List Info

Thread: SecurityFocus Microsoft Newsletter #310
SecurityFocus Microsoft Newsletter #310
user name
 2006-09-27 16:12:54 
SecurityFocus Microsoft Newsletter #310
----------------------------------------

This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection
Attack Step-by-Step"!" - 
White Paper Blind SQL Injection can deliver total control of
your server to a 
hacker giving them the ability to read, write and manipulate
all data stored in 
your backend systems! Download this *FREE* white paper from
SPI Dynamics for a 
complete guide to protection! 
https://download.spidynamics.com/1/ad/b
sq.asp?Campaign_ID=70160000000CbYU

------------------------------------------------------------
------
I.   FRONT AND CENTER
       1. Liar, Liar, and pretexting
       2. Beginner's guide to wireless auditing
II.  MICROSOFT VULNERABILITY SUMMARY
       1. OpenSSH Duplicated Block Remote Denial of Service
Vulnerability
       2. CPanel Unspecified Remote Privilege Escalation
Vulnerability
       3. Apple QuickTime Plug-In Arbitrary Script Execution
Weakness
       4. ProSysInfo TFTPDWIN Remote Buffer Overflow
Vulnerability
       5. RSSReader RSS Feeds Atom Feed Multiple HTML
Injection Vulnerabilities
       6. SharpReader Atom Feed Script HTML Injection
Vulnerability
       7. Ipswitch WS_FTP PASV Response Remote Buffer
Overflow Vulnerability
       8. NewsGator FeedDemon Active Script Code-Execution
Vulnerability
       9. Microsoft Internet Explorer Vector Markup Language
Buffer Overflow 
Vulnerability
       10. MailEnable SMTP SPF Remote Denial of Service
Vulnerability
       11. Retired: Microsoft PowerPoint Remote Code
Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter #309
       2. Microsoft Security Clamp
       3. Storing Images in SQL Server (2005)
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Liar, Liar, and pretexting
By Mark Rasch
Mark Rasch details the legality of pretexting by putting it
in context with how 
it used, comparing it with legal forms of lying, and by
looking at previous 
court cases involving pretexting in the United States.
Hewlett Packard's use of 
pretexting also brings up potential charges of criminal
fraud, violations of 
consumer protection laws, issues of deception, and the use
of spyware. Together 
these issues make for a very interesting legal situation at
HP.
http://ww
w.securityfocus.com/columnists/417

2. Beginner's guide to wireless auditing
By David Maynor
This article is designed as a beginner's guide to fuzzing
wireless device 
drivers, starting with how to build an auditing environment,
how to construct 
fuzzing tools and finally, how to interpret the results.
This auditing 
environment can be used for WiFi as well as Bluetooth and
infrared devices.
http://www.
securityfocus.com/infocus/1877


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. OpenSSH Duplicated Block Remote Denial of Service
Vulnerability
BugTraq ID: 20216
Remote: Yes
Date Published: 2006-09-26
Relevant URL: http://www.sec
urityfocus.com/bid/20216
Summary:
OpenSSH is susceptible to a remote denial-of-service
vulnerability. This issue 
is due to a failure of the application to properly handle
incoming duplicate 
blocks.

This issue may be exploited by remote attackers to consume
excessive CPU 
resources, potentially denying service to legitimate users.

This issue only occurs when OpenSSH is configured to accept
SSH version one 
traffic.

2. CPanel Unspecified Remote Privilege Escalation
Vulnerability
BugTraq ID: 20163
Remote: Yes
Date Published: 2006-09-24
Relevant URL: http://www.sec
urityfocus.com/bid/20163
Summary:
cPanel is prone to an unspecified remote
privilege-escalation vulnerability.

A remote attacker can exploit this issue to gain
administrative access to the 
affected application. This may lead to other attacks.

3. Apple QuickTime Plug-In Arbitrary Script Execution
Weakness
BugTraq ID: 20138
Remote: Yes
Date Published: 2006-09-21
Relevant URL: http://www.sec
urityfocus.com/bid/20138
Summary:
Apple QuickTime Plug-In is prone to an
arbitrary-script-execution weakness when 
executing QuickTime Media Link files (.qtl).

An attacker can exploit this issue to execute arbitrary
script code in the 
context of the affected application and load local content
in a user's browser. 
Although this weakness doesn't pose any direct security
threat by itself, an 
attacker may use it to aid in further attacks.

Version 7.1.3 is vulnerable; other versions may also be
affected.

4. ProSysInfo TFTPDWIN Remote Buffer Overflow Vulnerability
BugTraq ID: 20131
Remote: Yes
Date Published: 2006-09-21
Relevant URL: http://www.sec
urityfocus.com/bid/20131
Summary:
TFTPDWIN server is prone to a remote buffer-overflow
vulnerability because the 
application fails to properly bounds-check user-supplied
input before copying 
it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary code
in the context of 
the TFTP server process.

Version 0.4.2 of the affected software is vulnerable; other
versions may be 
affected as well.

5. RSSReader RSS Feeds Atom Feed Multiple HTML Injection
Vulnerabilities
BugTraq ID: 20129
Remote: Yes
Date Published: 2006-09-20
Relevant URL: http://www.sec
urityfocus.com/bid/20129
Summary:
RSSReader is prone to multiple HTML-injection
vulnerabilities because the 
application fails to properly sanitize user-supplied input
before using it in 
dynamically generated content. 
Attacker-supplied HTML and script code would run in the
context of the affected 
browser, potentially allowing an attacker to steal
cookie-based authentication 
credentials or to control how the site is rendered to the
user. Other attacks 
are also possible.

6. SharpReader Atom Feed Script HTML Injection Vulnerability
BugTraq ID: 20128
Remote: Yes
Date Published: 2006-09-20
Relevant URL: http://www.sec
urityfocus.com/bid/20128
Summary:
SharpReader is prone to an HTML-injection vulnerability
because the application 
fails to properly sanitize user-supplied input before using
it in dynamically 
generated content. 
Attacker-supplied HTML and script code would run in the
context of the My 
Computer folder, potentially allowing an attacker to steal
cookie-based 
authentication credentials or to control how the site is
rendered to the user. 
Other attacks are also possible.

7. Ipswitch WS_FTP PASV Response Remote Buffer Overflow
Vulnerability
BugTraq ID: 20121
Remote: Yes
Date Published: 2006-09-20
Relevant URL: http://www.sec
urityfocus.com/bid/20121
Summary:
A remote buffer-overflow vulnerability is reported in the
Ipswitch WS_FTP 
client. This issue occurs because the application fails to
properly validate 
the length of user-supplied strings prior to copying them
into finite process 
buffers. 
An attacker may exploit this issue to cause the affected
client to crash. 
Execution of arbitrary code in the context of the FTP client
process may also 
be possible.

Version 5.08 of the affected software is vulnerable; other
versions may be 
affected as well.

8. NewsGator FeedDemon Active Script Code-Execution
Vulnerability
BugTraq ID: 20114
Remote: Yes
Date Published: 2006-09-19
Relevant URL: http://www.sec
urityfocus.com/bid/20114
Summary:
NewsGator FeedDemon is prone to an active script
code-execution vulnerability 
because it fails to sufficiently sanitize Atom feed data
prior to rendering the 
feed.

Successful exploits may result in active scripting content
being executed in 
the context of the application. Note that the application
uses the 'Internet 
Zone' to render the remote HTML content, lessening the
impact of this issue.

9. Microsoft Internet Explorer Vector Markup Language Buffer
Overflow 
Vulnerability
BugTraq ID: 20096
Remote: Yes
Date Published: 2006-09-19
Relevant URL: http://www.sec
urityfocus.com/bid/20096
Summary:
Microsoft Internet Explorer is prone to a buffer-overflow
vulnerability. 
The vulnerability arises because of an error in the
processing of Vector Markup 
Language documents.

An attacker can exploit this issue to execute arbitrary code
within the context 
of the affected application. The method currently used to
exploit this issue 
will typically terminate Internet Explorer.

This vulnerability is currently being exploited in the wild
as 
'Trojan.Vimalov'.

This vulnerability affects Internet Explorer version 6.0 on
a fully patched 
system. Previous versions may also be affected.

Update: Microsoft Outlook 2003 is also an attack vector for
this issue, since 
it uses Internet Explorer to render HTML email. Reportedly,
attacks are 
possible even when active scripting has been disabled for
email viewing.

10. MailEnable SMTP SPF Remote Denial of Service
Vulnerability
BugTraq ID: 20091
Remote: Yes
Date Published: 2006-09-18
Relevant URL: http://www.sec
urityfocus.com/bid/20091
Summary:
MailEnable is prone to a remote denial-of-service
vulnerability.

This issue allows remote attackers to crash the application,
denying further 
service to legitimate users.

11. Retired: Microsoft PowerPoint Remote Code Execution
Vulnerability
BugTraq ID: 20059
Remote: Yes
Date Published: 2006-09-16
Relevant URL: http://www.sec
urityfocus.com/bid/20059
Summary:
Microsoft PowerPoint is prone to a remote code-execution
vulnerability.

This issue can allow remote attackers to execute arbitrary
code on a vulnerable 
computer by supplying a malicious PowerPoint document to a
user. This issue is 
being actively exploited in the wild as Trojan.PPDropper.E.

This issue is a duplicate of that discussed in BID 17000
(Microsoft Office 
Routing Slip Processing Remote Buffer Overflow
Vulnerability) and is therefore 
being retired.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #309
http:/
/www.securityfocus.com/archive/88/446468

2. Microsoft Security Clamp
http:/
/www.securityfocus.com/archive/88/446467

3. Storing Images in SQL Server (2005)
http:/
/www.securityfocus.com/archive/88/446413

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribesecurityfocus.com from the subscribed
address. The 
contents of the subject or message body do not matter. You
will receive a 
confirmation request message to which you will have to
answer. Alternatively 
you can also visit http://www.s
ecurityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadminsecurityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection
Attack Step-by-Step"!" - 
White Paper Blind SQL Injection can deliver total control of
your server to a 
hacker giving them the ability to read, write and manipulate
all data stored in 
your backend systems! Download this *FREE* white paper from
SPI Dynamics for a 
complete guide to protection! 
https://download.spidynamics.com/1/ad/b
sq.asp?Campaign_ID=70160000000CbYU



------------------------------------------------------------
---------------
------------------------------------------------------------
---------------
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )