SecurityFocus Microsoft Newsletter #235
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Web Browser Forensics, Part 1
2. Defeating Honeypots: System Issues, Part 2
3. Windows 2003 SP1
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy...
2. Bugtracker.NET Unspecified SQL Injection Vulnerabilities
3. ASPApp PortalAPP Multiple Input Validation Vulnerabilities
4. FastStone 4in1 Browser Web Server Remote Directory Traversal...
5. Adventia Chat Server Pro Remote HTML Injection Vulnerability
6. Kerio Personal Firewall Local Network Access Restriction Byp...
7. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
8. Microsoft Jet Database Engine Malformed Database File Buffer...
9. BlueSoleil Object Push Service Bluetooth File Upload Directo...
10. Microsoft Windows UNC Path Handling Unspecified Buffer Overf...
11. Microsoft Windows Server 2003 Service Pack 1 Released - Mult...
III. MICROSOFT FOCUS LIST SUMMARY
1. Integrating Domain and VPN Login (Thread)
2. Windows Server 2003 Service Pack 1 (Thread)
3. SecurityFocus Microsoft Newsletter #234 (Thread)
4. quarantine vpn clients (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. TextKeeper 5.0
2. DeSPAM Tunnel 3.0.0
3. Mac Makeup 1.71d
4. Healthmonitor 2.1
5. Kr4ck3r 1.0.0
6. WinArpSpoofer 0.5.3
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Web Browser Forensics, Part 1
By Keith J. Jones and Rohyt Belani
This article provides a case study of digital forensics, and investigates
incriminating evidence using a user's web browser history.
http://www.securityfocus.com/infocus/1827
2. Defeating Honeypots: System Issues, Part 2
By Thorsten Holz and Frederic Raynal
Part two of this paper discusses how hackers discover, interact with, and
sometimes disable honeypots at the system level and the application layer.
http://www.securityfocus.com/infocus/1828
3. Windows 2003 SP1
By Mark Burnett
Microsoft's release of Windows 2003 Service Pack 1 last week is loaded with
security enhancements, and it's a big step in the right direction.
http://www.securityfocus.com/columnists/312
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy...
BugTraq ID: 12913
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12913
Summary:
Microsoft Outlook 2002 Connector for IBM Lotus Domino is reported prone to a
policy bypass vulnerability. It is reported that the Microsoft Outlook 2002
Connector for IBM Lotus Domino saves login credentials locally even when a
Group policy is in place that is supposed to prevent this.
This may result in a false sense of security. An attacker with knowledge of a
valid username may employ the cached passwords to authenticate successfully to
the connected IBM Lotus Domino server.
2. Bugtracker.NET Unspecified SQL Injection Vulnerabilities
BugTraq ID: 12925
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12925
Summary:
Bugtracker.NET is prone to unspecified SQL injection vulnerabilities.
These vulnerabilities could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other attacks.
3. ASPApp PortalAPP Multiple Input Validation Vulnerabilities
BugTraq ID: 12936
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12936
Summary:
Multiple input validation vulnerabilities reportedly affect PortalAPP. These
issues are due to a failure of the application to properly sanitize
user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect
the 'content.asp' script. These issues arise as the application fails to
properly sanitize input passed through the offending functions before including
it in dynamically generated Web content.
The second issue is an SQL injection vulnerability that affects the
'ad_click.asp' script. The application includes the value of the offending
parameters without sanitization, allowing an attacker to inject SQL syntax and
manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL
injection attacks against the affected application. This may result in the
theft of authentication credentials, destruction or disclosure of sensitive
data, and potentially other attacks.
4. FastStone 4in1 Browser Web Server Remote Directory Traversal...
BugTraq ID: 12937
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12937
Summary:
A vulnerability has been identified in the handling of certain types of
requests by the 4in1 Browser Web server. Because of this, it is possible for
an attacker to gain access to potentially sensitive system files.
This issue could be exploited to gain read access to files on a host using the
vulnerable software. Read privileges granted to these files would be
restricted by the permissions of the web server process.
This vulnerability is reported to affect FastStone 4in1 Browser version 1.2,
previous versions might also be affected.
5. Adventia Chat Server Pro Remote HTML Injection Vulnerability
BugTraq ID: 12940
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12940
Summary:
A remote HTML injection vulnerability affects Adventia Chat Server Pro. This
issue is due to a failure of the application to properly sanitize user-supplied
input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.
6. Kerio Personal Firewall Local Network Access Restriction Byp...
BugTraq ID: 12946
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12946
Summary:
A local network access restriction bypass vulnerability affects Kerio Personal
Firewall. This issue is due to a design error that causes the application to
fail to properly validate the origin of network requests.
An attacker may leverage this issue to bypass network access restrictions,
potentially leading administrators to a false sense of security.
7. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 12952
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12952
Summary:
paFileDB is reported prone to a cross-site scripting vulnerability.
The vulnerability presents itself when an attacker supplies malicious HTML and
script code through the 'id' parameter.
This may allow for theft of cookie-based authentication credentials or other
attacks.
paFileDB 3.1 and prior versions are affected by this vulnerability.
This issue may be related to BID 12788 (PAFileDB Multiple SQL Injection And
Cross-Site Scripting Vulnerabilities) and BID 12758 (PHP Arena PAFileDB
Multiple Remote Cross Site Scripting Vulnerabilities). This BID will be
retired or updated upon further analysis.
8. Microsoft Jet Database Engine Malformed Database File Buffer...
BugTraq ID: 12960
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12960
Summary:
It is reported that Microsoft Jet Database Engine is vulnerable to a buffer
overflow vulnerability. This issue is due to a failure of the library to
properly bounds check user-supplied database file contents.
Attackers may exploit this vulnerability to execute arbitrary machine code in
the context of the victim user attempting to access a malicious Jet database
file.
This vulnerability is reported to exist in the 'msjet40.dll' library, version
4.00.8618.0. Older versions may also be affected. The 'msjetole40.dll' OLE
(Object Linking and Embedding) library is reportedly immune to this
vulnerability.
9. BlueSoleil Object Push Service Bluetooth File Upload Directo...
BugTraq ID: 12961
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12961
Summary:
BlueSoleil is prone to directory traversal attacks during Bluetooth file
uploads. The issue exists in the Object Push Service.
This vulnerability may allow an attacker to upload malicious files to arbitrary
locations on affected computers over Bluetooth. An attacker can take advantage
of the issue to execute arbitrary code by uploading executables to a location
on the computer where they will later be executed.
10. Microsoft Windows UNC Path Handling Unspecified Buffer Overf...
BugTraq ID: 12969
Remote: Unknown
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12969
Summary:
Microsoft Windows is reported prone to an unspecified buffer overflow
vulnerability when handling a malformed UNC path.
It is reported that this issue can be triggered by supplying a malformed UNC
path through the command line. Further details were not disclosed, however, it
is conjectured that a local attacker supplies excessive data as a UNC path to
trigger the overflow condition leading to memory corruption. It is currently
not known if this will allow a local attacker to gain elevated privileges.
Although unconfirmed, this issue may also pose a remote risk if an attacker is
able to supply a vulnerable user with a malformed UNC path and entice them to
open it or through an application that processes UNC paths.
This issue has reportedly been addressed with the release of Windows Server
2003 SP1. Operating system releases prior to Server 2003 are also reportedly
affected.
Due to a lack of details, further information is not available at the moment.
This BID will be updated when more details are released.
11. Microsoft Windows Server 2003 Service Pack 1 Released - Mult...
BugTraq ID: 12972
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12972
Summary:
Microsoft has released Windows Server 2003 Service Pack 1. This release
addresses a number of bugs, including some potential security vulnerabilities
and weaknesses.
Many of the bugs that have been fixed in this Service Pack may have a security
impact that may be exploited by a local or remote attacker. Possible
consequences include privilege escalation, lowered security settings, denial of
service attacks, and policy bypass. The release also includes various security
enhancements and roll-ups for previous security updates.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Integrating Domain and VPN Login (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/394961
2. Windows Server 2003 Service Pack 1 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/394960
3. SecurityFocus Microsoft Newsletter #234 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/394518
4. quarantine vpn clients (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/394458
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your
computer! Now you have the power to record emails, websites, documents, chats,
instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes
list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will
scan your computer for over 4,000 known spyware and adware applications.
SpyBuster protects your computer from data stealing programs that can expose
your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can
resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and
spy ware from executing. Powerful and secure, FreezeX ensures that any new
executable, program, or application that is downloaded, introduced via
removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the
setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated
privileges to run as the privileges are granted to the application, not the
user.
NeoExec® is the only solution on the market capable of modifying at runtime the
processes' security context -- without requiring a second account as with RunAs
and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your
confidential files or the pictures from the last party. All these will be
hidden beyond the reach of ANY intruder and you will be the only one able to
handle them. And what you want to delete will be DELETED. It is the ultimate
security tool to protect your sensitive information on PC, meeting the three
most important security issues: Integrity, Confidentiality and Availability.
This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no
other mean to access it. The information is protected at file system level and
it cannot be accidentally deleted or overwritten neither in Safe mode nor in
other operating system. This program doesn't make your operating system
unstable as other related product do and protects your information from being
seen, altered or deleted by an unauthorized user with or without his wish. The
program allows you to permanently erase your sensitive data using secure wiping
methods leaving no trace of your information. Depending on the selected wiping
method your data is unrecoverable using software or even hardware recovery
techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. TextKeeper 5.0
By: HardwareCrasher
Relevant URL: http://members.lycos.co.uk/textkeeper/tkup.zip
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Encrypts text using numeric combinations and two algorithms, One of the
algorithms uses 5 different numeric combinations.
2. DeSPAM Tunnel 3.0.0
By: The German Computer Freaks (Du-Nu)
Relevant URL: http://www.gcf.de/projects/despam.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
This program is a tunnel for pop3 connections and filters spam during the
pop3-download of emails automatically. To determine whether an email is UCE it
evaluates the content of each email that passes the tunnel statistically. Its
intelligent wordparsing filter "backMatch" even matches buzzwords that contain
characters which have been replaced by similar looking special chars to avoid
being filtered.
3. Mac Makeup 1.71d
By: Marcello Gorlani
Relevant URL: http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp
Platforms: Windows 2000, Windows XP
Summary:
Did you ever get bored with your old MAC address? If you did, this is the
solution! Mac MakeUp let?s you change the MAC address of any of the interfaces
present on your Windows 2000/XP/2003 box.
Sometimes this is referred as MAC address spoofing.
4. Healthmonitor 2.1
By: Vittorio Pavesi
Relevant URL: http://healthmonitor.sourceforge.net
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
HealthMonitor is a free powerful and featureful monitoring tool for Windows.
It works as a Windows Service and check system status (event viewer, disk free
space, services status, performance....) and notify the administration by
E-Mail, SMS and by NET SEND; a database logging feature is also available. It
is under constant development, and releases are usually frequent. The latest
news regarding HealthMonitor can be found on Sourceforge.
5. Kr4ck3r 1.0.0
By: Black List Software
Relevant URL: http://hackinoutthebox.com/sub4.index.php
Platforms: Windows XP
Summary:
This is the ultimate MD5 cracker having both a built-in brute-force and
dictionary attack functionality.
6. WinArpSpoofer 0.5.3
By: Gordon Ahn
Relevant URL: http://www.nextsecurity.net/downloads/winarpspoof/WinArpSpoof.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Windows ARP Spoofer (WinArpSpoof) is a program that can scan the computers
including network devices and can spoof their ARP tables on local area network
and can act as a router while pulling all packets on LAN. In addition, traffic
information through this program is measured.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
