SecurityFocus Microsoft Newsletter #353
----------------------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: Learn to Think Like a Hacker - Simulate a Hacker
Breaking into Your Web Apps
The speed with which Web Applications are developed make
them prime targets for attackers, often these applications
were developed so quickly that they are not coded properly
or subjected to any security testing. Hackers know this and
use it as their weapon. Download this *FREE* test guide from
SPI Dynamics to check for Web application vulnerabilities.
https://download.spidynamics.com/1/ad/w
eb.asp?Campaign_ID=70160000000CysD
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that
stand out as conveying topics of interest for our community.
We are proud to offer content from Matasano at this time and
will be adding more in the coming weeks.
http://www.securit
yfocus.com/blogs
------------------------------------------------------------
------
I. FRONT AND CENTER
1. Security conferences versus practical knowledge
2. Achtung! New German Laws on Cybercrime
II. MICROSOFT VULNERABILITY SUMMARY
1. Ipswitch IMail Server and Collaboration Suite
(ICS) Multiple Buffer Overflow Vulnerabilities
2. Atheros Wireless Drivers Denial of Service
Vulnerability
3. Visionsoft Audit Multiple Remote Vulnerabilities
4. Nullsoft Winamp M3U File Denial of Service
Vulnerability
5. UltraDefrag FindFiles Function Buffer Overflow
Vulnerability
6. Guidance Software EnCase Forensic Unspecified
Denial Of Service Vulnerability
7. Guidance Software EnCase Forensic Multiple Denial
Of Service Vulnerabilities
8. Drupal Multiple Cross-Site Scripting
Vulnerabilities
9. CrystalPlayer Playlist File Buffer Overflow
Vulnerability
10. Microsoft Windows ARP Request Denial of Service
Vulnerability
11. Sun Java System Application Server JSP Source
Code Disclosure Vulnerability
12. Computer Associates Multiple Products Message
Queuing Remote Stack Buffer Overflow Vulnerability
13. Kerio MailServer Attachment Filter Unspecified
Vulnerability
14. Ipswitch Instant Messaging Remote Denial of
Service Vulnerability
15. Zenturi ProgramChecker SASATL.DLL ActiveX
Control Scan Method Buffer Overflow Vulnerability
16. Microsoft Internet Explorer SeaMonkey Browser
URI Handler Command Injection Vulnerability
17. Microsoft Windows Explorer GIF File Denial of
Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #352
2. USB device control software
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather
well to suit the needs of their clients, the computer
conference - specifically the computer security conference -
has declined in relevance to the everyday sys-admin and
network security practitioners.
http://ww
w.securityfocus.com/columnists/449
2. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that
might affect security professionals. Federico Biancuzzi
interviewed Marco Gercke, one of the experts that was
invited to the parliamentary hearing, to learn more about
this delicate subject. They discussed what is covered by the
new laws, which areas remain in the dark, and how they might
affect vulnerability disclosure and the use of common tools,
such as nmap.
http://ww
w.securityfocus.com/columnists/448
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Ipswitch IMail Server and Collaboration Suite (ICS)
Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 25176
Remote: Yes
Date Published: 2007-08-02
Relevant URL: http://www.sec
urityfocus.com/bid/25176
Summary:
Ipswitch IMail Server and Collaboration Suite (ICS) are
prone to multiple buffer-overflow vulnerabilities because
these applications fail to properly bounds-check
user-supplied input before copying it into an insufficiently
sized memory buffer.
Attackers may exploit these issues to execute arbitrary code
in the context of the affected applications. Failed exploit
attempts will likely result in denial-of-service
conditions.
Ipswitch Collaboration Suite (ICS) 2006, IMail Premium
2006.2 and 2006.21 are reported vulnerable to these issues;
other versions may also be affected.
2. Atheros Wireless Drivers Denial of Service Vulnerability
BugTraq ID: 25160
Remote: Yes
Date Published: 2007-08-01
Relevant URL: http://www.sec
urityfocus.com/bid/25160
Summary:
Atheros wireless drivers are prone to a denial-of-service
vulnerability because they fail to properly handle malformed
wireless frames.
Remote attackers may exploit this issue to cause
denial-of-service conditions.
Atheros drivers are also used by OEM (Original Equipment
Manufacturer) wireless adapters. Therefore, various brands
of wireless adapters using the Atheros chipset are affected
by this vulnerability.
This issue is reported to affect drivers for the Windows
operating system. Note that Linux, UNIX, and BSD computers
may be vulnerable if using the NDISWrapper or similar
technology to load an affected driver.
3. Visionsoft Audit Multiple Remote Vulnerabilities
BugTraq ID: 25153
Remote: Yes
Date Published: 2007-07-31
Relevant URL: http://www.sec
urityfocus.com/bid/25153
Summary:
Visionsoft Audit is prone to multiple remote
vulnerabilities:
- A heap-based buffer-overflow issue
- Multiple information-disclosure issues
- A denial-of-service issue
- A password-disclosure issue
- Multiple arbitrary-file-overwrite issues
An attacker can exploit these issues to completely
compromise the affected computer, crash the affected
application, overwrite arbitrary files, gain unauthorized
access to the affected application, and obtain sensitive
information.
These issues affect Visionsoft Audit 12.4.0.0; other
versions may also be affected.
4. Nullsoft Winamp M3U File Denial of Service Vulnerability
BugTraq ID: 25152
Remote: Yes
Date Published: 2007-07-31
Relevant URL: http://www.sec
urityfocus.com/bid/25152
Summary:
Winamp is prone to a remote denial-of-service
vulnerability.
An attacker can exploit this issue to crash the application,
effectively denying service to legitimate users. Given the
nature of this issue, the attacker may be able to execute
arbitrary code, but this has not been confirmed.
This issue is reported to affect Winamp 5.35; other versions
may also be vulnerable.
5. UltraDefrag FindFiles Function Buffer Overflow
Vulnerability
BugTraq ID: 25102
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25102
Summary:
UltraDefrag is prone to a buffer-overflow vulnerability
because the application fails to perform adequate boundary
checks on user-supplied data.
Successfully exploiting this issue allows attackers to
execute arbitrary machine code with SYSTEM-level privileges,
facilitating the complete compromise of affected computers.
Versions prior to UltraDefrag 1.0.4 are vulnerable to this
issue.
6. Guidance Software EnCase Forensic Unspecified Denial Of
Service Vulnerability
BugTraq ID: 25101
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25101
Summary:
Guidance Software EnCase Forensic is prone to an unspecified
denial-of-service vulnerability because it fails to handle
specially crafted filesystems.
Attackers can exploit this issue to cause denial-of-service
conditions. This can delay and complicate forensic
investigations.
NOTE: This issue may be related to the issues described in
BID 25100.
EnCase Forensics 5.0 is vulnerable; other versions may also
be affected.
7. Guidance Software EnCase Forensic Multiple Denial Of
Service Vulnerabilities
BugTraq ID: 25100
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25100
Summary:
Guidance Software EnCase Forensic is prone to multiple
denial-of-service vulnerabilities because it fails to handle
specially crafted and malformed NTFS filesystems.
Attackers can exploit this issue to crash the application or
cause it to hang. This can delay and complicate forensic
investigations.
8. Drupal Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25097
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25097
Summary:
Drupal is prone to multiple cross-site scripting
vulnerabilities because it fails to properly sanitize
user-supplied input before using it in dynamically generated
content.
An attacker may leverage these issues to execute arbitrary
script code in the browser of an unsuspecting user in the
context of the affected site. This may help the attacker
steal cookie-based authentication credentials and launch
other attacks.
Versions prior to Drupal 4.7.7 and prior to Drupal 5.2 are
vulnerable to these issues.
9. CrystalPlayer Playlist File Buffer Overflow
Vulnerability
BugTraq ID: 25083
Remote: Yes
Date Published: 2007-07-26
Relevant URL: http://www.sec
urityfocus.com/bid/25083
Summary:
CrystalPlayer is prone to a buffer-overflow vulnerability
because the application fails to properly bounds-check
user-supplied data before copying it into an insufficiently
sized buffer.
An attacker can exploit this issue to execute arbitrary code
with the privileges of the application. Successfully
exploiting this issue will result in a compromise of
affected computers. Failed exploit attempts will likely
result in denial-of-service conditions.
This issue affects CrystalPlayer 1.98; other versions may
also be vulnerable.
10. Microsoft Windows ARP Request Denial of Service
Vulnerability
BugTraq ID: 25066
Remote: Yes
Date Published: 2007-07-25
Relevant URL: http://www.sec
urityfocus.com/bid/25066
Summary:
Microsoft Windows is prone to a denial-of-service
vulnerability due to its inefficient handling of malicious
ARP requests.
Attackers can exploit this issue to consume excessive CPU
resources, denying service to legitimate users for the
duration of the attack.
Microsoft Windows XP SP2 and Vista are vulnerable to this
issue; other Microsoft operating systems and versions may
also be affected.
11. Sun Java System Application Server JSP Source Code
Disclosure Vulnerability
BugTraq ID: 25058
Remote: Yes
Date Published: 2007-07-25
Relevant URL: http://www.sec
urityfocus.com/bid/25058
Summary:
Sun Java System Application Server on Microsoft Windows is
prone to a vulnerability that may allow remote attackers to
obtain sensitive JSP source code, which may aid them in
further attacks.
12. Computer Associates Multiple Products Message Queuing
Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 25051
Remote: Yes
Date Published: 2007-07-24
Relevant URL: http://www.sec
urityfocus.com/bid/25051
Summary:
Multiple Computer Associates products are prone to a remote
stack-based buffer-overflow vulnerability. This issue
affects the Message Queuing (CAM/CAFT) component. The
application fails to properly bounds-check user-supplied
data before copying it to an insufficiently sized buffer.
A successful exploit will allow an attacker to execute
arbitrary code with SYSTEM-level privileges.
This issue affects all versions of the CA Message Queuing
software prior to v1.11 Build 54_4 on Windows and NetWare.
13. Kerio MailServer Attachment Filter Unspecified
Vulnerability
BugTraq ID: 25038
Remote: Yes
Date Published: 2007-07-24
Relevant URL: http://www.sec
urityfocus.com/bid/25038
Summary:
Kerio MailServer is prone to an unspecified vulnerability
due to an error in the attachment filter.
Very few details are currently available regarding this
issue. We will update this BID as more information emerges.
Versions prior to Kerio MailServer 6.4.1 are considered
vulnerable.
14. Ipswitch Instant Messaging Remote Denial of Service
Vulnerability
BugTraq ID: 25031
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25031
Summary:
Ipswitch Instant Messaging Server is prone to a remote
denial-of-service vulnerability because the application
fails to properly handle unexpected network data.
Successfully exploiting this issue allows remote attackers
to crash the IM service, denying further instant messages
for legitimate users.
Ipswitch IM Server 2.0.5.30 is vulnerable; other versions
may also be affected.
15. Zenturi ProgramChecker SASATL.DLL ActiveX Control Scan
Method Buffer Overflow Vulnerability
BugTraq ID: 25025
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25025
Summary:
The Zenturi ProgramChecker 'sasatl.dll' ActiveX control is
prone to a buffer-overflow vulnerability because it fails to
bounds-check user-supplied data before copying it into an
insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers
to execute arbitrary code in the context of the application
using the ActiveX control (typically Internet Explorer).
Failed exploit attempts likely result in denial-of-service
conditions.
16. Microsoft Internet Explorer SeaMonkey Browser URI
Handler Command Injection Vulnerability
BugTraq ID: 25021
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25021
Summary:
Microsoft Internet Explorer is prone to a vulnerability that
lets attackers inject commands through SeaMonkey's 'mailto'
protocol handler.
Exploiting these issues allows remote attackers to pass and
execute arbitrary commands and arguments through the
'SeaMonkey.exe' process by employing the 'mailto' handler.
An attacker can also employ these issues to carry out
cross-browser scripting attacks by using the '-chrome'
argument. This can allow the attacker to run JavaScript code
with the privileges of trusted Chrome context and gain full
access to SeaMonkey's resources.
Exploiting these issues would permit remote attackers to
influence command options that can be called through the
'mailto' handles and therefore execute commands and script
code with the privileges of a user running the applications.
Successful attacks may result in a variety of consequences,
including remote unauthorized access.
17. Microsoft Windows Explorer GIF File Denial of Service
Vulnerability
BugTraq ID: 25013
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25013
Summary:
Microsoft Windows Explorer is prone to a denial-of-service
vulnerability.
An attacker could exploit this issue to cause Explorer to
crash, effectively denying service. Arbitrary code execution
may be possible, but this has not been confirmed.
This issue affects Explorer on Microsoft Windows XP SP2;
other operating systems and versions may also be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #352
http:/
/www.securityfocus.com/archive/88/475053
2. USB device control software
http:/
/www.securityfocus.com/archive/88/472910
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe securityfocus.com from the subscribed
address. The contents of the subject or message body do not
matter. You will receive a confirmation request message to
which you will have to answer. Alternatively you can also
visit http://www.s
ecurityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadminsecurityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: Learn to Think Like a Hacker - Simulate a Hacker
Breaking into Your Web Apps
The speed with which Web Applications are developed make
them prime targets for attackers, often these applications
were developed so quickly that they are not coded properly
or subjected to any security testing. Hackers know this and
use it as their weapon. Download this *FREE* test guide from
SPI Dynamics to check for Web application vulnerabilities.
https://download.spidynamics.com/1/ad/w
eb.asp?Campaign_ID=70160000000CysD
|