Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #262

from [Marc Fossi] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #262
Date: Thu, 27 Oct 2005 07:44:42 -0600 (MDT) 
SecurityFocus Microsoft Newsletter #262
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I. FRONT AND CENTER
1. Collaborative endpoint security, part one
2. Evolution of Web-based worms
3. The click-wrap conundrum
II. MICROSOFT VULNERABILITY SUMMARY
1. RARLAB WinRAR Command Line Processing Buffer Overflow Vulnerability
2. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities
3. IBM DB2 Universal Database Multiple Vulnerabilities
4. Microsoft Windows Unspecified Remote Code Execution Vulnerability
5. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
6. Symantec Norton Antivirus For Macintosh DiskMountNotify Local Privilege Escalation Vulnerability
7. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
8. phpBB Avatar Upload HTML Injection Vulnerability
9. Skype Technologies Skype Networking Routine Heap Overflow Vulnerability
10. Belchior Foundry VCard Remote File Include Vulnerability
11. Microsoft Internet Explorer Java Applet Denial of Service Vulnerability
12. Jed Wing CHM Lib Stack Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. CFP: The First International Conference on Availability, Reliability and Security (AReS 2006), 20-22 April, 2006, Vienna, Austria
2. Change Password
3. Account Lockout Policy
4. security policy 'not specified' option
5. FW: Account Lockout Policy
6. Account Lockout Policy
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Collaborative endpoint security, part one
By Ivan Arce, Eduardo Arias
Part one of this article introduces endpoint security solution technologies and proposes a collaborative approach to solving technical challenges that are commonly faced by the community.
http://www.securityfocus.com/infocus/1849

2. Evolution of Web-based worms
By Daniel Hanson
The Myspace Web worm used a simple vulnerability and XSS to propagate, and it might be a sign of things to come.
http://www.securityfocus.com/columnists/362

3. The click-wrap conundrum
By Mark Rasch
With the rise of spyware, the fact that you didn't understand what you were doing by downloading and installing the software doesn't mean you weren't bound by the End User License Agreement (EULA). However, the FTC argues otherwise.
http://www.securityfocus.com/columnists/365


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. RARLAB WinRAR Command Line Processing Buffer Overflow Vulnerability
BugTraq ID: 15123
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15123
Summary:
A remote, client-side buffer overflow vulnerability has been reported in the command line processing of RARLAB WinRAR. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

2. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities
BugTraq ID: 15124
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15124
Summary:
The Opera Web browser is prone to multiple vulnerabilities that may result in a browser crash. These issues are exposed when the browser attempts to parse certain malformed HTML content. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.

3. IBM DB2 Universal Database Multiple Vulnerabilities
BugTraq ID: 15126
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15126
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities.

These issues may allow attackers to carry out denial of service attacks and other unauthorized actions.

These issues affect DB2 versions prior to 8 FixPak 10 also known as version 8.2 FixPak 3.

4. Microsoft Windows Unspecified Remote Code Execution Vulnerability
BugTraq ID: 15130
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15130
Summary:
Microsoft Windows is prone to an unspecified remote code execution vulnerability.

Reportedly, this vulnerability affects Windows Media Player and Internet Explorer, allowing a remote attacker to execute arbitrary code and potentially gain unauthorized access in the context of the user running an affected client. Due to a lack of information, further details cannot be described at the moment. This BID will be updated when more information becomes available.

5. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 15131
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15131
Summary:
Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

Due to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers.

Reportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks.

Snort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed.

6. Symantec Norton Antivirus For Macintosh DiskMountNotify Local Privilege Escalation Vulnerability
BugTraq ID: 15143
Remote: No
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15143
Summary:
Symantec Norton Antivirus for Macintosh is susceptible to a local privilege escalation vulnerability. This issue is due to a failure of the application to properly utilize the PATH environment variable in a setuid-superuser binary.

This vulnerability allows local attackers to gain superuser privileges, leading to complete compromise of the affected computer.

7. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
BugTraq ID: 15169
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15169
Summary:
phpMyAdmin is prone to a local file include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access. phpMyAdmin 2.6.4-pl2 and earlier versions are reported to be vulnerable.


8. phpBB Avatar Upload HTML Injection Vulnerability
BugTraq ID: 15170
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15170
Summary:
phpBB is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

This issue is only present when using the Microsoft Internet Explorer Web browser.


9. Skype Technologies Skype Networking Routine Heap Overflow Vulnerability
BugTraq ID: 15192
Remote: Yes
Date Published: 2005-10-25
Relevant URL: http://www.securityfocus.com/bid/15192
Summary:
Skype is prone to a heap overflow vulnerability in its networking routines. Successful exploitation could result in a denial of service and remote machine code execution in the context of the affected application.

The vendor reports that this vulnerability has not been reproduced to execute arbitrary code, but the reporter of this issue states that they have successfully created proof of concept exploits against the Microsoft Windows and Linux client applications.

This issue affects Skype for Windows 1.4.*.83 and earlier, Skype for Mac OS X 1.3.*.16 and earlier, Skype for Linux 1.2.*.17 and earlier, and Skype for Pocket PC 1.1.*.6 and earlier.


10. Belchior Foundry VCard Remote File Include Vulnerability
BugTraq ID: 15207
Remote: Yes
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15207
Summary:
vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.

11. Microsoft Internet Explorer Java Applet Denial of Service Vulnerability
BugTraq ID: 15208
Remote: Yes
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15208
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner. This issue only presents itself when the J2SE Java runtime environment is installed.

An attacker may exploit this issue by enticing a user to visit a malicious site resulting in a denial of service condition in the application. Microsoft Internet Explorer 6 SP2 is affected by this issue.

12. Jed Wing CHM Lib Stack Buffer Overflow Vulnerability
BugTraq ID: 15211
Remote: Yes
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15211
Summary:
CHM lib is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the library to properly bounds check input data prior to copying it into an insufficiently sized memory buffer.

This issue allows attackers to execute arbitrary machine code in the context of the application that utilizes the CHM lib library.

This issue is present in versions 0.36 and prior of the library.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. CFP: The First International Conference on Availability, Reliability and Security (AReS 2006), 20-22 April, 2006, Vienna, Austria
http://www.securityfocus.com/archive/88/414510

2. Change Password
http://www.securityfocus.com/archive/88/414507

3. Account Lockout Policy
http://www.securityfocus.com/archive/88/414529

4. security policy 'not specified' option
http://www.securityfocus.com/archive/88/413995

5. FW: Account Lockout Policy
http://www.securityfocus.com/archive/88/413993

6. Account Lockout Policy
http://www.securityfocus.com/archive/88/413952

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130





---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #262, Marc Fossi <=
Previous by Date:  RE: security policy 'not specified' option, Laura A. Robinson
Next by Date:  RE: security policy 'not specified' option, Derick Anderson
Previous by Thread:  CFP: The First International Conference on Availability, Reliability and Security (AReS 2006), 20-22 April, 2006, Vienna, Austria, Manh Tho
Next by Thread:  New List - Beta-Announce, Marc Fossi
Indexes:  [Date] [Thread] [Top] [All Lists]