SecurityFocus Microsoft Newsletter #338
----------------------------------------
This Issue is Sponsored by: Kapersky Lab
Try Kaspersky Antivirus 6.0 Software
Download Kaspersky's Award-Winning antivirus &
antispyware solution with anti-spam and firewall Free
http://newsletter.industrybrains.com/c?fe;1;5f0
4b;1000f;345;0;da4
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that
stand out as conveying topics of interest for our community.
We are proud to offer content from Matasano at this time and
will be adding more in the coming weeks.
http://www.securit
yfocus.com/blogs
------------------------------------------------------------
------
I. FRONT AND CENTER
1. The Politics of E-Mail
2. Notes On Vista Forensics, Part Two
II. MICROSOFT VULNERABILITY SUMMARY
1. Foxit Reader Malformed PDF File Denial of Service
Vulnerability
2. RaidenFTPD Multiple Remote Denial of Service
Vulnerabilitie
3. Nullsoft Winamp WMV File Processing Denial of
Service Vulnerability
4. OpenAFS for Microsoft Windows Local Denial of
Service Vulnerability
5. Novell Groupwise WebAccess GWINTER.EXE Remote
Buffer Overflow Vulnerability
6. Novell SecureLogin Security Bypass And Privilege
Escalation Vulnerability
7. NetSprint Ask IE Toolbar Multiple Denial of
Service Vulnerabilities
8. Oracle April 2007 Security Update Multiple
Vulnerabilities
9. NetSprint Toolbar ActiveX Denial of Service
Vulnerability
10. MiniShare Multiple Request Handling Remote
Denial of Service Vulnerability
11. SSH Tectia Server IBM z/OS Local Privilege
Escalation Vulnerability
12. FileZilla Multiple Unspecified Format String
Vulnerabilities
13. ZoneAlarm Vsdatant.SYS Driver Local Denial of
Service Vulnerability
14. LanDesk Management Suite Alert Service
AOLSRVR.EXE Buffer Overflow Vulnerability
15. Clam AntiVirus ClamAV Multiple Remote
Vulnerabilities
16. Acubix PicoZip Archive Directory Traversal
Vulnerability
17. Microsoft Windows DNS Server Escaped Zone Name
Parameter Buffer Overflow Vulnerability
18. KarjaSoft Sami HTTP Server Request Remote Denial
of Service Vulnerabilities
19. Drupal Database Administration Module Multiple
HTML-injection Vulnerabilities
20. IBM Lotus Domino Web Access Active Content
Filter HTML Injection Vulnerability
21. MarkAny MaPrintModule ActiveX Denial of Service
Vulnerability
22. Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX
Control Remote Buffer Overflow Vulnerability
23. Microsoft Windows UPnP Remote Stack Buffer
Overflow Vulnerability
24. Windows VDM Zero Page Race Condition Local
Privilege Escalation Vulnerability
25. Microsoft Windows CSRSS CSRFinalizeContext Local
Privilege Escalation Vulnerability
26. Microsoft Agent URI Processing Remote Code
Execution Vulnerability
27. Microsoft Windows CSRSS MSGBox Remote Code
Execution Vulnerability
28. Microsoft Content Management Server Remote Code
Execution Vulnerability
29. Microsoft Content Management Server Cross-Site
Scripting Vulnerability
30. Mozilla Firefox/SeaMonkey/Thunderbird Multiple
Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. Shared drives through a firewall
2. Help with Exploit
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. The Politics of E-Mail
By Mark Rasch
It's springtime in Washington, D.C. The cherry blossoms have
bloomed, the tourists descended, and on both sides of
Pennsylvania Avenue a new "scandal" is erupting.
http://ww
w.securityfocus.com/columnists/440
2. Notes On Vista Forensics, Part Two
By Jamie Morris
In part one of this series we looked at the different
editions of Vista available and discussed the various
encryption and backup features which might be of interest to
forensic examiners. In this article we will look at the user
and system features of Vista which may (or may not) present
new challenges for investigators and discuss the use of
Vista itself as a platform for forensic analysis.
http://www.
securityfocus.com/infocus/1890
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Foxit Reader Malformed PDF File Denial of Service
Vulnerability
BugTraq ID: 23576
Remote: Yes
Date Published: 2007-04-20
Relevant URL: http://www.sec
urityfocus.com/bid/23576
Summary:
Foxit Reader is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected
application, denying service to legitimate users.
This issue affects Foxit Reader 2.0; other versions may also
be affected.
2. RaidenFTPD Multiple Remote Denial of Service
Vulnerabilitie
BugTraq ID: 23570
Remote: Yes
Date Published: 2007-04-19
Relevant URL: http://www.sec
urityfocus.com/bid/23570
Summary:
RaidenFTPD is prone to multiple remote denial-of-service
vulnerabilities because the application fails to properly
handle user-supplied input.
Exploiting these issues allows remote attackers to crash the
application, denying further service to legitimate users.
These issues affect RaidenFTPD 2.4; other versions may also
be vulnerable.
3. Nullsoft Winamp WMV File Processing Denial of Service
Vulnerability
BugTraq ID: 23568
Remote: Yes
Date Published: 2007-04-19
Relevant URL: http://www.sec
urityfocus.com/bid/23568
Summary:
Nullsoft Winamp is prone to a denial-of-service
vulnerability when processing malformed WMV files.
Successfully exploiting this issue allows remote attackers
to crash affected applications. Code execution may also be
possible, but this has not been confirmed.
This issue is reported to affect Winamp 5.3; other versions
may also be affected.
4. OpenAFS for Microsoft Windows Local Denial of Service
Vulnerability
BugTraq ID: 23566
Remote: No
Date Published: 2007-04-19
Relevant URL: http://www.sec
urityfocus.com/bid/23566
Summary:
OpenAFS for Microsoft Windows is prone to a local
denial-of-service vulnerability because the application
fails to properly handle unexpected conditions.
Successfully exploiting this issue allows local attackers to
trigger computer crashes. These crashes will occur every
time Windows tries to start, creating a prolonged
denial-of-service condition.
Versions of OpenAFS prior to 1.5.19 running on Windows are
vulnerable.
Note that this issue is present only if MIT Kerberos for
Windows is also installed on vulnerable computers.
5. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer
Overflow Vulnerability
BugTraq ID: 23556
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.sec
urityfocus.com/bid/23556
Summary:
Novell Groupwise WebAccess is prone to a remote
buffer-overflow vulnerability because the application fails
to bounds-check user-supplied data before copying it into an
insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code
within the context of the affected application. Failed
exploit attempts will result in a denial-of-service
condition.
6. Novell SecureLogin Security Bypass And Privilege
Escalation Vulnerability
BugTraq ID: 23547
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.sec
urityfocus.com/bid/23547
Summary:
Novell SecureLogin is prone to a vulnerability that allows
attackers to bypass security restrictions as well as a
vulnerability that may allow attackers to gain elevated
privileges on the affected computer.
These issues affect Novell Access Management Server 3 IR1.
7. NetSprint Ask IE Toolbar Multiple Denial of Service
Vulnerabilities
BugTraq ID: 23535
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.sec
urityfocus.com/bid/23535
Summary:
NetSprint Ask IE Toolbar ActiveX control is prone to
multiple denial-of-service vulnerabilities.
Exploiting these issues allows remote attackers to crash
applications that employ the vulnerable controls (typically
Microsoft Internet Explorer). Attackers may potentially
exploit these issues to execute code, but this has not been
confirmed.
NetSprint Ask IE Toolbar 1.1 is vulnerable; other versions
may also be affected.
8. Oracle April 2007 Security Update Multiple
Vulnerabilities
BugTraq ID: 23532
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.sec
urityfocus.com/bid/23532
Summary:
Oracle has released a Critical Patch Update advisory for
April 2007 to address these vulnerabilities for supported
releases. Earlier unsupported releases are likely to be
affected by these issues as well.
The issues identified by the vendor affect all security
properties of the Oracle products and present local and
remote threats. Various levels of authorization are needed
to leverage some of the issues, but other issues do not
require any authorization. The most severe of the
vulnerabilities could possibly expose affected computers to
complete compromise.
9. NetSprint Toolbar ActiveX Denial of Service
Vulnerability
BugTraq ID: 23530
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.sec
urityfocus.com/bid/23530
Summary:
NetSprint Toolbar ActiveX control is prone to a
denial-of-service vulnerability.
Exploiting this issue allows remote attackers to crash
applications that employ the vulnerable controls (typically
Microsoft Internet Explorer). Attackers may potentially be
able to exploit this issue to execute code, but this has not
been confirmed.
NetSprint Toolbar ActiveX Control 1.1 is vulnerable to this
issue; other versions may also be vulnerable.
10. MiniShare Multiple Request Handling Remote Denial of
Service Vulnerability
BugTraq ID: 23517
Remote: Yes
Date Published: 2007-04-16
Relevant URL: http://www.sec
urityfocus.com/bid/23517
Summary:
MiniShare is prone to a remote denial-of-service
vulnerability.
Exploiting this issue allows remote attackers to crash the
server application, denying further service to legitimate
users.
11. SSH Tectia Server IBM z/OS Local Privilege Escalation
Vulnerability
BugTraq ID: 23508
Remote: No
Date Published: 2007-04-16
Relevant URL: http://www.sec
urityfocus.com/bid/23508
Summary:
SSH Tectia server for IBM z/OS is prone to a local
privilege-escalation vulnerability.
A local attacker may exploit this issue to gain certain
elevated privileges on a vulnerable computer and launch
further attacks. Successful exploits may facilitate a
compromise of vulnerable computers.
This issue affects versions prior to 5.4.0.
12. FileZilla Multiple Unspecified Format String
Vulnerabilities
BugTraq ID: 23506
Remote: Yes
Date Published: 2007-04-16
Relevant URL: http://www.sec
urityfocus.com/bid/23506
Summary:
FileZilla is prone to multiple unspecified format-string
vulnerabilities because it fails to properly sanitize
user-supplied input before passing it as the format
specifier to a formatted-printing function.
An attacker can exploit these issues to execute arbitrary
code within the context of the affected application, denying
service to legitimate users.
These issues affect versions prior to 2.2.32.
13. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service
Vulnerability
BugTraq ID: 23494
Remote: No
Date Published: 2007-04-15
Relevant URL: http://www.sec
urityfocus.com/bid/23494
Summary:
ZoneAlarm is prone to a local denial-of-service
vulnerability.
This issue occurs when attackers supply invalid argument
values to the 'vsdatant.sys' driver.
A local attacker may exploit this issue to crash affected
computers, denying service to legitimate users.
ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this
issue; other versions may be affected as well.
14. LanDesk Management Suite Alert Service AOLSRVR.EXE
Buffer Overflow Vulnerability
BugTraq ID: 23483
Remote: Yes
Date Published: 2007-04-13
Relevant URL: http://www.sec
urityfocus.com/bid/23483
Summary:
LANDesk Management Suite is prone to a remote stack-based
buffer-overflow vulnerability because the application fails
to bounds-check user-supplied data before copying it into an
insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code
with SYSTEM-level privileges. Successfully exploiting this
issue would result in the complete compromise of affected
computers. Failed exploit attempts will result in a denial
of service.
This issue affects LANDesk Management Suite 8.7; prior
versions may also be affected.
15. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
BugTraq ID: 23473
Remote: Yes
Date Published: 2007-04-13
Relevant URL: http://www.sec
urityfocus.com/bid/23473
Summary:
ClamAV is prone to a file-descriptor leakage vulnerability
and a buffer-overflow vulnerability.
A successful attack may allow an attacker to obtain
sensitive information, cause denial-of-service conditions,
and execute arbitrary code in the context of the user
running the affected application.
ClamAV versions prior to 0.90.2 are vulnerable to these
issues.
16. Acubix PicoZip Archive Directory Traversal
Vulnerability
BugTraq ID: 23471
Remote: Yes
Date Published: 2007-04-13
Relevant URL: http://www.sec
urityfocus.com/bid/23471
Summary:
PicoZip is prone to a directory-traversal vulnerability
because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to extract files into
directories of their choosing and overwrite arbitrary files.
Successful exploits may aid in further attacks.
This issue affects PicoZip 4.02; other versions may also be
affected.
17. Microsoft Windows DNS Server Escaped Zone Name Parameter
Buffer Overflow Vulnerability
BugTraq ID: 23470
Remote: Yes
Date Published: 2007-04-13
Relevant URL: http://www.sec
urityfocus.com/bid/23470
Summary:
Microsoft Windows Domain Name System (DNS) Server Service is
prone to a stack-based buffer-overflow vulnerability in its
Remote Procedure Call (RPC) interface.
A remote attacker may exploit this issue to run arbitrary
code in the context of the DNS Server Service. The DNS
service runs in the 'SYSTEM' context.
Successfully exploiting this issue allows attackers to
execute arbitrary code, facilitating the remote compromise
of affected computers.
Windows Server 2000 Service Pack 4, Windows Server 2003
Service Pack 1, and Windows Server 2003 Service Pack 2 are
confirmed vulnerable to this issue.
Microsoft Windows 2000 Professional SP4, Windows XP SP2, and
Windows Vista are not affected by this vulnerability.
18. KarjaSoft Sami HTTP Server Request Remote Denial of
Service Vulnerabilities
BugTraq ID: 23445
Remote: Yes
Date Published: 2007-04-12
Relevant URL: http://www.sec
urityfocus.com/bid/23445
Summary:
Sami HTTP Server is prone to multiple remote
denial-of-service vulnerabilities because the software fails
to handle exceptional conditions.
Exploiting these issues allows remote attackers to crash the
server application, denying further service to legitimate
users.
This issue affects Sami HTTP Server 2.0.1; other versions
may also be affected.
19. Drupal Database Administration Module Multiple
HTML-injection Vulnerabilities
BugTraq ID: 23440
Remote: Yes
Date Published: 2007-04-12
Relevant URL: http://www.sec
urityfocus.com/bid/23440
Summary:
Drupal Database Administration Module is prone to multiple
HTML-injection vulnerabilities because it fails to
sufficiently sanitize user-supplied input before displaying
it in dynamically generated content.
To exploit this issue, an attacker must have Site
Administrator privileges.
An attacker could exploit this vulnerability to execute
arbitrary script code in the browser of an unsuspecting
victim in the context of the affected site. This may allow
the attacker to steal cookie-based authentication
credentials and to launch other attacks.
Drupal Database Administration versions prior to 4.7.0-1.2
and all versions of the 4.6.0 branch are vulnerable to these
issues.
20. IBM Lotus Domino Web Access Active Content Filter HTML
Injection Vulnerability
BugTraq ID: 23421
Remote: Yes
Date Published: 2007-04-11
Relevant URL: http://www.sec
urityfocus.com/bid/23421
Summary:
IBM Lotus Domino Web Access is prone to an HTML-injection
vulnerability because it fails to sufficiently sanitize
user-supplied data.
An attacker could exploit this vulnerability to execute
arbitrary script code in the browser of an unsuspecting
victim in the context of the affected website. This may
allow the attacker to steal cookie-based authentication
credentials and to launch other attacks.
21. MarkAny MaPrintModule ActiveX Denial of Service
Vulnerability
BugTraq ID: 23420
Remote: Yes
Date Published: 2007-04-11
Relevant URL: http://www.sec
urityfocus.com/bid/23420
Summary:
MarkAny MaPrintModule ActiveX control is prone to a
denial-of-service vulnerability.
Exploiting this issue allows remote attackers to crash
applications that employ the vulnerable controls (typically
Microsoft Internet Explorer).
MarkAny MaPrintModule ActiveX Control 1.0.0.2 and 2.1.1.0
through 2.1.1.2 are vulnerable to this issue; other versions
may also be vulnerable.
NOTE: Newly available technical information indicates that
this is not a buffer-overflow issue and may be exploited
only to cause denial-of-service conditions. This BID has
been updated to reflect this new information.
22. Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control
Remote Buffer Overflow Vulnerability
BugTraq ID: 23412
Remote: Yes
Date Published: 2007-04-11
Relevant URL: http://www.sec
urityfocus.com/bid/23412
Summary:
Roxio CinePlayer is prone to a stack-based buffer-overflow
vulnerability because it fails to sufficiently check
boundaries of user-supplied input before copying it to an
insufficiently sized memory buffer.
An attacker may exploit this issue by enticing victims into
opening a malicious HTML document.
Exploiting this issue allows remote attackers to execute
arbitrary code in the context of applications using the
affected ActiveX control and to compromise affected
computers. Failed attempts will likely result in
denial-of-service conditions.
Roxio CinePlayer 3.2 is vulnerable to this issue; other
versions may also be affected.
23. Microsoft Windows UPnP Remote Stack Buffer Overflow
Vulnerability
BugTraq ID: 23371
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.sec
urityfocus.com/bid/23371
Summary:
Microsoft Windows is prone to a remote stack-based
buffer-overflow vulnerability because it fails to adequately
bounds-check user-supplied data before copying it to an
insufficiently sized memory buffer. This occurs when
handling certain HTTP requests.
To exploit this issue, an attacker must be in the same
network segment as the victim.
Successful exploits may allow attackers to execute arbitrary
code with the privileges of the affected service. Failed
exploits attempts will likely result in denial-of-service
conditions.
24. Windows VDM Zero Page Race Condition Local Privilege
Escalation Vulnerability
BugTraq ID: 23367
Remote: No
Date Published: 2007-04-10
Relevant URL: http://www.sec
urityfocus.com/bid/23367
Summary:
Microsoft Windows is prone to a local privilege-escalation
vulnerability because of a race condition in the Virtual DOS
Machine (VDM).
A local attacker can exploit this issue to execute arbitrary
code with kernel-level privileges. A successful exploit will
result in the complete compromise of affected computers.
Failed exploit attempts will result in a denial-of-service
condition.
25. Microsoft Windows CSRSS CSRFinalizeContext Local
Privilege Escalation Vulnerability
BugTraq ID: 23338
Remote: No
Date Published: 2007-04-10
Relevant URL: http://www.sec
urityfocus.com/bid/23338
Summary:
Microsoft Windows CSRSS (client/server run-time subsystem)
is prone to local privilege-escalation vulnerability.
Successful attacks will result in the complete compromise of
affected computers.
26. Microsoft Agent URI Processing Remote Code Execution
Vulnerability
BugTraq ID: 23337
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.sec
urityfocus.com/bid/23337
Summary:
The Microsoft Agent ActiveX control is prone to remote code
execution.
An attacker could exploit this issue to execute code in the
context of the user visiting a malicious web page.
Note that users who are running Windows Internet Explorer 7
are not affected by this vulnerability.
27. Microsoft Windows CSRSS MSGBox Remote Code Execution
Vulnerability
BugTraq ID: 23324
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.sec
urityfocus.com/bid/23324
Summary:
Microsoft Windows CSRSS (client/server run-time subsystem)
MsgBox is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code
with SYSTEM-level privileges.
Note that this issue can also be exploited locally by an
authenticated user to gain elevated privileges.
Under default settings, Windows Vista is not prone to remote
attacks that attempt to exploit this issue.
Update: This issue was originally disclosed as part of BID
21688, but has now been assigned its own record.
28. Microsoft Content Management Server Remote Code
Execution Vulnerability
BugTraq ID: 22861
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.sec
urityfocus.com/bid/22861
Summary:
Microsoft Content Management Server (MCMS) is prone to an
arbitrary code-execution vulnerability because the software
fails to properly validate user-supplied input.
Exploiting this issue allows remote attackers to execute
arbitrary machine code on affected computers with the
privileges of the vulnerable application.
29. Microsoft Content Management Server Cross-Site Scripting
Vulnerability
BugTraq ID: 22860
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.sec
urityfocus.com/bid/22860
Summary:
Microsoft Content Management Server (MCMS) is prone to an
unspecified cross-site scripting vulnerability because the
application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary
script code in the browser of an unsuspecting user in the
context of the affected site. This may help the attacker
steal cookie-based authentication credentials, spoof
content, or perform actions on behalf of the victim user;
this could aid in further attacks.
30. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote
Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.sec
urityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories
specifying vulnerabilities in Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute
arbitrary code.
Other attacks may also be possible.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Shared drives through a firewall
http:/
/www.securityfocus.com/archive/88/463468
2. Help with Exploit
http:/
/www.securityfocus.com/archive/88/458938
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe securityfocus.com from the subscribed
address. The contents of the subject or message body do not
matter. You will receive a confirmation request message to
which you will have to answer. Alternatively you can also
visit http://www.s
ecurityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadminsecurityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Kapersky Lab
Try Kaspersky Antivirus 6.0 Software
Download Kaspersky's Award-Winning antivirus &
antispyware solution with anti-spam and firewall Free
http://newsletter.industrybrains.com/c?fe;1;5f0
4b;1000f;345;0;da4
|