Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #255

from [Marc Fossi] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #255
Date: Wed, 7 Sep 2005 14:23:38 -0600 (MDT) 
SecurityFocus Microsoft Newsletter #255
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I. FRONT AND CENTER
1. Exploiting Cisco with FX
2. A changing landscape
3. A new way to bypass Windows heap protections
II. MICROSOFT VULNERABILITY SUMMARY
1. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
2. Novell Netware CIFS.NLM Denial of Service Vulnerability
3. DameWare Mini Remote Control Server Pre-Authentication Username Buffer Overflow Vulnerability
4. Symantec LiveUpdate Client Local Information Disclosure Vulnerability
5. 3Com Network Supervisor Directory Traversal Vulnerability
6. Novell NetMail Remote IMAP Heap Buffer Overflow Vulnerability
7. WhitSoft Development SlimFTPd Remote Denial of Service Vulnerability
8. OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
9. OpenSSH GSSAPI Credential Disclosure Vulnerability
10. FileZilla FTP Client Hard-Coded Cipher Key Vulnerability
11. Rediff Bol Instant Messenger ActiveX Control Information Disclosure Vulnerability
12. Microsoft Windows Keyboard Event Privilege Escalation Weakness
13. Microsoft Internet Explorer Unspecified Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Exploiting Cisco with FX
By Federico Biancuzzi
This interview with FX discusses Cisco IOS exploitation, Michael Lynn's work, and what FX believes can be done when hacking IOS.
http://www.securityfocus.com/columnists/351

2. A changing landscape
By Rohyt Belani
In 2004, I came across an empirical study published by the CERT/CC that indicated a diminishing correlation between the number of vendor-issued vulnerabilities and the number of reported security incidents.
http://www.securityfocus.com/columnists/352

3. A new way to bypass Windows heap protections
By Nicolas Falliere
Windows heap overflows have become increasingly popular over the last couple of years.
http://www.securityfocus.com/infocus/1846


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
BugTraq ID: 14678
Remote: Yes
Date Published: 2005-08-29
Relevant URL: http://www.securityfocus.com/bid/14678
Summary:
FUDforum is prone to a remote arbitrary PHP file upload vulnerability.

An attacker can merge an image file with a script file and upload it to an affected server.

This issue can facilitate unauthorized remote access.

FUDforum versions prior to 2.7.1 are reported to be affected. Currently Symantec cannot confirm if version 2.7.1 is affected as well.

2. Novell Netware CIFS.NLM Denial of Service Vulnerability
BugTraq ID: 14701
Remote: Yes
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14701
Summary:
Netware CIFS.NLM is reportedly prone to a remote denial of service vulnerability.

Reportedly, the W32.Randex.CCC worm can trigger this issue resulting in a denial of service condition due to an ABEND.

NetWare 5.1, 6.0, 6.5 SP2 and 6.5 SP3 are vulnerable to this issue.

3. DameWare Mini Remote Control Server Pre-Authentication Username Buffer Overflow Vulnerability
BugTraq ID: 14707
Remote: Yes
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14707
Summary:
DameWare Mini Remote Control Server is affected by a remote buffer overflow vulnerability. This issue presents itself because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers.

Remote attackers may execute arbitrary machine code in the context of the affected server process, facilitating system compromise.

This issue is similar to the one described in BID 9213 (DameWare Mini Remote Control Server Pre-Authentication Buffer Overflow Vulnerability). This issue may be related, or possibly a regression in the affected application.

4. Symantec LiveUpdate Client Local Information Disclosure Vulnerability
BugTraq ID: 14708
Remote: No
Date Published: 2005-08-31
Relevant URL: http://www.securityfocus.com/bid/14708
Summary:
Symantec LiveUpdate Client is susceptible to a local information disclosure vulnerability.

Sensitive information such as the server name, IP address, subnet, subnet mask, connection protocol, username and password to access the LiveUpdate server are logged in a plain text file.

A local attacker can subsequently access the file and disclose authentication credentials to access the server. This may lead to various attacks including the potential compromise of the server.

5. 3Com Network Supervisor Directory Traversal Vulnerability
BugTraq ID: 14715
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14715
Summary:
Network Supervisor is prone to a directory traversal vulnerability.

The application fails to properly sanitize input supplied through HTTP GET requests.

Exploitation of this vulnerability could lead to a loss of confidentiality as arbitrary files are disclosed to an attacker. It should be noted that all files on the affected drive can be disclosed by a successful attack.

6. Novell NetMail Remote IMAP Heap Buffer Overflow Vulnerability
BugTraq ID: 14718
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14718
Summary:
Novell NetMail is susceptible to a buffer overflow vulnerability in the IMAP command continuation function in the IMAP agent. This issue is due to a lack of proper boundary checks when copying user-supplied data to insufficiently-sized memory buffers.

This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected server process.

This issue was originally documented in BID 13926 (Novell NetMail Multiple Remote Vulnerabilities).


7. WhitSoft Development SlimFTPd Remote Denial of Service Vulnerability
BugTraq ID: 14723
Remote: Yes
Date Published: 2005-09-02
Relevant URL: http://www.securityfocus.com/bid/14723
Summary:
SlimFTPd is prone to a remote denial of service vulnerability. This issue is due to a failure in the application to handle exceptional conditions.

The problem presents itself during login. The application fails to handle malicious input in a proper manner resulting in a crash of the server, thus denying service to legitimate users.

8. OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
BugTraq ID: 14727
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14727
Summary:
OpenSSH is susceptible to a vulnerability that causes improper activation of the 'GatewayPorts' option, allowing unintended hosts to utilize the SSH SOCKS proxy.

Specifically, if the 'DynamicForward' option is activated, 'GatewayPorts' is also unconditionally enabled.

This vulnerability allows remote attackers to utilize the SOCKS proxy to make arbitrary TCP connections through the configured SSH session, allowing them to attack computers and services through a connection that was inappropriately thought to be secure.

This issue affects OpenSSH 4.0, and 4.1.

9. OpenSSH GSSAPI Credential Disclosure Vulnerability
BugTraq ID: 14729
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14729
Summary:
OpenSSH is susceptible to a GSSAPI credential delegation vulnerability.

Specifically, if a user has GSSAPI authentication configured, and 'GSSAPIDelegateCredentials' is enabled, their Kerberos credentials will be forwarded to remote hosts. This occurs even when the user uses authentication methods other than GSSAPI to connect, which is not what is usually expected.

This vulnerability allows remote attackers to improperly gain access to GSSAPI credentials, allowing them to utilize the credentials to access resources granted to the original principal.

This issue affects versions of OpenSSH prior to 4.2.

10. FileZilla FTP Client Hard-Coded Cipher Key Vulnerability
BugTraq ID: 14730
Remote: No
Date Published: 2005-09-02
Relevant URL: http://www.securityfocus.com/bid/14730
Summary:
FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers.

The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the Windows Registry.

This can allow the attacker to gain access to an FTP server with the privileges of the victim.

11. Rediff Bol Instant Messenger ActiveX Control Information Disclosure Vulnerability
BugTraq ID: 14740
Remote: Yes
Date Published: 2005-09-05
Relevant URL: http://www.securityfocus.com/bid/14740
Summary:
Rediff Bol Instant Messenger is prone to an information disclosure vulnerability. A malicious ActiveX control could allow an attacker to obtain the contents of a vulnerable user's Windows Address Book.


12. Microsoft Windows Keyboard Event Privilege Escalation Weakness
BugTraq ID: 14743
Remote: No
Date Published: 2005-09-05
Relevant URL: http://www.securityfocus.com/bid/14743
Summary:
Microsoft Windows is prone to a privilege escalation weakness. This issue is due to a design error when desktop applications handle keyboard events sent through the keybd_event() function. The specific issue is that programs may send keyboard events to higher privileged desktop applications.

This poses a local security risk as malicious keyboard events may be sent to a desktop application such as 'explorer.exe' that is running as a higher privileged user. These keyboard events will be interpreted in the context of the target user. This issue could likely be abused after exploitation of a latent remote code execution vulnerability in a service to elevate privileges. In this scenario, a user with higher privileges than the service must be logged into the desktop.

13. Microsoft Internet Explorer Unspecified Remote Code Execution Vulnerability
BugTraq ID: 14755
Remote: Yes
Date Published: 2005-09-01
Relevant URL: http://www.securityfocus.com/bid/14755
Summary:
Microsoft Internet Explorer is affected by an unspecified remote vulnerability.

This vulnerability allows a remote attacker to execute arbitrary code and potentially gain unauthorized access in the context of the user running the browser.

This issue also affects Microsoft Outlook and Microsoft Outlook Express.

Due to a lack of information, further details cannot be described at the moment. This BID will be updated when more information becomes available.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130





---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #255, Marc Fossi <=
Previous by Date:  RE: Group Policy: multiple password policies in the same domain?, Federated Information Security
Next by Date:  RE: LSADump2 Crashing Systems, Ghetti, Tim
Previous by Thread:  LSADump2 Crashing Systems, oh face
Next by Thread:  runas vs network connections etc etc...., Murad Talukdar
Indexes:  [Date] [Thread] [Top] [All Lists]