Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #333

from [mfossi] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #333
Date: Wed, 14 Mar 2007 14:35:36 -0700 (MST) 
SecurityFocus Microsoft Newsletter #333
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

Hacking With Ajax- On demand Webcast
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Watch this FREE  SPI Dynamics webcast for tips 
on protecting your applications

https://download.spidynamics.com/1/ad/AJAXw.asp?Campaign_ID=70160000000CjtG


------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Blanket Discovery for Stolen Laptops
       2. Notes On Vista Forensics, Part One
II.  MICROSOFT VULNERABILITY SUMMARY
       1. Adobe JRun Unspecified Denial Of Service Vulnerability
       2. PHProjekt Arbitrary File Upload Vulnerability
       3. PHProjekt Multiple SQL Injection Vulnerabilities
       4. WarFTP Username Stack-Based Buffer-Overflow Vulnerability
       5. NewsBin Pro Long File Name Buffer Overflow Vulnerability
       6. Microsoft Windows WinMM.DLL WAV Files Remote Denial of Service 
Vulnerability
       7. News Reactor Long File Name Buffer Overflow Vulnerability
       8. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability
       9. PHP SNMPGet Function Local Buffer Overflow Vulnerability
       10. Snort Inline Fragmentation Denial of Service Vulnerability
       11. Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow 
Vulnerabilities
       12. Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service 
Vulnerability
       13. PHP MSSQL_Connect Local Buffer Overflow Vulnerability
       14. PHP WDDX_Deserialize Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of 
stolen laptops that use LoJack-style homing devices to announce their location, 
and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438

2. Notes On Vista Forensics, Part One
By Jamie Morris
This article, the first in a two-part series, takes a high level look at what 
we know now about those changes in Windows Vista which seem likely to have the 
most impact on computer forensic investigations, starting with the built-in 
encryption, backup, and system protection features.
http://www.securityfocus.com/infocus/1889


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Adobe JRun Unspecified Denial Of Service Vulnerability
BugTraq ID: 22958
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22958
Summary:
Adobe JRun is prone to a denial-of-service vulnerability. This issue occurs 
because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying 
service to legitimate to legitimate users.

This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6.

2. PHProjekt Arbitrary File Upload Vulnerability
BugTraq ID: 22956
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22956
Summary:
PHProjekt is prone to an arbitrary file-upload vulnerability.

Exploiting this issue could allow an attacker to upload and execute arbitrary 
script code in the context of the affected webserver process. This may help the 
attacker compromise the application; other attacks are possible.

Versions prior to 5.2.1 are vulnerable to this issue.

3. PHProjekt Multiple SQL Injection Vulnerabilities
BugTraq ID: 22955
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22955
Summary:
PHProjekt is prone to multiple SQL-injection vulnerabilities because the 
application failso properly sanitize user-supplied input before using it in an 
SQL query.

A successful exploit could allow an attacker to compromise the application, 
access or modify data, or exploit vulnerabilities in the underlying database 
implementation.

PHProjekt versions 5.2.0 and prior are vulnerable to these issues.

4. WarFTP Username Stack-Based Buffer-Overflow Vulnerability
BugTraq ID: 22944
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22944
Summary:
WarFTP is prone to a stack-based buffer-overflow vulnerability because it fails 
to properly check boundaries on user-supplied data before copying it to an 
insufficiently sized buffer.

Exploiting this issue could lead to denial-of-service conditions and to the 
execution of arbitrary machine code in the context of the application.

Version 1.65 is vulnerable; other versions may also be affected.

5. NewsBin Pro Long File Name Buffer Overflow Vulnerability
BugTraq ID: 22940
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22940
Summary:
NewsBin Pro is prone to a remote buffer-overflow because the application fails 
to bounds-check user-supplied data before copying it into an insufficiently 
sized buffer.

An attacker could exploit this issue to execute arbitrary code within the 
context of the affected application. Failed exploit attempts will result in a 
denial of service.

This issue affects version 4.32; other versions may also be affected.

6. Microsoft Windows WinMM.DLL WAV Files Remote Denial of Service Vulnerability
BugTraq ID: 22938
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22938
Summary:
Microsoft Windows is prone to a denial-of-service vulnerability.

A remote attacker may exploit this vulnerability by presenting a malicious WAV 
file to a victim user.

Successful exploits will result in excessive CPU consumption, effectively 
denying service.

Specific information regarding affected versions of Microsoft Windows is 
currently unavailable. This BID will be updated as more information is 
disclosed.

7. News Reactor Long File Name Buffer Overflow Vulnerability
BugTraq ID: 22936
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22936
Summary:
News Reactor is prone to a remote buffer-overflow because the application fails 
to bounds-check user-supplied data before copying it into an insufficiently 
sized buffer.

An attacker could exploit this issue to execute arbitrary code within the 
context of the affected application. Failed exploit attempts will result in a 
denial of service.

This issue affects version 20070220; other versions may also be affected.

8. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability
BugTraq ID: 22923
Remote: Yes
Date Published: 2007-03-12
Relevant URL: http://www.securityfocus.com/bid/22923
Summary:
D-Link TFTP is prone to a buffer-overflow vulnerability because the application 
fails to properly bounds-check user-supplied data before storing it in a 
finite-sized buffer.

An attacker can exploit this issue to cause the application to crash, denying 
further service to legitimate users. Due to the nature of this issue, the 
attacker may presumably be able to exploit it for remote code execution.

Version 1.0 is vulnerable; other versions may also be affected.

9. PHP SNMPGet Function Local Buffer Overflow Vulnerability
BugTraq ID: 22893
Remote: No
Date Published: 2007-03-09
Relevant URL: http://www.securityfocus.com/bid/22893
Summary:
PHP is prone to a local buffer-overflow vulnerability because the application 
fails to perform boundary checks before copying user-supplied data to 
insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the 
context of the affected webserver. Failed exploit attempts will likely crash 
the webserver, denying service to legitimate users.

PHP for Microsoft Windows versions 4.4.6 is vulnerable; other versions may also 
be affected.

10. Snort Inline Fragmentation Denial of Service Vulnerability
BugTraq ID: 22872
Remote: Yes
Date Published: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22872
Summary:
Snort is prone to a denial-of-service vulnerability because the network 
intrusion-detection (NID) system fails to handle specially crafted network 
packets.

 An attacker can exploit this issue to crash the application, allowing 
malicious network traffic to bypass the NID system.

This issue affects versions 2.6.1.1, 2.6.1.2, and 2.7.0(beta); other versions 
may also be affected.

NOTE: Reportedly, for this vulnerability to occur, Snort must be running Inline 
on Linux, with Frag3 enabled and ip_conntrack disabled.

11. Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow 
Vulnerabilities
BugTraq ID: 22852
Remote: Yes
Date Published: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22852
Summary:
Ipswitch IMail Server/Collaboration Suite is prone to multiple buffer-overflow 
vulnerabilities because the software fails to properly check boundaries on 
user-supplied data before copying it to an insufficiently sized buffer.

Successful attacks allow arbitrary code to run, facilitating the remote 
compromise of affected computers. Failed exploit attempts likely cause the 
application to crash.

Ipswitch Collaboration 2006 Suite Premium, IMail, and IMail Plus are vulnerable 
to these issues.

12. Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service 
Vulnerability
BugTraq ID: 22847
Remote: Yes
Date Published: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22847
Summary:
The Microsoft 'ole32.dll' library is prone to a denial-of-service 
vulnerability. The issue occurs when the library handles document ('.doc') 
files containing large size values. It is conjectured that the execution of 
arbitrary code may be possible.

Software that is linked to the ole32.dll versions that reside on Microsoft 
Windows 2000 SP4 FR and XP SP2 FR platforms are vulnerable; other versions 
might alsso be affected.

13. PHP MSSQL_Connect Local Buffer Overflow Vulnerability
BugTraq ID: 22832
Remote: No
Date Published: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22832
Summary:
PHP is prone to a local buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the 
context of the affected webserver. Failed exploit attempts will likely crash 
the webserver, denying service to legitimate users.

PHP for Microsoft Windows versions prior to 4.4.6 are vulnerable; other 
versions may also be affected.

14. PHP WDDX_Deserialize Buffer Overflow Vulnerability
BugTraq ID: 22804
Remote: Yes
Date Published: 2007-03-04
Relevant URL: http://www.securityfocus.com/bid/22804
Summary:
PHP is prone to a remotely exploitable buffer-overflow vulnerability because it 
fails to properly check boundaries when processing client-supplied WDDX packets.

An attacker can exploit this issue to execute malicious code.

NOTE: This issue affects only the latest CVS release of PHP. The vulnerable 
code has not been released as part of an official PHP release at this time.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

Hacking With Ajax- On demand Webcast
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Watch this FREE  SPI Dynamics webcast for tips 
on protecting your applications

https://download.spidynamics.com/1/ad/AJAXw.asp?Campaign_ID=70160000000CjtG


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #333, mfossi <=
Previous by Date:  RE: Prevent users/admin from installing softwares., Miha Pihler
Next by Date:  SecurityFocus Microsoft Newsletter #334, mfossi
Previous by Thread:  MBSA alternative?, Ali, Saqib
Next by Thread:  SecurityFocus Microsoft Newsletter #334, mfossi
Indexes:  [Date] [Thread] [Top] [All Lists]