc.PHP Arbitrary PHP Script Code Execution Vulne...
BugTraq ID: 12622
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12622
Summary:
vBulletin is reported prone to an arbitrary PHP script code execution
vulnerability. The issue is reported to exist due to a lack of sufficient input
sanitization performed on user-supplied data before this data is included in a
dynamically generated script.
This vulnerability is reported to affect vBulletin board versions up to and
including 3.0.6 that are configured with 'Add Template Name in HTML Comments'
functionality enabled.
8. PHPBB Arbitrary File Deletion Vulnerability
BugTraq ID: 12623
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12623
Summary:
phpBB is affected by an arbitrary file deletion vulnerability. This issue
arises due to an input validation error allowing an attacker to delete files in
the context of a Web server running the application
It is reported that this issue allows an attacker to influence calls to the
'unlink()' function and delete arbitrary files. Due to a lack of input
validation, an attacker can supply directory traversal sequences followed by an
arbitrary file name through the 'avatarselect' return value to delete specific
files.
phpBB 2.0.11 and prior versions are affected by this issue.
9. Mono Unicode Character Conversion Multiple Cross-Site Script...
BugTraq ID: 12626
Remote: Yes
Date Published: Feb 22 2005
Relevant URL: http://www.securityfocus.com/bid/12626
Summary:
It is reported that Mono is prone to various cross-site scripting attacks.
These issues result from insufficient sanitization of user-supplied data and
arise when Mono converts Unicode characters ranging from U+ff00-U+ff60 to ASCII.
Mono 1.0.5 is reported vulnerable, however, other versions may be affected as
well.
This issue is related to BID 12574 (Microsoft ASP.NET Unicode Character
Conversion Multiple Cross-Site Scripting Vulnerabilities).
10. Microsoft Windows 2000 Group Policy Bypass Vulnerability
BugTraq ID: 12641
Remote: No
Date Published: Feb 23 2005
Relevant URL: http://www.securityfocus.com/bid/12641
Summary:
A vulnerability exists in the way Microsoft Windows 2000 group policies are
enforced. It is reported that drive access restrictions may be bypassed using
applications and services that are not listed as being restricted in the drive
access group policy.
This vulnerability may be leveraged using Microsoft Office XP SP3 applications.
Additionally it is reported that Windows functionality provided to allow
browsing of Flash memory drives may also be applied to leverage this issue.
11. Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability
BugTraq ID: 12643
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12643
Summary:
The Trend Micro VSAPI scan engine library is prone to a heap-based buffer
overflow vulnerability. This vulnerability may be triggered when the library
processes a malformed ARJ archive.
The vulnerability affects multiple Trend Micro products. It is also noted that
multiple attack vectors exist, as affected software may scan ARJ files in email
attachments, and through various file transfer protocols.
12. PHPMyAdmin Multiple Libraries And Themes Remote Cross-Site S...
BugTraq ID: 12644
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12644
Summary:
Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These
issues are due to a failure of the application to properly sanitize
user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.
13. PHPMyAdmin Multiple Local File Include Vulnerabilities
BugTraq ID: 12645
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12645
Summary:
phpMyAdmin is affected by multiple local file include vulnerabilities. These
issues are due to a failure of the application to properly sanitize
user-supplied input prior to using it in a PHP 'include()', 'require()',
'require-once()', or similar function call.
An attacker may leverage these issues to execute arbitrary server-side script
code that resides on an affected computer with the privileges of the Web server
process. This may potentially facilitate unauthorized access.
It should be noted that these issues may also be leveraged to read arbitrary
file on an affected computer with the privileges of the Web server.
14. Raven Software Soldier Of Fortune 2 Remote Denial Of Service...
BugTraq ID: 12650
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12650
Summary:
A remote denial of service vulnerability affects Raven Software Soldier Of
Fortune 2. This issue is due to a failure of the application to handle
excessively long values derived from network data.
An attacker may leverage this issue to cause an affected server to crash,
denying service to legitimate users.
15. PHPWebSite Image File Processing Remote Arbitrary PHP File U...
BugTraq ID: 12653
Remote: Yes
Date Published: Feb 24 2005
Relevant URL: http://www.securityfocus.com/bid/12653
Summary:
phpWebSite is reported prone to a remote arbitrary PHP file upload
vulnerability. The issue presents itself due to a lack of sanitization
performed on image files that are uploaded when submitting an announcement.
A remote attacker may exploit this condition to execute arbitrary PHP code in
the context of the hosting web server process.
This vulnerability is reported to affect phpWebSite versions up to an including
version 0.10.0.
16. Mozilla Firefox Scrollbar Remote Code Execution Vulnerabilit...
BugTraq ID: 12655
Remote: Yes
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12655
Summary:
Reportedly a remote code execution vulnerability affects Mozilla Firefox. This
issue is due to a failure of the application to properly restrict the access
rights of Web content.
An attacker may leverage this issue to compromise security of the affected
browser; by exploiting this issue along with others (BIDs 12465 and 12466) it
is possible to execute arbitrary code.
It should be noted that although only version 1.0 is reported vulnerable, other
versions may be vulnerable as well.
17. PHP4 Readfile Denial Of Service Vulnerability
BugTraq ID: 12665
Remote: No
Date Published: Feb 25 2005
Relevant URL: http://www.securityfocus.com/bid/12665
Summary:
PHP4 is reported prone to a denial of service vulnerability. It is reported
that the PHP 'readfile()' function may be utilized to trigger this issue.
An attacker that has access to a PHP enabled web host may exploit this
vulnerability to crash the HTTP server that is incorporating the vulnerable PHP
module.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Terminal Services - Domain Controller - Normal User (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391578
2. Computer accounts in NTFS permissions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391574
3. Domain Controller Best Practice - Thanks! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391573
4. Prohibit Folder Compression (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391468
5. Com+ permissions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391464
6. Domain Controller Best Practice (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391387
7. SecurityFocus Microsoft Newsletter #229 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/391291
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your
computer! Now you have the power to record emails, websites, documents, chats,
instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes
list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will
scan your computer for over 4,000 known spyware and adware applications.
SpyBuster protects your computer from data stealing programs that can expose
your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can
resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and
spy ware from executing. Powerful and secure, FreezeX ensures that any new
executable, program, or application that is downloaded, introduced via
removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the
setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated
privileges to run as the privileges are granted to the application, not the
user.
NeoExec® is the only solution on the market capable of modifying at runtime the
processes' security context -- without requiring a second account as with RunAs
and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your
confidential files or the pictures from the last party. All these will be
hidden beyond the reach of ANY intruder and you will be the only one able to
handle them. And what you want to delete will be DELETED. It is the ultimate
security tool to protect your sensitive information on PC, meeting the three
most important security issues: Integrity, Confidentiality and Availability.
This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no
other mean to access it. The information is protected at file system level and
it cannot be accidentally deleted or overwritten neither in Safe mode nor in
other operating system. This program doesn't make your operating system
unstable as other related product do and protects your information from being
seen, altered or deleted by an unauthorized user with or without his wish. The
program allows you to permanently erase your sensitive data using secure wiping
methods leaving no trace of your information. Depending on the selected wiping
method your data is unrecoverable using software or even hardware recovery
techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. SafeLogon 2.0
By: GemiScorp Software Solutions
Relevant URL: http://www.gemiscorp.com/english/slogon/info.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
SafeLogon is a multi-user and password-based access control utility that
enhances and complements the Windows built-in logon and authentication system.
In other words, SafeLogon allows you to protect your system at home and office
from unauthorized access.
SafeLogon is fully configurable and allows its Administrator to:
- Restrict access to Windows to certain users, optionally controlling the days
of the week and the time of the day the user is allowed to log on and
2. SafeSystem 1.5
By: GemiScorp Software Solutions
Relevant URL: http://www.gemiscorp.com/english/safesystem/info.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
SafeSystem is a security program that allows you to prevent access to your
personal and important files and folders, as well as protect and guarantee the
integrity and well functioning of your system. SafeSystem can make your files
and folders completely invisible, inaccessible or simply read-only.
Furthermore, SafeSystem can prevent the change of configuration and the
accidental (or even intentional) system files deletion or alteration, so your
PC will be healthy
3. SQL column finder 0.1
By: Rafal Bielecki
Relevant URL: http://sqlcfind.netro.pl/sqlcfind.exe
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Helps you to find exact columns number when using union select query
4. Secure Hive 1.0.0.1
By: Secure Hive
Relevant URL: http://www.securehive.com/Secure%20Hive.htm
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
What Does Secure Hive Enterprise Offer?
Encryption of part, or entire, Word documents, Excel worksheets or PowerPoint
presentations through Secure Hive's integration with Microsoft Office.
Encryption of part, or entire, content of common documents (such as Notepad,
WordPad), email messages and instant messages, including mixed text and
graphics, with Secure Hive's Clipboard Encryption feature.
5. SigupShield 3.0
By: Protecteer, LLC
Relevant URL: http://www.protecteer.com/install3/full/sus.exe
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
A fraud alert (Anti-Phishing) software integrated with a full life-cycle
password manager & form filler. SignupShield generates unlimited number of
unique passwords and disposable email addresses for signing-up to web sites.
It fills sign-up forms and encrypts passwords and email addresses for later
use during sign-in.
6. PE Explorer 1.96
By: Heaventools Software
Relevant URL: http://www.heaventools.com/overview.htm
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
PE Explorer is a tool for inspecting and editing the inner workings of Windows
32-bit executable files. It offers a look at PE file structure and all of the
resources in the file, and reports multiple details about a PE file (EXE, DLL,
ActiveX controls, and several other Windows executable formats). Once inside,
file structure can be analyzed and optimized, hostile code detected, spyware
tracked down, problems diagnosed, changes made and resources repaired.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
