Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #365

from [rkeith] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #365
Date: Thu, 25 Oct 2007 10:54:22 -0600 (MDT) 

SecurityFocus Microsoft Newsletter #365
----------------------------------------

This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!" - 
White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving 
them the ability to read, write and manipulate all data stored in your backend 
systems! Download this *FREE* white paper from SPI Dynamics for a complete 
guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D5K3


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying 
topics of interest for our community. We are proud to offer content from 
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
       1.Rebinding attacks unbound
       2.Aspect-Oriented Programming and Security
II.  MICROSOFT VULNERABILITY SUMMARY
       1. eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote 
Buffer Overflow Vulnerability
       2. IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow 
Vulnerabilities
       3. Mono System.Web StaticFileHandler.CS Source Code Information 
Disclosure Vulnerability
       4. SpeedFan Speedfan.sys Local Privilege Escalation Vulnerability
       5. Macrovision SafeDisc SecDRV.SYS Method_Neither Local Privilege 
Escalation Vulnerability
       6. Drupal Prior To 4.7.8 and 5.3 Multiple Remote Vulnerabilities
       7. Nortel Networks UNIStim IP Softphone RTCP Port Buffer Overflow 
Vulnerability
       8. Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability
       9. WWWISIS IsisScript Local File Disclosure Vulnerability
       10. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
       11. Microsoft ActiveSync Weak Password Obfuscation Information 
Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter #364
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1.Rebinding attacks unbound
By Federico Biancuzzi
DNS rebinding was discovered in 1996 and affected the Java Virtual Machine 
(VM). Recently a group of researchers at Stanford found out that this 
vulnerability is still present in browsers and that the common solution, known 
as DNS pinning, is not effective anymore.
http://www.securityfocus.com/columnists/455

2.Aspect-Oriented Programming
By Rohit Sethi
Aspect-oriented programming (AOP) is a paradigm that is quickly gaining 
traction in the development world. At least partially spurred by the popularity 
of the Java Spring framework [1], people are beginning to understand the 
substantial benefits that AOP brings to development.
http://www.securityfocus.com/infocus/1895


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer 
Overflow Vulnerability
BugTraq ID: 26189
Remote: Yes
Date Published: 2007-10-24
Relevant URL: http://www.securityfocus.com/bid/26189
Summary:
The application is prone to a remote buffer-overflow vulnerability because it 
fails to properly bounds-check user-supplied data before copying it into an 
insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary code in the 
context of the affected application. Failed exploit attempts will likely result 
in denial-of-service conditions.

This issue affects Enterprise Security Analyzer 2.5; other versions may also be 
vulnerable.

2. IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26175
Remote: Yes
Date Published: 2007-10-23
Relevant URL: http://www.securityfocus.com/bid/26175
Summary:
IBM Lotus Notes is prone to multiple buffer-overflow vulnerabilities.

Successfully exploiting these issues could allow an attacker to execute 
arbitrary code in the context of the user running the application.

Lotus Notes 7.0.2 is prone to these issues; other versions may also be 
vulnerable.

3. Mono System.Web StaticFileHandler.CS Source Code Information Disclosure 
Vulnerability
BugTraq ID: 26166
Remote: Yes
Date Published: 2007-10-22
Relevant URL: http://www.securityfocus.com/bid/26166
Summary:
Mono is prone to a vulnerability that lets attackers access source code because 
it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the 
vulnerable system in the context of the webserver process. Information obtained 
may aid in further attacks.

This issue affects versions prior to Mono 1.2.5.2 running on Windows platforms.

4. SpeedFan Speedfan.sys Local Privilege Escalation Vulnerability
BugTraq ID: 26123
Remote: No
Date Published: 2007-10-18
Relevant URL: http://www.securityfocus.com/bid/26123
Summary:
SpeedFan is prone to a local privilege-escalation vulnerability.

An attacker could exploit this issue to execute arbitrary machine code with 
SYSTEM-level privileges. Successfully exploiting this issue will result in the 
complete compromise of affected computers.

5. Macrovision SafeDisc SecDRV.SYS Method_Neither Local Privilege Escalation 
Vulnerability
BugTraq ID: 26121
Remote: No
Date Published: 2007-10-18
Relevant URL: http://www.securityfocus.com/bid/26121
Summary:
Macrovision SafeDisc is prone to a local privilege-escalation vulnerability 
because it fails to adequately sanitize user-supplied input.

This vulnerability allows local attackers to execute arbitrary malicious code 
with SYSTEM-level privileges, facilitating the complete compromise of affected 
computers.

6. Drupal Prior To 4.7.8 and 5.3 Multiple Remote Vulnerabilities
BugTraq ID: 26119
Remote: Yes
Date Published: 2007-10-18
Relevant URL: http://www.securityfocus.com/bid/26119
Summary:
Drupal is prone to multiple remote vulnerabilities:

- A cross-site request-forgery vulnerability.
- An HTTP response-splitting vulnerability.
- An HTML-injection vulnerability.
- A vulnerability that may allow an attacker to mail unpublished comments.
- An arbitrary-code-execution vulnerability.

An attacker may exploit these vulnerabilities to:

- Influence or misrepresent how web content is served, cached, or interpreted.
- Execute arbitrary code within the context of the webserver process.
- Steal cookie-based authentication credentials, allowing the attacker to 
launch other attacks.

7. Nortel Networks UNIStim IP Softphone RTCP Port Buffer Overflow Vulnerability
BugTraq ID: 26118
Remote: Yes
Date Published: 2007-10-18
Relevant URL: http://www.securityfocus.com/bid/26118
Summary:
Nortel Networks UNIStim IP Softphone is prone to a buffer-overflow 
vulnerability because the application fails to properly bounds-check 
user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the  
context of the affected application. Failed exploit attempts will result  in a 
denial-of-service condition.

8. Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability
BugTraq ID: 26091
Remote: Yes
Date Published: 2007-10-17
Relevant URL: http://www.securityfocus.com/bid/26091
Summary:
Microsoft Windows Mobile is prone to a vulnerability that can result in the 
obfuscation of an SMS message source.

Attackers can exploit this issue to anonymously send malicious messages to 
affected devices.

Microsoft Windows Mobile 5 PocketPC is vulnerable; other versions may also be 
affected.

9. WWWISIS IsisScript Local File Disclosure Vulnerability
BugTraq ID: 26079
Remote: Yes
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26079
Summary:
WWWISIS is prone to a vulnerability that allows remote attackers to display the 
contents of arbitrary local files in the context of the webserver process.

An attacker may be able to exploit this issue to retrieve potentially sensitive 
information that may aid in further attacks.

This issue affects WWWISIS 7.1; other versions may also be vulnerable.

10. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
BugTraq ID: 26076
Remote: Yes
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26076
Summary:
Novell SUSE Linux Enterprise Server is prone to a denial-of-service 
vulnerability becuase it fails to adequately handle certain GSS-TSIG requests 
that require the 'libgssapi' library.

Attackers can exploit this issue to cause denial-of-service conditions.

Versions prior to 'libgssapi' 0.6-13.17 as found in Enterprise Server 10 SP1 
are vulnerable.

11. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure 
Vulnerability
BugTraq ID: 25976
Remote: No
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25976
Summary:
Microsoft ActiveSync is prone to an information-disclosure vulnerability 
because it fails to adequately obfuscate sensitive information.

Attackers can exploit this issue to gain PIN or password data for devices 
docked via USB.

Software that uses ActiveSync 4.1 is vulnerable; other versions may also be 
affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #364
http://www.securityfocus.com/archive/88/482537

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!" - 
White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving 
them the ability to read, write and manipulate all data stored in your backend 
systems! Download this *FREE* white paper from SPI Dynamics for a complete 
guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D5K3


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #365, rkeith <=
Previous by Date:  SecurityFocus Microsoft Newsletter #364, rkeith
Next by Date:  SecurityFocus Microsoft Newsletter #366, rkeith
Previous by Thread:  SecurityFocus Microsoft Newsletter #364, rkeith
Next by Thread:  SecurityFocus Microsoft Newsletter #366, rkeith
Indexes:  [Date] [Thread] [Top] [All Lists]