Network Security: Detailed info on SecurityFocus Microsoft Newsletter #254

Subject:	SecurityFocus Microsoft Newsletter #254
Date:	Wed, 31 Aug 2005 07:40:24 -0600 (MDT)

SecurityFocus Microsoft Newsletter #254
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------ I. FRONT AND CENTER 1. The great firewall of China II. MICROSOFT VULNERABILITY SUMMARY 1. Sysinternals Process Explorer CompanyName Value Buffer Overflow Vulnerability 2. Computer Associates Message Queuing Denial Of Service Vulnerability 3. Computer Associates Message Queuing Buffer Overflow Vulnerability 4. Computer Associates Message Queuing CAFT Spoofing Vulnerability 5. ZipTorrent Proxy Server Password Disclosure Vulnerability 6. Mercora IMRadio Plaintext Password Disclosure Weakness 7. MPlayer Audio Header Buffer Overflow Vulnerability 8. Home Ftp Server Multiple Vulnerabilities 9. PAFileDB Auth.PHP SQL Injection Vulnerability 10. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability 11. HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities 12. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability 13. Microsoft Internet Explorer Unspecified Remote Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #253 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION

I. FRONT AND CENTER --------------------- 1. The great firewall of China By Scott Granneman When a barrage of attacks and hacking attempts come from IP addresses traced back to China, and you don't do any business in China, do you block their entire IP address range and call it a day? http://www.securityfocus.com/columnists/350

II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Sysinternals Process Explorer CompanyName Value Buffer Overflow Vulnerability BugTraq ID: 14616 Remote: Yes Date Published: 2005-08-20 Relevant URL: http://www.securityfocus.com/bid/14616 Summary: Process Explorer is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data.

A successful attack can result in the overflowing of a finite sized buffer and may ultimately lead to the execution of arbitrary code in the context of the affected application.

2. Computer Associates Message Queuing Denial Of Service Vulnerability BugTraq ID: 14621 Remote: Yes Date Published: 2005-08-22 Relevant URL: http://www.securityfocus.com/bid/14621 Summary: Computer Associates Message Queuing (CAM) is prone to a remote denial of service vulnerability.

A remote attacker can exploit this vulnerability to deny service to legitimate users.

It should be noted exploitation of this issue does not cause the affected application to consume system resources. The only known consequence is no further connections to the TCP port can take place.

3. Computer Associates Message Queuing Buffer Overflow Vulnerability BugTraq ID: 14622 Remote: Yes Date Published: 2005-08-22 Relevant URL: http://www.securityfocus.com/bid/14622 Summary: Computer Associates Message Queuing (CAM) is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to perform proper bounds checking on user-supplied data.

A successful attack can cause the process's execution stack to overflow and may ultimately lead to the execution of arbitrary code in the context of the affected application. This may facilitate privilege escalation to SYSTEM level privileges.

4. Computer Associates Message Queuing CAFT Spoofing Vulnerability BugTraq ID: 14623 Remote: Yes Date Published: 2005-08-22 Relevant URL: http://www.securityfocus.com/bid/14623 Summary: CAM is prone to a vulnerability that could permit the spoofing of a CAFT application utilizing the CAM instance. This may ultimately allow the execution of arbitrary commands. CAFT is a file transfer application that utilizes CAM to send and receive the files. The problem presents itself due to a failure in the CAM service to verify the legitimacy of the CAFT application. An attacker can spoof a legitimate CAFT instance and ultimately execute arbitrary CAM commands with elevated privileges.

5. ZipTorrent Proxy Server Password Disclosure Vulnerability BugTraq ID: 14645 Remote: No Date Published: 2005-08-23 Relevant URL: http://www.securityfocus.com/bid/14645 Summary: ZipTorrent is affected by a vulnerability that may allow local attackers to obtain the proxy server passwords of affected users.

This may lead to various attacks against affected users including the disclosure of sensitive information.

ZipTorrent 1.3.7.3 is vulnerable to this issue, however, other versions may be affected as well.

6. Mercora IMRadio Plaintext Password Disclosure Weakness BugTraq ID: 14646 Remote: No Date Published: 2005-08-23 Relevant URL: http://www.securityfocus.com/bid/14646 Summary: Mercora IMRadio is prone to a plaintext password disclosure weakness. Registry keys for the application are not encrypted or obfuscated in any way. A local attacker may monitor the keyboard, CRT and mouse activity of a local administrator and retrieve the usernames and passwords for other users of the affected application.It should be noted that normal user accounts do not have the ability to read these registry keys. In the event that an attacker gains administrative privileges by some other means, these usernames and passwords could be viewed and recorded to launch further attacks on the affected computer.

7. MPlayer Audio Header Buffer Overflow Vulnerability BugTraq ID: 14652 Remote: Yes Date Published: 2005-08-24 Relevant URL: http://www.securityfocus.com/bid/14652 Summary: A buffer overflow vulnerability affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.

The problem presents itself when the affected application attempts to process audio streams that contain overly large values in their header.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

8. Home Ftp Server Multiple Vulnerabilities BugTraq ID: 14653 Remote: Yes Date Published: 2005-08-24 Relevant URL: http://www.securityfocus.com/bid/14653 Summary: Home Ftp Server is affected by multiple vulnerabilities. These issues can allow local attackers to disclose sensitive information and remote attackers to carry out directory traversal attacks.

Home Ftp Server 1.0.7 b45 is reported to be vulnerable. Other versions may be affected as well.

9. PAFileDB Auth.PHP SQL Injection Vulnerability BugTraq ID: 14654 Remote: Yes Date Published: 2005-08-24 Relevant URL: http://www.securityfocus.com/bid/14654 Summary: paFileDB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Exploitation of this issue may allow for compromise of the software, session hijacking, or attacks against the underlying database. Other attacks are also possible.


10. LeapFTP Client LSQ File Remote Buffer Overflow Vulnerability
BugTraq ID: 14655
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14655
Summary:
LeapFTP client is prone to a remote buffer overflow vulnerability.

The issue arises when the client handles a malformed LeapFTP Site Queue (.lsq) file.

A remote attacker may gain unauthorized access in the context of the user running the application.

LeapFTP versions prior to 2.7.6.612 are affected by this vulnerability.

11. HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities BugTraq ID: 14662 Remote: Yes Date Published: 2005-08-25 Relevant URL: http://www.securityfocus.com/bid/14662 Summary: HP OpenView Network Node Manager is prone to multiple remote arbitrary command execution vulnerabilities.

These issue arises when the user-specified 'node' URI parameter of various scripts is utilized as a part of a command to be executed with the 'system()' function.

These issues may facilitate unauthorized remote access in the context of the Web server to the affected computer.

These issues affects version 6.41 and 7.5 on the Solaris platform. Unknown versions of the package on Microsoft Windows platforms is also affected. It is likely that other versions and platforms are also affected.

12. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
BugTraq ID: 14678
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14678
Summary:
FUDforum is prone to a remote arbitrary PHP file upload vulnerability.

An attacker can merge an image file with a script file and upload it to an affected server.

This issue can facilitate unauthorized remote access.

FUDforum versions prior to 2.7.1 are reported to be affected. Currently Symantec cannot confirm if version 2.7.1 is affected as well.

13. Microsoft Internet Explorer Unspecified Remote Vulnerability
BugTraq ID: 14683
Remote: Yes
Date Published: 2005-08-27
Relevant URL: http://www.securityfocus.com/bid/14683
Summary:
Microsoft Internet Explorer is affected by an unspecified remote vulnerability.

This vulnerability affects Internet Explorer 6.0 running on Microsoft Windows XP SP2. A successful attack can crash the browser or potentially result in arbitrary code execution.

Due to a lack of information, further details cannot be provided. This BID will be updated when more information becomes available.


III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #253
http://www.securityfocus.com/archive/88/409064

IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

---------------------------------------------------------------------------
---------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
SecurityFocus Microsoft Newsletter #254, Marc Fossi <=

Previous by Date:	Group Policy: multiple password policies in the same domain?, Derick Anderson
Next by Date:	Call for new mailing lists @ SecurityFocus, Alfred Huger
Previous by Thread:	Group Policy: multiple password policies in the same domain?, Derick Anderson
Next by Thread:	Call for new mailing lists @ SecurityFocus, Alfred Huger
Indexes:	[Date] [Thread] [Top] [All Lists]