Network Security: Detailed info on SecurityFocus Microsoft Newsletter #339

Subject:	SecurityFocus Microsoft Newsletter #339
Date:	Wed, 25 Apr 2007 14:40:05 -0600 (MDT)


SecurityFocus Microsoft Newsletter #339
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box 
giving
hackers complete access to all your backend systems! Firewalls and IDS will not 
stop
such attacks because SQL Injections are NOT seen as intruders. Download this 
*FREE*
white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8O


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying 
topics of interest for our community. We are proud to offer content from 
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Online Impersonations: No Validation Required
       2. 0wning Vista from the boot
II.  MICROSOFT VULNERABILITY SUMMARY
       1. Cdelia Software ImageProcessing Malformed BMP File Denial of Service 
Vulnerability
       2. Nullsoft Winamp PLS File Remote Denial of Service Vulnerability
       3. Apple Quicktime Unspecified Java Handling Arbitrary Code Execution 
Vulnerability
       4. Sendmail Unspecified Denial Of Service Vulnerability
       5. OpenSSH S/Key Remote Information Disclosure Vulnerability
       6. WSFTP Null Pointer Dereference Remote Denial of Service Vulnerability
       7. Check Point Zone Alarm  Srescan.SYS Multiple Local Privilege 
Escalation Vulnerabilities
       8. Foxit Reader Malformed PDF File Denial of Service Vulnerability
       9. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie
       10. Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability
       11. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
       12. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow 
Vulnerability
       13. Novell SecureLogin Security Bypass And Privilege Escalation 
Vulnerability
       14. NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities
       15. Oracle April 2007 Security Update Multiple Vulnerabilities
       16. NetSprint Toolbar ActiveX Denial of Service Vulnerability
       17. MiniShare Multiple Request Handling Remote Denial of Service 
Vulnerability
       18. SSH Tectia Server IBM z/OS Local Privilege Escalation Vulnerability
       19. FileZilla Multiple Unspecified Format String Vulnerabilities
       20. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
       21. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter #338
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Online Impersonations: No Validation Required
By Dr. Neal Krawetz
It is said that imitation is the sincerest form of flattery. Unfortunately, 
online social networks provide no method for distinguishing an impersonation 
from the real thing. While your online words and actions may circulate for 
years, so do those of an impersonator.
http://www.securityfocus.com/columnists/441

2. 0wning Vista from the boot
By Federico Biancuzzi
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that 
is able to load from Windows Vista boot-sectors. They discuss the "features" of 
their code, the support of the various versions of Vista, the possibility to place it 
inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's 
product activation or avoid DRM.
http://www.securityfocus.com/columnists/442


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Cdelia Software ImageProcessing Malformed BMP File Denial of Service 
Vulnerability
BugTraq ID: 23629
Remote: Yes
Date Published: 2007-04-24
Relevant URL: http://www.securityfocus.com/bid/23629
Summary:
Cdelia Software ImageProcessing is prone to a denial-of-service vulnerability 
because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying 
service to legitimate users.

2. Nullsoft Winamp PLS File Remote Denial of Service Vulnerability
BugTraq ID: 23627
Remote: Yes
Date Published: 2007-04-24
Relevant URL: http://www.securityfocus.com/bid/23627
Summary:
Nullsoft Winamp is prone to a denial-of-service vulnerability when processing 
malformed PLS files.

Successfully exploiting this issue allows remote attackers to crash affected 
applications.

This issue is reported to affect Winamp 5.33; other versions may also be 
affected.

3. Apple Quicktime Unspecified Java Handling Arbitrary Code Execution 
Vulnerability
BugTraq ID: 23608
Remote: Yes
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23608
Summary:
QuickTime is prone to a vulnerability that may aid in the remote compromise of 
a vulnerable computer.

The issue occurs when a Java-enabled browser is used to view a malicious 
website. QuickTime must also be installed. Few details are currently available 
regarding this issue. This BID will be updated as more information emerges.

  This issue is exploitable through both Safari and Mozilla Firefox running on 
Mac OS X. Reports indicate that Firefox on Microsoft Windows platforms may also 
be an exploit vector.

4. Sendmail Unspecified Denial Of Service Vulnerability
BugTraq ID: 23606
Remote: Yes
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23606
Summary:
Sendmail is prone to a denial-of-service vulnerability.

No further information is available at the moment.

An attacker can exploit this issue to crash the affected application, denying 
service to legitimate users.

Insufficient information is currently available to determine whether this is 
only an HP-specific issue. This BID will be updated as soon as more information 
emerges.

This issue may have already been disclosed in a previous BID, but not enougyh 
information is available for a proper correlation at this time. This BID may be 
retired as more information emerges.

5. OpenSSH S/Key Remote Information Disclosure Vulnerability
BugTraq ID: 23601
Remote: Yes
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23601
Summary:
OpenSSH contains an information-disclosure vulnerability when S/Key 
authentication is enabled. This issue occurs because the application fails to 
properly obscure the existence of valid usernames in authentication attempts.

Exploiting this vulnerability allows remote users to test for the existence of 
valid usernames. Knowledge of system users may aid in further attacks.

6. WSFTP Null Pointer Dereference Remote Denial of Service Vulnerability
BugTraq ID: 23584
Remote: Yes
Date Published: 2007-04-21
Relevant URL: http://www.securityfocus.com/bid/23584
Summary:
WSFTP is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, denying 
further service to legitimate users.

7. Check Point Zone Alarm  Srescan.SYS Multiple Local Privilege Escalation 
Vulnerabilities
BugTraq ID: 23579
Remote: No
Date Published: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23579
Summary:
Check Point ZoneAlarm is prone to multiple local privilege-escalation 
vulnerabilities.

On a default installation, only certain restricted accounts can access the 
vulnerable sections of the application.

An attacker can exploit these issues to execute arbitrary code with 
SYSTEM-level privileges. A successful exploit will result in the complete 
compromise of affected computers. Failed exploit attempts will result in a 
denial-of-service condition.

 Check Point ZoneAlarm versions using ZoneAlarm Spyware Removal Engine (SRE) 
versions prior to 5.0.156.0 are vulnerable to this issue; other products using 
the vulnerable engine are reported vulnerable.

8. Foxit Reader Malformed PDF File Denial of Service Vulnerability
BugTraq ID: 23576
Remote: Yes
Date Published: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23576
Summary:
Foxit Reader is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying 
service to legitimate users.

This issue affects Foxit Reader 2.0; other versions may also be affected.

9. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie
BugTraq ID: 23570
Remote: Yes
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23570
Summary:
RaidenFTPD is prone to multiple remote denial-of-service vulnerabilities 
because the application fails to properly handle user-supplied input.

Exploiting these issues allows remote attackers to crash the application, 
denying further service to legitimate users.

These issues affect RaidenFTPD 2.4; other versions may also be vulnerable.

10. Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability
BugTraq ID: 23568
Remote: Yes
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23568
Summary:
Nullsoft Winamp is prone to a denial-of-service vulnerability when processing 
malformed MIDI files.

Successfully exploiting this issue allows remote attackers to crash affected 
applications. Code execution may also be possible, but this has not been 
confirmed.

This issue is reported to affect Winamp 5.3; other versions may also be 
affected.

11. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
BugTraq ID: 23566
Remote: No
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23566
Summary:
OpenAFS for Microsoft Windows is prone to a local denial-of-service 
vulnerability because the application fails to properly handle unexpected 
conditions.

Successfully exploiting this issue allows local attackers to trigger computer 
crashes. These crashes will occur every time Windows tries to start, creating a 
prolonged denial-of-service condition.

Versions of OpenAFS prior to 1.5.19 running on Windows are vulnerable.

Note that this issue is present only if MIT Kerberos for Windows is also 
installed on vulnerable computers.

12. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
BugTraq ID: 23556
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23556
Summary:
Novell Groupwise WebAccess is prone to a remote buffer-overflow vulnerability 
because the application fails to bounds-check user-supplied data before copying 
it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context 
of the affected application. Failed exploit attempts will result in a 
denial-of-service condition.

13. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability
BugTraq ID: 23547
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23547
Summary:
Novell SecureLogin is prone to a vulnerability that allows attackers to bypass 
security restrictions as well as a vulnerability that may allow attackers to 
gain elevated privileges on the affected computer.

These issues affect Novell Access Management Server 3 IR1.

14. NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities
BugTraq ID: 23535
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23535
Summary:
NetSprint Ask IE Toolbar ActiveX control is prone to multiple denial-of-service 
vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that 
employ the vulnerable controls (typically Microsoft Internet Explorer). 
Attackers may potentially exploit these issues to execute code, but this has 
not been confirmed.

NetSprint Ask IE Toolbar 1.1 is vulnerable; other versions may also be affected.

15. Oracle April 2007 Security Update Multiple Vulnerabilities
BugTraq ID: 23532
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23532
Summary:
Oracle has released a Critical Patch Update advisory for April 2007 to address 
these vulnerabilities for supported releases. Earlier unsupported releases are 
likely to be affected by these issues as well.

The issues identified by the vendor affect all security properties of the 
Oracle products and present local and remote threats. Various levels of 
authorization are needed to leverage some of the issues, but other issues do 
not require any authorization. The most severe of the vulnerabilities could 
possibly expose affected computers to complete compromise.

16. NetSprint Toolbar ActiveX Denial of Service Vulnerability
BugTraq ID: 23530
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23530
Summary:
NetSprint Toolbar ActiveX control is prone to a denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash applications that employ 
the vulnerable controls (typically Microsoft Internet Explorer). Attackers may 
potentially be able to exploit this issue to execute code, but this has not 
been confirmed.

NetSprint Toolbar ActiveX Control 1.1 is vulnerable to this issue; other 
versions may also be vulnerable.

17. MiniShare Multiple Request Handling Remote Denial of Service Vulnerability
BugTraq ID: 23517
Remote: Yes
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23517
Summary:
MiniShare is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the server application, 
denying further service to legitimate users.

18. SSH Tectia Server IBM z/OS Local Privilege Escalation Vulnerability
BugTraq ID: 23508
Remote: No
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23508
Summary:
SSH Tectia server for IBM z/OS is prone to a local privilege-escalation 
vulnerability.

A local attacker may exploit this issue to gain certain elevated privileges on 
a vulnerable computer and launch further attacks. Successful exploits may 
facilitate a compromise of vulnerable computers.

This issue affects versions prior to 5.4.0.

19. FileZilla Multiple Unspecified Format String Vulnerabilities
BugTraq ID: 23506
Remote: Yes
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23506
Summary:
FileZilla is prone to multiple unspecified format-string vulnerabilities 
because it fails to properly sanitize user-supplied input before passing it as 
the format specifier to a formatted-printing function.

An attacker can exploit these issues to execute arbitrary code within the 
context of the affected application, denying service to legitimate users.

These issues affect versions prior to 2.2.32.

20. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
BugTraq ID: 23494
Remote: No
Date Published: 2007-04-15
Relevant URL: http://www.securityfocus.com/bid/23494
Summary:
ZoneAlarm is prone to a local denial-of-service vulnerability.

This issue occurs when attackers supply invalid argument values to the 
'vsdatant.sys' driver.

A local attacker may exploit this issue to crash affected computers, denying 
service to legitimate users.

ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other 
versions may be affected as well.

21. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying 
vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #338
http://www.securityfocus.com/archive/88/466639

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box 
giving
hackers complete access to all your backend systems! Firewalls and IDS will not 
stop
such attacks because SQL Injections are NOT seen as intruders. Download this 
*FREE*
white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8O

<Prev in Thread]	Current Thread	[Next in Thread>
SecurityFocus Microsoft Newsletter #339, rkeith <=

Previous by Date:	SecurityFocus Microsoft Newsletter #338, rkeith
Next by Date:	Restrict Windows login to certain IPs/hosts for certain domain accounts?, christopher
Previous by Thread:	SecurityFocus Microsoft Newsletter #338, rkeith
Next by Thread:	Restrict Windows login to certain IPs/hosts for certain domain accounts?, christopher
Indexes:	[Date] [Thread] [Top] [All Lists]