SecurityFocus Microsoft Newsletter #247

SecurityFocus Microsoft Newsletter #247
----------------------------------------

This Issue is Sponsored By: Black Hat

Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow's threats today. Free of 
vendor pitches, the Briefings are designed to be pragmatic regardless of your 
security environment. Featuring 29 hands-on training courses and 10 conference 
tracks, networking opportunities with over 2,000 delegates from 30+ nations.

http://www.securityfocus.com/sponsor/BlackHat_sf-news_050705

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Rats in the security world
       2. Fighting EPO Viruses
       3. Who's to blame?
II.  MICROSOFT VULNERABILITY SUMMARY
       1. ASPNuke Multiple Cross-Site Scripting Vulnerabilities
       2. ASPNuke Language_Select.ASP HTTP Response Splitting Vulnerability
       3. ASPNuke Comment_Post.ASP SQL Injection Vulnerability
       4. True North Software IA EMailServer Remote Format String Vulnerability
       5. RealNetworks Real and RealOne Player Unspecified MP3 ActiveX Control 
Execution Vulnerability
       6. Adobe Acrobat/Adobe Reader Safari Frameworks Folder Permission 
Escalation Vulnerability
       7. Adobe Acrobat/Adobe Reader Arbitrary File Execution Vulnerability
       8. Infradig Inframail Advantage Server Edition Multiple Remote Buffer 
Overflow Vulnerabilities
       9. SofoTex BisonFTP Remote Denial Of Service Vulnerability
       10. Hosting Controller Error.ASP Cross-Site Scripting Vulnerability
       11. PHPBB Viewtopic.PHP Remote Code Execution Vulnerability
       12. Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation 
Heap Overflow Vulnerability
       13. Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple 
Vulnerabilities Fixed
       14. Community Link Pro Login.CGI File Parameter Remote Command Execution 
Vulnerability
       15. Raven Software Soldier Of Fortune 2 Ignore Command Remote Denial of 
Service Vulnerability
       16. NateOn Messenger Directory Listing Disclosure Vulnerability
       17. Drupal Arbitrary PHP Code Execution Vulnerability
       18. Mambo Open Source Multiple Unspecified Injection Vulnerabilities
       19. Mambo Open Source Session ID Spoofing Vulnerability
       20. Prevx Pro 2005 Intrusion Prevention System Multiple Vulnerabilities
       21. Golden FTP Server Pro Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
       1. what is file refcache.ser
       2. Blackhat Vegas 2005 Training
       3. SecurityFocus Microsoft Newsletter #246
       4. DOMAIN CONTROLLER STOLEN...WHAT NEXT?
       5. Local admin password
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Rats in the security world
By Mark Burnett
I say it's now time we took a step back and exterminated some of these rats.
http://www.securityfocus.com/columnists/336

2. Fighting EPO Viruses
By Piotr Bania
This short article describes the so-called Entry-Point Obscuring (EPO) virus 
coding technique, primarily through a direct analysis of the Win32.CTX.Phage 
virus.
http://www.securityfocus.com/infocus/1841

3. Who's to blame?
By Kelly Martin
If there's one thing the security industry is really good at, it's pointing 
fingers.
http://www.securityfocus.com/columnists/337


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. ASPNuke Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14062
Remote: Yes
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14062
Summary:
ASPNuke is prone to multiple cross-site scripting vulnerabilities.  These 
issues are due to a failure in the application to properly sanitize 
user-supplied input.

An attacker may leverage any of these issues to have arbitrary script code 
executed in the browser of an unsuspecting user in the context of the affected 
site.  This may facilitate the theft of cookie-based authentication credentials 
as well as other attacks.


2. ASPNuke Language_Select.ASP HTTP Response Splitting Vulnerability
BugTraq ID: 14063
Remote: Yes
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14063
Summary:
ASPNuke is prone to an HTTP response splitting vulnerability.  This issue is 
due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent 
how Web content is served, cached or interpreted. This could aid in various 
attacks that attempt to entice client users into a false sense of trust.

3. ASPNuke Comment_Post.ASP SQL Injection Vulnerability
BugTraq ID: 14064
Remote: Yes
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14064
Summary:
ASPNuke is prone to an SQL injection vulnerability.  This issue is due to a 
failure in the application to properly sanitize user-supplied input before 
using it in an SQL query.

Successful exploitation could result in a compromise of the application, 
disclosure or modification of data, or may permit an attacker to exploit 
vulnerabilities in the underlying database implementation.

4. True North Software IA EMailServer Remote Format String Vulnerability
BugTraq ID: 14065
Remote: Yes
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14065
Summary:
True North Software IA eMailServer is prone to a remote format string 
vulnerability. This issue is likely due to a failure of the application to 
properly sanitize user-supplied input before using it as the format specifier 
in a formatted printing function.

Reports indicate that immediate consequences of successful exploitation is a 
denial of service.

IA eMailServer version 5.2.2. Build: 1051, is prone to this issue. Previous 
versions might also be affected.


5. RealNetworks Real and RealOne Player Unspecified MP3 ActiveX Control 
Execution Vulnerability
BugTraq ID: 14073
Remote: Yes
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14073
Summary:
NGSSoftware report that a vulnerability affects RealPlayer for Windows. Reports 
indicate that the issue may be exploited to overwrite an arbitrary file or 
execute an ActiveX control using a specially formatted malicious MP3 file.

Details about this vulnerability have been withheld until a later date (Sep 
27th, 2005). This BID will be updated as soon as this information is made 
available.


6. Adobe Acrobat/Adobe Reader Safari Frameworks Folder Permission Escalation 
Vulnerability
BugTraq ID: 14075
Remote: No
Date Published: 2005-06-27
Relevant URL: http://www.securityfocus.com/bid/14075
Summary:
Adobe Acrobat and Adobe Reader running on Mac OS X are affected by a folder 
permission escalation vulnerability.

The vulnerability exists in the Adobe Reader and Acrobat updater.

A successful attack can allow local attackers to add potentially malicious 
Frameworks leading to various attacks including potential privilege escalation.

7. Adobe Acrobat/Adobe Reader Arbitrary File Execution Vulnerability
BugTraq ID: 14076
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14076
Summary:
Adobe Acrobat and Adobe Reader running on Mac OS X are affected by a 
vulnerability that can allow remote attackers to execute arbitrary files on a 
computer.

This issue arises when a PDF file containing malicious JavaScript code is 
handled by the applications.

Exploitation of this issue can lead to various attacks including execution of 
arbitrary code with the privileges of the user running Adobe Acrobat or Adobe 
Reader.

8. Infradig Inframail Advantage Server Edition Multiple Remote Buffer Overflow 
Vulnerabilities
BugTraq ID: 14077
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14077
Summary:
Infradig Inframail Advantage Server Edition is affected by multiple remote 
buffer overflow vulnerabilities.  These issues arise due to a lack of boundary 
checks performed by the application and may allow remote attackers to execute 
machine code in the context of the server process.

The following specific issues were identified:

A remote buffer overflow vulnerability affects the FTP server component of 
Inframail Advantage Server Edition.

Another remote buffer overflow vulnerability affects the mail server component 
of Inframail Advantage Server Edition.

Infradig Inframail Advantage Server Edition 6.0 version 6.37 is reportedly 
affected by this issue.

9. SofoTex BisonFTP Remote Denial Of Service Vulnerability
BugTraq ID: 14079
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14079
Summary:
SofoTex BisonFTP is prone to a remote denial of service vulnerability. Reports 
indicate that the issue may only be exploited after successful authentication.

A remote attacker may exploit this issue to deny service for legitimate users.


10. Hosting Controller Error.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14080
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14080
Summary:
Hosting Controller is prone to a cross-site scripting vulnerability. This issue 
is due to a failure in the application to properly sanitize user-supplied input 
to the 'error.asp' script.

An attacker may leverage this issue to have arbitrary script code executed in 
the browser of an unsuspecting user in the context of the affected site. This 
may facilitate the theft of cookie-based authentication credentials as well as 
other attacks.

11. PHPBB Viewtopic.PHP Remote Code Execution Vulnerability
BugTraq ID: 14086
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14086
Summary:
The 'viewtopic.php' phpBB script is prone to a remote PHP script injection 
vulnerability.  This issue is due to a failure of the application to properly 
sanitize user-supplied URI parameters before using them to construct 
dynamically generated web pages.

This issue may allow a remote attacker to execute arbitrary commands in the 
context of the web server that is hosting the vulnerable software.

12. Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap 
Overflow Vulnerability
BugTraq ID: 14087
Remote: Yes
Date Published: 2005-06-29
Relevant URL: http://www.securityfocus.com/bid/14087
Summary:
Microsoft Internet Explorer is prone to a heap-based buffer overflow 
vulnerability.  The vulnerability is exposed when the 'javaprxy.dll' COM object 
is instantiated by a malicious Web page.

This issue may potentially be exploited to execute arbitrary code in the 
context of the client.

The issue was reported in Internet Explorer 6.0 releases on Windows XP SP2.  
Other versions may also be affected.



13. Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple 
Vulnerabilities Fixed
BugTraq ID: 14093
Remote: Yes
Date Published: 2005-06-28
Relevant URL: http://www.securityfocus.com/bid/14093
Summary:
Microsoft has released Update Rollup 1 for Windows 2000 SP4.  This release 
addresses a number of bugs, including some potential security vulnerabilities 
and weaknesses and includes various security enhancements and roll-ups for 
previous security updates.  In addition to many previously released security 
patches, the Update Rollup also includes fixes for many issues that may 
potentially impact security properties of various operating system components.


14. Community Link Pro Login.CGI File Parameter Remote Command Execution 
Vulnerability
BugTraq ID: 14097
Remote: Yes
Date Published: 2005-06-29
Relevant URL: http://www.securityfocus.com/bid/14097
Summary:
Community Link Pro is prone to a remote arbitrary command execution 
vulnerability.  This issue presents itself due to insufficient sanitization of 
user-supplied data.

Due to this, an attacker can prefix arbitrary commands with the '|' character 
and have them executed in the context of the server.


15. Raven Software Soldier Of Fortune 2 Ignore Command Remote Denial of Service 
Vulnerability
BugTraq ID: 14098
Remote: Yes
Date Published: 2005-06-29
Relevant URL: http://www.securityfocus.com/bid/14098
Summary:
A remote denial of service vulnerability affects Raven Software Soldier Of 
Fortune 2.

The problem presents itself specifically when the affected server application 
receives an excessively large value through a '/ignore' command from a 
malicious client.

An attacker may leverage this issue to cause an affected server to crash, 
denying service to legitimate users.

16. NateOn Messenger Directory Listing Disclosure Vulnerability
BugTraq ID: 14100
Remote: Yes
Date Published: 2005-06-29
Relevant URL: http://www.securityfocus.com/bid/14100
Summary:
NateOn messenger is prone to a remote directory listing information disclosure 
vulnerability. The issue manifests due to an unspecified input validation issue.

An attacker may exploit this issue to gain directory listings for a target 
user. Information that is harvested in this manner may be used to aid in 
further attacks against a target user.


17. Drupal Arbitrary PHP Code Execution Vulnerability
BugTraq ID: 14110
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14110
Summary:
Drupal is prone to a vulnerability that permits the execution of arbitrary PHP 
code.  This issue is due to a failure in the application to properly sanitize 
user-supplied input.

The application's filter mechanism fails to properly sanitize user-supplied 
input to 'comments' and 'postings'.

The vendor has addressed this issue in Drupal versions 4.6.2 and 4.5.4; earlier 
versions are reported vulnerable.



18. Mambo Open Source Multiple Unspecified Injection Vulnerabilities
BugTraq ID: 14117
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14117
Summary:
Mambo is prone to multiple unspecified injection vulnerabilities.  These issues 
are most likely due to a failure in the application to properly sanitize 
user-supplied input.

Successful exploitation of these vulnerabilities could lead to unauthorized 
access; other attacks may also be possible.

The vendor has addressed these issues in Mambo version 4.5.2.2 and later; 
earlier versions are reported vulnerable.

19. Mambo Open Source Session ID Spoofing Vulnerability
BugTraq ID: 14119
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14119
Summary:
Mambo is prone to a session ID spoofing vulnerability.  This issue is due to a 
failure in the application to properly sanitize user-supplied input.

The vendor has addressed this issue in Mambo 4.5.2.2 and later; earlier 
versions are reported vulnerable.



20. Prevx Pro 2005 Intrusion Prevention System Multiple Vulnerabilities
BugTraq ID: 14123
Remote: No
Date Published: 2005-07-01
Relevant URL: http://www.securityfocus.com/bid/14123
Summary:
Prevx Pro 2005 Intrusion Prevention System is affected by multiple 
vulnerabilities.

Local attackers can bypass security features of the application.  This may lead 
to various attacks against the affected computer.

All versions of Prevx Pro 2005 are considered to be vulnerable at the moment.

21. Golden FTP Server Pro Multiple Remote Vulnerabilities
BugTraq ID: 14124
Remote: Yes
Date Published: 2005-07-01
Relevant URL: http://www.securityfocus.com/bid/14124
Summary:
Golden FTP Server Pro is affected by multiple remote vulnerabilities.

The following specific issues were identified:

Golden FTP Server Pro is susceptible to a directory traversal vulnerability.  A 
remote attacker may disclose file names and user names from the application 
directory.

An attacker can disclose the absolute path of a share by attempting to retrieve 
a file that does not exist.

These issues may aid in other attacks against the affected computer.

Golden FTP Server Pro 2.60 is affected by these vulnerabilities.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. what is file refcache.ser
http://www.securityfocus.com/archive/88/404249

2. Blackhat Vegas 2005 Training
http://www.securityfocus.com/archive/88/403786

3. SecurityFocus Microsoft Newsletter #246
http://www.securityfocus.com/archive/88/403852

4. DOMAIN CONTROLLER STOLEN...WHAT NEXT?
http://www.securityfocus.com/archive/88/403683

5. Local admin password
http://www.securityfocus.com/archive/88/403594

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Black Hat

Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow's threats today. Free of 
vendor pitches, the Briefings are designed to be pragmatic regardless of your 
security environment. Featuring 29 hands-on training courses and 10 conference 
tracks, networking opportunities with over 2,000 delegates from 30+ nations.

http://www.securityfocus.com/sponsor/BlackHat_sf-news_050705





---------------------------------------------------------------------------
---------------------------------------------------------------------------