Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #348

from [rkeith] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #348
Date: Thu, 28 Jun 2007 06:20:31 -0600 (MDT) 

SecurityFocus Microsoft Newsletter #348
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise 
confidential information, steal cookies and create requests that can be 
mistaken for those of a valid user!! Download this *FREE* white paper from SPI 
Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying 
topics of interest for our community. We are proud to offer content from 
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Don't Be Evil
       2. Persistence of data on storage media
II.  MICROSOFT VULNERABILITY SUMMARY
       1. CA BrightStor ARCserve Backup Server Unspecified Remote Code 
Execution Vulnerability
       2. Conti FTP Server Large String Denial of Service Vulnerability
       3. Wireshark Multiple Protocol Denial of Service Vulnerabilities
       4. Avax Vector AvaxSWF.DLL ActiveX Control Arbitrary File Overwrite 
Vulnerability
       5. GD Graphics Library Multiple Vulnerabilities
       6. LiteWEB Web Server Invalid Page Remote Denial of Service Vulnerability
       7. Key Focus Web Server Index.WKF Cross-Site Scripting Vulnerability
       8. Apple Safari for Windows Bookmark Title Buffer Overflow Vulnerability
       9. Access2ASP Multiple Cross Site Scripting Vulnerabilities
       10. Lhaca File Archiver Unspecified Stack Buffer Overflow Vulnerability
       11. Ingress Database Server Multiple Remote Vulnerabilities
       12. HTTP Server Request Handling Remote Denial Of Service Vulenrability
       13. BugHunter HTTP Server Parse Error Information Disclosure 
Vulnerability
       14. Comersus Cart Multiple Input Validation Vulnerabilities
       15. Avaya 4602SW IP Phone Security Bypass Vulnerability
       16. AGEPhone SIP Soft Phone Malformed Delimiter Denial of Service 
Vulnerability
       17. Avaya One-X Desktop Edition SIP Header Denial Of Service 
Vulnerability
       18. AGEPhone SIP Soft Phone Message Parsing Denial of Service 
Vulnerability
       19. Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing 
Vulnerability
       20. Nortel Networks PC Client Soft Phone SIP Message Parsing Module 
Denial of Service Vulnerability
       21. RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer 
Overflow Vulnerabilities
       22. AOL Instant Messenger SIP Invite Message Denial of Service 
Vulnerability
       23. Nortel Networks PC Client Soft Phone Message Parsing Module Buffer 
Overflow Vulnerability
       24. Avaya One-X Desktop Edition Phone SIP Remote  Buffer Overflow 
Vulnerability
       25. Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap 
Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Don't Be Evil
By Mark Rasch
A series of developments raise the specter that remotely stored or created 
documents may be subject to subpoena or discovery all without the knowledge or 
consent of the document's creators.
http://www.securityfocus.com/columnists/447

2. Persistence of data on storage media
By Jamie Ridden
Jamie Ridden discusses the re-use of storage media and how slack space can 
prevent sensitive data from being completely removed.
http://www.securityfocus.com/infocus/1891


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. CA BrightStor ARCserve Backup Server Unspecified Remote Code Execution 
Vulnerability
BugTraq ID: 24680
Remote: Yes
Date Published: 2007-06-27
Relevant URL: http://www.securityfocus.com/bid/24680
Summary:
Computer Associates BrightStor ARCserve Backup is prone to a remote 
code-execution vulnerability.

Currently, very few details are available regarding this issue.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level 
privileges.

Version 11.5 SP3 for Microsoft Windows is reported vulnerable; other  versions 
may also be affected.

2. Conti FTP Server Large String Denial of Service Vulnerability
BugTraq ID: 24672
Remote: Yes
Date Published: 2007-06-27
Relevant URL: http://www.securityfocus.com/bid/24672
Summary:
The Conti FTP Server is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to deny service to 
legitimate users of the application.

3. Wireshark Multiple Protocol Denial of Service Vulnerabilities
BugTraq ID: 24662
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24662
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may permit attackers to cause crashes and deny service 
to legitimate users of the application.

Wireshark versions prior to 0.99.6 are affected.

4. Avax Vector AvaxSWF.DLL ActiveX Control Arbitrary File Overwrite 
Vulnerability
BugTraq ID: 24659
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24659
Summary:
The Avax Vector ActiveX control is prone to a vulnerability that could permit 
an attacker to overwrite arbitrary files.

The attacker can exploit this issue to overwrite arbitrary files on the 
victim's computer in the context of the vulnerable application using the 
ActiveX control (typically Internet Explorer).

Avax Vector ActiveX v.1.3 is vulnerable.

5. GD Graphics Library Multiple Vulnerabilities
BugTraq ID: 24651
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24651
Summary:
The GD graphics library is prone to multiple vulnerabilities.

An attacker can exploit this issue to cause denial-of-service conditions or 
execute arbitrary code in the context of applications implementing the affected 
library.

Version prior to GD graphics library 2.0.35 are reported vulnerable.

6. LiteWEB Web Server Invalid Page Remote Denial of Service Vulnerability
BugTraq ID: 24628
Remote: Yes
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24628
Summary:
LiteWeb webserver is prone to a remote denial-of-service vulnerability because 
the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying 
further service to legitimate users.

This issue affects LiteWeb 2.7; other versions may also be vulnerable.

7. Key Focus Web Server Index.WKF Cross-Site Scripting Vulnerability
BugTraq ID: 24623
Remote: Yes
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24623
Summary:
Key Focus Web Server is prone to a cross-site scripting vulnerability because 
the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the 
browser of an unsuspecting user in the context of the affected site. This may 
allow the attacker to steal cookie-based authentication credentials and to 
launch other attacks.

This issue affects Key Focus Web Server 3.1.0; other versions may also be 
affected.

8. Apple Safari for Windows Bookmark Title Buffer Overflow Vulnerability
BugTraq ID: 24619
Remote: Yes
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24619
Summary:
Safari for Windows is prone to a buffer-overflow vulnerability. This issue is 
triggered when an attacker entices a victim to bookmark a maliciously crafted 
site.

A remote attacker may exploit this issue to execute arbitrary machine code in 
the context of the affected application. Failed exploit attempts will result in 
denial-of-service conditions.

9. Access2ASP Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 24610
Remote: Yes
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24610
Summary:
The 'access2asp' program is prone to multiple cross-site scripting 
vulnerabilities because the application fails to sufficiently sanitize 
user-supplied input.

An attacker can exploit these issues to steal cookie-based authentication 
credentials and launch other attacks.

This issue affects access2asp 4.5 and prior versions.

10. Lhaca File Archiver Unspecified Stack Buffer Overflow Vulnerability
BugTraq ID: 24604
Remote: Yes
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24604
Summary:
Lhaca file archiver is prone to an unspecified stack-based buffer-overflow 
vulnerability. The application fails to properly decompress malicious LZH 
archive files.

An attacker can exploit this issue to crash the application and execute 
arbitrary code within the context of the affected application.

Lhaca 1.20 is vulnerable to this issue; other versions may also be affected.

11. Ingress Database Server Multiple Remote Vulnerabilities
BugTraq ID: 24585
Remote: Yes
Date Published: 2007-06-21
Relevant URL: http://www.securityfocus.com/bid/24585
Summary:
Ingress Database Server included in CA eTrust Secure Content Manager is prone 
to multiple remote vulnerabilities, including multiple stack- and heap-based 
buffer-overflow issues, multiple pointer-overwrite issues, and an 
arbitrary-file-overwrite issue.

Successful exploits will allow attackers to completely compromise affected 
computers, including executing arbitrary code with SYSTEM-level privileges and 
truncating the 'alarkp.def' file.

12. HTTP Server Request Handling Remote Denial Of Service Vulenrability
BugTraq ID: 24576
Remote: Yes
Date Published: 2007-06-21
Relevant URL: http://www.securityfocus.com/bid/24576
Summary:
HTTP Server is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the server, denying access to 
legitimate users.

HTTP Server 1.6.2 is vulnerable; other versions may also be affected.

13. BugHunter HTTP Server Parse Error Information Disclosure Vulnerability
BugTraq ID: 24566
Remote: Yes
Date Published: 2007-06-20
Relevant URL: http://www.securityfocus.com/bid/24566
Summary:
BugHunter HTTP Server is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information. 
Information obtained may lead to further attacks.

This issue affects HTTP Server 1.6.2; other versions may also be affected.

14. Comersus Cart Multiple Input Validation Vulnerabilities
BugTraq ID: 24562
Remote: Yes
Date Published: 2007-06-20
Relevant URL: http://www.securityfocus.com/bid/24562
Summary:
Comersus Cart is affected by multiple input validation vulnerabilities.

A successful exploit could allow an attacker to compromise the application, 
access or modify data, or exploit vulnerabilities in the underlying database.

The attacker may also leverage this issue to execute arbitrary code in the 
browser of an unsuspecting user in the context of the affected site. This may 
help the attacker steal cookie-based authentication credentials and launch 
other attacks.

Comersus Cart 7.0.7 is vulnerable; other versions may also be affected.

15. Avaya 4602SW IP Phone Security Bypass Vulnerability
BugTraq ID: 24544
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24544
Summary:
The Avaya 4602SW IP phone is prone to a security-bypass vulnerability because 
it accepts SIP requests from random source IP addresses.

An attacker can exploit this issue to bypass security restrictions and then 
transmit malicious messages to the device.

This issue affects the Avaya 4602SW IP Phone (Model 4602D02A).

16. AGEPhone SIP Soft Phone Malformed Delimiter Denial of Service Vulnerability
BugTraq ID: 24543
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24543
Summary:
AGEphone SIP softphone is prone to a remote denial-of-service vulnerability, 
because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to crash the affected 
application, denying further service to legitimate users.

This issue affects AGEphone 1.41.2 running on HTC HyTN wireless smartphone 
using Windows Mobile 5 PPC. Other versions may also be affected.

17. Avaya One-X Desktop Edition SIP Header Denial Of Service Vulnerability
BugTraq ID: 24541
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24541
Summary:
Avaya one-X Desktop Edition phone is prone to a remote denial-of-service 
vulnerability.

An attacker can exploit this issue to crash the phone, denying service to 
legitimate users.

Avaya one-X Desktop Edition 2.1.0.70 and prior versions are vulnerable.

18. AGEPhone SIP Soft Phone Message Parsing Denial of Service Vulnerability
BugTraq ID: 24540
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24540
Summary:
AGEphone SIP softphone is prone to a remote denial-of-service vulnerability, 
because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to disconnect currently active 
calls or crash the device's operating system.

This issue affects AGEphone 1.41.2 running on HTC HyTN wireless smartphone 
using Windows Mobile 5 PPC. Other versions may also be affected.

19. Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing 
Vulnerability
BugTraq ID: 24539
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24539
Summary:
The  Avaya 4602SW SIP Phone and SIP call server is prone to an 
authentication-spoofing vulnerability.

 This allows an attacker to impersonate a SIP call server, compromising the 
confidentiality of a victim's phone conversations.

20. Nortel Networks PC Client Soft Phone SIP Message Parsing Module Denial of 
Service Vulnerability
BugTraq ID: 24536
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24536
Summary:
Nortel Networks PC Client soft phone is prone to a remote denial-of-service 
vulnerability because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to crash the affected 
application, denying further service to legitimate users.

21. RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer Overflow 
Vulnerabilities
BugTraq ID: 24534
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24534
Summary:
The RealNetworks GameHouse 'dldisplay' ActiveX Control is prone to multiple 
buffer-overflow vulnerability because the application fails to bounds-check 
user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting these issues allows remote attackers to execute 
arbitrary code in the context of the application using the GameHouse 
application. Failed exploit attempts will likely result in denial-of-service 
conditions.

An attacker may exploit these issues by enticing victims into visiting a 
maliciously crafted webpage.

22. AOL Instant Messenger SIP Invite Message Denial of Service Vulnerability
BugTraq ID: 24533
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24533
Summary:
AOL Instant Messenger is prone to a denial-of-service vulnerability because the 
application fails to handle specially crafted SIP messages.

An attacker can exploit this issue to crash the affected application, denying 
service to legitimate users.

This issue affects AOL Instant Messenger 6.1.32.1; prior versions may also be 
affected.

23. Nortel Networks PC Client Soft Phone Message Parsing Module Buffer Overflow 
Vulnerability
BugTraq ID: 24531
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24531
Summary:
Nortel Networks PC Client soft phone is prone to a buffer-overflow 
vulnerability because the application fails to properly bounds-check 
user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits can allow remote attackers to execute arbitrary machine 
code in the context of the affected application. Failed exploit attempts will 
likely result in denial-of-service conditions.

24. Avaya One-X Desktop Edition Phone SIP Remote  Buffer Overflow Vulnerability
BugTraq ID: 24530
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24530
Summary:
Avaya one-X Desktop Edition phone is prone to a remote buffer-overflow 
vulnerability because it fails to perform adequate boundary checks on 
user-supplied input.

An attacker can exploit this issue to disable the call-receiving functionality 
of affected phones.

Avaya one-X Desktop Edition 2.1.0.70 and prior versions are vulnerable.

25. Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer 
Overflow Vulnerability
BugTraq ID: 24523
Remote: Yes
Date Published: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24523
Summary:
Trillian is prone to a heap-based buffer-overflow vulnerability because the 
application fails to bounds-check user-supplied data before copying it into an 
insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with the 
privileges of the currently logged-in user. Failed exploit attempts will result 
in a denial of service.

This issue affects Trillian 3.1.5.1; prior versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise 
confidential information, steal cookies and create requests that can be 
mistaken for those of a valid user!! Download this *FREE* white paper from SPI 
Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #348, rkeith <=
Previous by Date:  SecurityFocus Microsoft Newsletter #347, rkeith
Previous by Thread:  SecurityFocus Microsoft Newsletter #347, rkeith
Indexes:  [Date] [Thread] [Top] [All Lists]