SecurityFocus Microsoft Newsletter #244

SecurityFocus Microsoft Newsletter #244
----------------------------------------

This Issue is Sponsored By: WhiteHat Security

Think network security products protect your websites?  That's just one of five 
common misconceptions that can leave your websites open to attack.  Download 
The Five Myths of Web Application Security from WhiteHat Security and get the 
facts about vulnerability assessment and management for websites.  To receive 
this complimentary white paper, click here:

http://www.securityfocus.com/sponsor/WhiteHat_ms-secnews_050614

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Shred It!
       2. A Role Model for Security. Almost.
       3. Software Firewalls: Made of Straw? Part 1 of 2
       4. Microsoft's Most Successful Failure
II.  MICROSOFT VULNERABILITY SUMMARY
       1. MSN ILoveMessenger Cross-Site Scripting Vulnerability
       2. Rakkarsoft RakNet Remote Denial of Service Vulnerability
       3. Software602 602 LAN Suite 2004 HTML Injection Log Obfuscation 
Vulnerability
       4. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
       5. Kaspersky Anti-Virus Klif.Sys Privilege Escalation Vulnerability
       6. Pragma TelnetServer Log Obfuscation Vulnerability
       7. TCPDump BGP Decoding Routines Denial Of Service Vulnerability
       8. Invision Power Services Invision Gallery SQL Injection Vulnerability
       9. FutureSoft TFTP Server 2000 Remote Denial Of Service Vulnerability
       10. Invision Community Blog Multiple Input Validation Vulnerabilities
       11. Microsoft June Advance Notification Unspecified Security 
Vulnerabilities
       12. Macromedia eLicensing Client Activation Code Local Privilege 
Escalation Vulnerability
       13. Novell NetMail Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
       1. DHCP database
       2. Scripted Software removal (Encrypting Credentials)
       3. E-Mail gateway on IIS.
       4. reconsidering physical security: pod slurping
       5. Restricting file server to access to domain computers only.
       6. Kerberos & NTLM Auth in IIS6
       7. Windows Server 2K Lockdown
       8. [Q] Beef Up Active Directory
       9. DEP on Windows XP SP2
       10. Using Messenger Service for 'Net Send' Functionality ---    
Dangerous? Why?
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Shred It!
By Mark Rasch
The second worst thing you can do in the face of a government investigation is 
to destroy the documents relevant to that investigation. The worst thing you 
can do, of course, is to almost destroy these documents.
http://www.securityfocus.com/columnists/332

2. A Role Model for Security. Almost.
By Jason Miller
The pursuit of absolute security is a lot like perfectionism.
http://www.securityfocus.com/columnists/331

3. Software Firewalls: Made of Straw? Part 1 of 2
By Israel G. Lugo, Don Parker
The concept of a firewall still brings to mind the picture of an impenetrable 
brick wall, the unsurpassable magic protector of all that is good.
http://www.securityfocus.com/infocus/1839

4. Microsoft's Most Successful Failure
By Mark Burnett
 Someone once asked Pable Picasso which one of his many paintings was his 
favorite. His reply: the next one. Ask Steve Ballmer which version of Windows 
is the most secure and guess what his answer will be?
http://www.securityfocus.com/columnists/330


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. MSN ILoveMessenger Cross-Site Scripting Vulnerability
BugTraq ID: 13855
Remote: Yes
Date Published: 2005-06-04
Relevant URL: http://www.securityfocus.com/bid/13855
Summary:
ilovemessenger is prone to a cross-site scripting vulnerbility.  This issue is 
due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in 
the browser of an unsuspecting user in the context of the affected site.  This 
may facilitate the theft of cookie-based authentication credentials as well as 
other attacks.

It should be noted, given the vulnerability is located at a subdomain of 
MSN.com, this vulnerability could facilitate the theft of Hotmail cookie-based 
credentials, thus allowing an attacker complete access to the victim users 
Hotmail email account.

2. Rakkarsoft RakNet Remote Denial of Service Vulnerability
BugTraq ID: 13862
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13862
Summary:
Rakkarsoft RakNet is affected by a remote denial of service vulnerability.

Reportedly, the vulnerability presents itself when the library handles an empty 
UDP packet.

RakNet 2.33 and prior versions released before May 30, 2005 are affected by 
this vulnerability.  Various games employing the affected library may be 
vulnerable as well.

3. Software602 602 LAN Suite 2004 HTML Injection Log Obfuscation Vulnerability
BugTraq ID: 13872
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13872
Summary:
602 Lan Suite 2004 is affected by an HTML injection vulnerability.

An attack may allow the attacker to obfuscate logs and hide nefarious 
activities from an administrator.  It is currently unknown if other attacks are 
possible.


4. Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities
BugTraq ID: 13873
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13873
Summary:
Multiple vendors are prone to a new class of attack named 'HTTP Request 
Smuggling'. This class of attack basically revolves around piggybacking a HTTP 
request inside of another HTTP request. By leveraging failures to implement the 
HTTP/1.1 RFC properly, it is demonstrated that this class of attack may result 
in cache poisoning, cross-site scripting, session hijacking and other attacks.

5. Kaspersky Anti-Virus Klif.Sys Privilege Escalation Vulnerability
BugTraq ID: 13878
Remote: Yes
Date Published: 2005-06-06
Relevant URL: http://www.securityfocus.com/bid/13878
Summary:
Kaspersky Anti-Virus for Microsoft Windows 2000 platforms is prone to a 
privilege escalation vulnerability.

The issue manifests in the Kaspersky kernel driver 'klif.sys'. This issue may 
ultimately result in the execution of attacker-supplied code in the context of 
the system kernel (ring-0).

Kaspersky Anti-Virus versions 5.0.227, 5.0.228, and 5.0.335 when running on 
Microsoft Windows 2000 are reported prone.



6. Pragma TelnetServer Log Obfuscation Vulnerability
BugTraq ID: 13896
Remote: Yes
Date Published: 2005-06-08
Relevant URL: http://www.securityfocus.com/bid/13896
Summary:
Pragma TelnetServer is affected by a log obfuscation vulnerability.

This attack may allow the attacker to obfuscate logs and hide nefarious 
activities from an administrator. It is currently unknown if other attacks are 
possible.

Pragma TelnetServer 6.0 is affected by this issue.

7. TCPDump BGP Decoding Routines Denial Of Service Vulnerability
BugTraq ID: 13906
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13906
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker to cause a 
denial of service condition in the software.  The issue occurs due to the way 
tcpdump decodes Border Gateway Protocol (BGP) packets.  A remote attacker may 
cause the software to enter an infinite loop by sending malformed ISIS packets 
resulting in the software hanging.

8. Invision Power Services Invision Gallery SQL Injection Vulnerability
BugTraq ID: 13907
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13907
Summary:
Invision Gallery is affected by an SQL injection vulnerability.

This issue is due to a failure in the application to properly sanitize 
user-supplied input to the 'index.php' script before using it in an SQL query.

Successful exploitation could result in a compromise of the application, 
disclosure or modification of data, or may permit an attacker to exploit 
vulnerabilities in the underlying database implementation.

Invision Gallery 1.3.0 and prior are vulnerable.

9. FutureSoft TFTP Server 2000 Remote Denial Of Service Vulnerability
BugTraq ID: 13908
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13908
Summary:
FutureSoft TFTP Server 2000 is prone to a remote denial of service 
vulnerability. Reports indicate the issue manifests when the TFTP server 
handles certain types of UDP datagrams.

A remote attacker may exploit this issue to crash the affected service.

10. Invision Community Blog Multiple Input Validation Vulnerabilities
BugTraq ID: 13910
Remote: Yes
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13910
Summary:
Multiple input validation vulnerabilities reportedly affect Invision Community 
Blog.  These issues are due to a failure of the application to properly 
sanitize user-supplied input prior to using it to carry out critical actions.

The first issue is a cross-site scripting issue and the second set of issues 
are SQL injection issues.

An attacker may leverage these issues to carry out cross-site scripting and SQL 
injection attacks against the affected application.  This may result in the 
theft of authentication credentials, destruction or disclosure of sensitive 
data, and potentially other attacks.

11. Microsoft June Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 13923
Remote: Unknown
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13923
Summary:
Microsoft has released advanced notification that they will be releasing ten 
security bulletins for Windows on June 14, 2005.  Eight vulnerabilities will be 
addressed by these security bulletins.

The maximum severity rating of any of these bulletins is 'Critical'.

12. Macromedia eLicensing Client Activation Code Local Privilege Escalation 
Vulnerability
BugTraq ID: 13925
Remote: No
Date Published: 2005-06-09
Relevant URL: http://www.securityfocus.com/bid/13925
Summary:
The Macromedia installer and eLicensing client for Microsoft Windows platforms 
install a service 'Macromedia Licensing Service' when installing Macromedia 
products.

The service is a local service only that runs with SYSTEM privileges. The 
vendor reports that this service is installed with insecure permissions that 
allow unprivileged members of the 'Users' group to make changes to the 
'Macromedia Licensing Service' configuration. In making said changes a local 
attacker may leverage this issue to gain SYSTEM level access to a target 
computer.

13. Novell NetMail Multiple Remote Vulnerabilities
BugTraq ID: 13926
Remote: Yes
Date Published: 2005-06-10
Relevant URL: http://www.securityfocus.com/bid/13926
Summary:
Novell NetMail is susceptible to multiple remote vulnerabilities.

The IMAP agent is susceptible to two remote buffer overflow vulnerabilities, 
and the Modweb agent is susceptible to a remote buffer overflow vulnerability. 
These issues allow remote attackers to execute arbitrary machine code in the 
context of the affected server process.

The Modweb agent is susceptible to two remote denial of service 
vulnerabilities. These issues allow remote attackers to crash the service, and 
to consume excessive CPU resources. These issues result in the denial of 
service to legitimate users.

The Modweb agent is also susceptible to a cross-site scripting vulnerability, 
allowing attackers to execute arbitrary HTML and script code in unsuspecting 
users Web browsers in the context of the affected Web site.

This BID will be split into its individual issues at a later date.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. DHCP database
http://www.securityfocus.com/archive/88/402113

2. Scripted Software removal (Encrypting Credentials)
http://www.securityfocus.com/archive/88/402112

3. E-Mail gateway on IIS.
http://www.securityfocus.com/archive/88/402104

4. reconsidering physical security: pod slurping
http://www.securityfocus.com/archive/88/402101

5. Restricting file server to access to domain computers only.
http://www.securityfocus.com/archive/88/401904

6. Kerberos & NTLM Auth in IIS6
http://www.securityfocus.com/archive/88/401853

7. Windows Server 2K Lockdown
http://www.securityfocus.com/archive/88/401825

8. [Q] Beef Up Active Directory
http://www.securityfocus.com/archive/88/401802

9. DEP on Windows XP SP2
http://www.securityfocus.com/archive/88/401688

10. Using Messenger Service for 'Net Send' Functionality ---    Dangerous? Why?
http://www.securityfocus.com/archive/88/401953

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: WhiteHat Security

Think network security products protect your websites?  That's just one of five 
common misconceptions that can leave your websites open to attack.  Download 
The Five Myths of Web Application Security from WhiteHat Security and get the 
facts about vulnerability assessment and management for websites.  To receive 
this complimentary white paper, click here:

http://www.securityfocus.com/sponsor/WhiteHat_ms-secnews_050614





---------------------------------------------------------------------------
---------------------------------------------------------------------------