|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: Tue Oct 01 2002 - 12:14:29 CDT
This Issue is Sponsored by: SPI Dynamics
ALERT! - Cross-site scripting vulnerabilities in web applications allow
hackers to compromise confidential information, manipulate or steal
cookies, and create requests that can be mistaken for those of a valid
user!! All via port 80 and 443! Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
Please visit us at: http://www.spidynamics.com/mktg/xss1/
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Remote Management of Win2K Servers: Three Secure Solutions
2. Shredding the Paper Tiger of Cyberterrorism
3. SecurityFocus DPP Program
4. IIR's 3G Fraud & Security Forum
II. MICROSOFT VULNERABILITY SUMMARY
1. Rudi Benkovic JAWMail Script Injection Vulnerability
2. Microsoft Virtual Machine Unauthorized ODBC Data Access...
3. Trillian IRC Oversized Data Block Buffer Overflow Vulnerability
4. Dino's Webserver File Disclosure Vulnerability
5. Trillian IRC Raw Messages Denial Of Service Vulnerability
6. Trillian IRC PART Message Denial Of Service Vulnerability
7. Microsoft Internet Explorer SSL Certificate Expiration...
8. Trillian AIM Remote Denial Of Service Attack
9. XOOPS HTML Injection Vulnerability
10. Apache Oversized STDERR Buffer Denial Of Service Vulnerability
11. PHPNuke News Message HTML Injection Vulnerability
12. NPDS News Message HTML Injection Vulnerability
13. DaCode News Message HTML Injection Vulnerability
14. MDG Web Server 4D Insecure Credential Storage Vulnerability
15. Zope Incorrect XML-RPC Request Information Disclosure...
16. Zope Through The Web Code Remote Denial Of Service Vulnerability
17. PHPNuke Modules.PHP SQL Injection Vulnerability
18. Microsoft PPTP Server Buffer Overflow Vulnerability
19. BEA WebLogic Server and Express HTTP Response Information...
20. VBulletin Calendar.PHP Command Execution Vulnerability
21. Zope ZCatalog Plug-In Remote Method Vulnerability
22. ACWeb Cross-Site Scripting Vulnerability
23. Drupal News Message HTML Injection Vulnerability
24. PHPWebSite News Message HTML Injection Vulnerability
25. Microsoft FrontPage Server Extensions SmartHTML Buffer...
III. MICROSOFT FOCUS LIST SUMMARY
1. Why does W2k allow blank passwords even with GPO configured?...
2. win xp sp1 changes ICF settings/rules and/or default behavior...
3. I'm falling my hairs with this domain gpo problem (Thread)
4. SecurityFocus Microsoft Newsletter #105 (Thread)
5. FW : Hosting multiple sites/ASP.NET security (Thread)
6. FW: I'm falling my hairs with this domain gpo problem (Thread)
IV. MICROSOFT PRODUCTS
1. Advanced Checker
2. Event Analyst
3. Iris Network Traffic Analyzer
V. MICROSOFT TOOLS
1. Logrep v1.12
2. RelayTCP
3. Windump v3.52
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. Remote Management of Win2K Servers: Three Secure Solutions
By Mark Burnett
Remote management of servers presents several problems, the most obvious
being that the traffic between the administrator and the server is
travelling across the public Internet, available for others to sniff. This
article will discuss three methods to make the remote management of Win2K
servers more secure.
http://online.securityfocus.com/infocus/1629
2. Shredding the Paper Tiger of Cyberterrorism
By Richard Forno
Government appointees and politicos should stop spreading fear,
uncertainty, and doubt with empty threats of cyberterrorism and focus on
the real issues surrounding information security.
http://online.securityfocus.com/columnists/111
3. SecurityFocus DPP Program
Attention Organizations and Universities!! Sign-up now for
preferred pricing on the only global early-warning system for cyber
attacks - SecurityFocus DeepSight Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
4. IIR's 3G Fraud & Security Forum (21-23 October, London)
A specialized conference designed specifically for Fraud and Security
Managers in the 3G and mobile commerce space. This year's agenda focuses
on technical strategies for detecting and minimizing the fraud risks in 3G
services: what will be the key vulnerabilities in 3G and how can you
manage the increased risks of content partner fraud, transaction-based
roaming and m-commerce fraud? We will also be devoting a whole day to 3G
network security - penetration testing, third party access risks, IDS,
with even a live hack demonstration of Internet fraud.
Key speakers include Radicchio, Orange, Optimus, Vodafone, Visa, BTexact,
CFCA, with a keynote from security guru Charles Brookson, Chair of the GSM
Association Security Group.
For more details please visit http://www.iir-conferences.com/3GFraud
II. BUGTRAQ SUMMARY
-------------------
1. Rudi Benkovic JAWMail Script Injection Vulnerability
BugTraq ID: 5771
Remote: Yes
Date Published: Sep 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5771
Summary:
JAWMail is a freely available, open source web-based mail software package
implemented in PHP. It is available for the Unix, Linux, and Microsoft
operating environments.
Problems with JAWMail could make it possible to execute arbitrary script
code in a vulnerable client.
JAWMail does not sufficiently filter malicious HTML code from e-mails. As
a result, when a user opens an email in JAWMail that contains malicious
HTML code, the code contained in the mail would be executed in the browser
of the mail user.
This could allow an attacker to send malicious javascript or HTML to an
unsuspecting user of JAWMail, which would be executed in the security
context of the site hosting JAWMail.
Attackers may potentially exploit this issue to hijack web content or to
steal cookie-based authentication credentials. It may be possible to take
arbitrary actions as the victim user.
This vulnerability was reported for JAWMail 1.0-rc1. It is not known
whether other versions are affected.
2. Microsoft Virtual Machine Unauthorized ODBC Data Access Vulnerability
BugTraq ID: 5772
Remote: Yes
Date Published: Sep 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5772
Summary:
Microsoft Virtual Machine contains Java Database Classes (JDBC) and
support for the use of XML by Java applications.
A vulnerability has been reported in a Java class that provides ODBC (Open
Data Base Connectivity) support. Reportedly, due to errors in security
checking code, it is possible for an attacker to obtain unauthorized
access to ODBC data sources of a victim system.
The java class, com.ms.jdbc.odbc.JdbcOdbcDriver does not provide adequate
security checks. To make an ODBC connection, the method connect() is used
to verify that a calling applet is trusted. An applet is established as a
legitimate source by the trusted() method which is invoked by connect().
Due to errors in the trusted() method, any calling applet is always
considered to be legitimate and is allowed access to ODBC data sources.
An attacker that knows the names of ODBC data sources residing on a victim
system will have access to those data sources. It may be possible for an
attacker to make modifications to the ODBC data sources that may have
serious security implications. It should also be noted that ODBC data
sources may also require further authentication and thus an attacker would
need to make efforts to obtain further access to such data sources.
3. Trillian IRC Oversized Data Block Buffer Overflow Vulnerability
BugTraq ID: 5777
Remote: Yes
Date Published: Sep 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5777
Summary:
Trillian is an instant messaging client that supports a number of
protocols (including IRC, ICQ, MSN). It is available for Microsoft Windows
systems.
A vulnerability has been reported for Trillian. Reportedly, Trillian is
prone to a buffer overflow condition when it receives blocks of data that
are larger than 4095 bytes.
This vulnerability is related to how Trillian buffers IRC data. If a
malicious IRC server was to send data in blocks larger than 4095 bytes, it
will cause the Trillian client to crash. This vulnerability is due to a
buffer overflow and it may be possible to cause Trillian to execute
malicious, attacker-supplied code. This, however, has not been confirmed.
This vulnerability has been reported for Trillian 0.74. Earlier versions
may also be affected.
4. Dino's Webserver File Disclosure Vulnerability
BugTraq ID: 5782
Remote: Yes
Date Published: Sep 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5782
Summary:
Dino's Webserver is a small web server designed for personal use,
maintained by FunSoft. It is available for Microsoft Windows based
machines.
A directory traversal bug exists in Dino's Webserver.
By appending encoded dot-dot-slash sequences (..%2f) in a request to the
web server, it is possible to access arbitrary web server readable files.
This is due to the server insufficiently validating the user supplied
input.
Successful exploitation has the potential to disclose sensitive
information which may be used in further attacks. The webserver will
typically run in the SYSTEM context. This issue is a variant of the
vulnerability described in Bugtraq ID 3861.
5. Trillian IRC Raw Messages Denial Of Service Vulnerability
BugTraq ID: 5775
Remote: Yes
Date Published: Sep 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5775
Summary:
Trillian is an instant messaging client that supports a number of
protocols (including IRC, ICQ, MSN). It is available for Microsoft Windows
systems.
A vulnerability has been reported for Trillian. Reportedly, Trillian is
prone to a denial of service condition when certain IRC raw messages are
received by the client.
This may be exploited by a malicious server.
It has been reported that the following raw messages will cause Trillian
to crash:
206, 211, 213, 214, 215, 217, 218, 243, 302, 317, 324, 332, 333, 352, 367
The IRC server sends raw messages in the format ':Server:<raw number>'.
When Trillian receives such messages, it will crash resulting in a denial
of service.
This vulnerability has been reported for Trillian 0.74. Earlier versions
may also be affected.
6. Trillian IRC PART Message Denial Of Service Vulnerability
BugTraq ID: 5776
Remote: Yes
Date Published: Sep 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5776
Summary:
Trillian is an instant messaging client that supports a number of
protocols (including IRC, ICQ, MSN). It is available for Microsoft Windows
systems.
A vulnerability has been reported for Trillian. Reportedly, Trillian is
prone to a denial of service condition when certain it receives messages
about a user leaving a non-specified channel or a channel that the user is
not currently in.
It is possible to exploit this issue via a malicious server.
An IRC server informs the client that a user has left a channel by sending
a PART message to the client. The message is in the form
':nick!ident
address PART <Channel>'. If Trillian receives such a message
without a <Channel> or a <Channel> that the user is not currently in, it
will crash.
This vulnerability has been reported for Trillian 0.74. Earlier versions
may also be affected.
7. Microsoft Internet Explorer SSL Certificate Expiration Vulnerability
BugTraq ID: 5778
Remote: Yes
Date Published: Sep 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5778
Summary:
A security weakness has been reported in the PKI implementation used by
Microsoft Internet Explorer for SSL. According to the report, the browser
does not warn the user if the root CA certificate is expired. This occurs
when the browser has a "newer" version of the CA certificate in its store.
If the CA certificate in the certificate chain is expired, the chain
should be considered "invalid" and the user should be warned. It appears
that Microsoft Internet Explorer will use a newer certificate if the
public key and issuer is the same without user knowledge. This is not
correct behaviour and should be considered a theoretical weakness in the
underlying PKI/SSL implementation.
It should be noted that this vulnerability may lie in the operating system
rather than Explorer. If this is the case, other applications may be
affected. Version 6.0SP1 was reported vulnerable. It is likely that
prior releases are as well.
8. Trillian AIM Remote Denial Of Service Attack
BugTraq ID: 5783
Remote: Yes
Date Published: Sep 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5783
Summary:
Trillian is an instant messaging client that supports a number of
protocols (including IRC, ICQ, MSN). It is available for Microsoft Windows
systems.
A vulnerability has been reported for Trillian. Reportedly, Trillian is
prone to a denial of service condition when processing malicously
constructed AIM messages.
Due to improper HTML/XML parsing, it is possible to dereference a bad
pointer in Trillian, by including '< >' or '> <' (bracket, space, bracket)
in an AOL message. This will cause the client to crash.
It should be noted that this issue has varying effects on vulnerable
clients.
9. XOOPS HTML Injection Vulnerability
BugTraq ID: 5785
Remote: Yes
Date Published: Sep 24 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5785
Summary:
XOOPS is a freely available, open source portal script software package
implemented in PHP. It is available for the Unix, Linux, and Microsoft
operating environments.
Problems with XOOPS could make it possible for an attacker to inject
arbitrary HTML in XOOPS messages.
XOOPS does not sufficiently filter potentially malicious HTML code from
posted messages. As a result, when a user chooses to view a message
posting that contains malicious HTML code, the code contained in the
message would be executed in the browser of the vulnerable user. This will
occur in the context of the site hosting the XOOPS software.
Attackers may potentially exploit this issue to manipulate web content or
to steal cookie-based authentication credentials. It may be possible to
take arbitrary actions as the victim user.
This vulnerability was reported for XOOPS 1.0-rc3. It is not known whether
other versions are affected.
10. Apache Oversized STDERR Buffer Denial Of Service Vulnerability
BugTraq ID: 5787
Remote: Yes
Date Published: Sep 24 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5787
Summary:
Apache is an freely available, open-source webserver. It runs on a number
of operating systems including Unix and Linux variants and Microsoft
Windows.
Apache is prone to a denial of service condition when an excessive amount
of data is written to stderr. This condition reportedly occurs when the
amount of data written to stderr is over the default amount allowed by the
operating system. When the condition is triggered, the webserver will
hang, resulting in a denial of service. To regain service, the webserver
process must be restarted.
This may potentially be an issue in web applications that write
user-supplied data to stderr. Additionally, locally based attackers may
exploit this issue.
This issue has been confirmed in Apache 2.0.39/2.0.40 on Linux operating
systems. Apache on other platforms may also be affected. This issue does
not appear to be present in versions prior to 2.0.x.
11. PHPNuke News Message HTML Injection Vulnerability
BugTraq ID: 5796
Remote: Yes
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5796
Summary:
PHPNuke is a freely available, open source content management system
implemented in PHP. It is available for the Unix, Linux, and Microsoft
operating environments.
Problems with PHPNuke could make it possible for an attacker to inject
arbitrary HTML in PHPNuke news posts.
PHPNuke does not sufficiently filter potentially malicious HTML code from
news posts. As a result, when a user chooses to view a news posting that
contains malicious HTML code, the code contained in the posted message
would be executed in the browser of the vulnerable user. This will occur
in the context of the site hosting the PHPNuke software. It should be
noted that administrative approval may be required before news posts are
actually displayed on the vulnerable site. If this is the case and a post
requires approval through a Web-based interface, then an administrator of
the vulnerable site may be the intended target of attacks.
Attackers may potentially exploit this issue to manipulate web content or
to steal cookie-based authentication credentials. It may be possible to
take arbitrary actions as the victim user.
This vulnerability was reported for PHPNuke 6.0. It is not known whether
other versions are affected.
12. NPDS News Message HTML Injection Vulnerability
BugTraq ID: 5797
Remote: Yes
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5797
Summary:
NPDS (Nuke Permanent Double-Side Portal System) is a freely available,
open source content management system implemented in PHP. It is available
for the Unix, Linux, and Microsoft operating environments.
Problems with NPDS could make it possible for an attacker to inject
arbitrary HTML in NPDS news posts.
NPDS does not sufficiently filter potentially malicious HTML code from
news posts. As a result, when a user chooses to view a news posting that
contains malicious HTML code, the code contained in the posted message
would be executed in the browser of the vulnerable user. This will occur
in the context of the site hosting the NPDS software. It should be noted
that administrative approval may be required before news posts are
actually displayed on the vulnerable site. If this is the case and a post
requires approval through a Web-based interface, then an administrator of
the vulnerable site may be the intended target of attacks.
Attackers may potentially exploit this issue to manipulate web content or
to steal cookie-based authentication credentials. It may be possible to
take arbitrary actions as the victim user.
This vulnerability was reported for NPDS 4.8. It is not known whether
other versions are affected.
13. DaCode News Message HTML Injection Vulnerability
BugTraq ID: 5798
Remote: Yes
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5798
Summary:
DaCode is a freely available, open source content management system
implemented in PHP. It is available for the Unix, Linux, and Microsoft
operating environments.
Problems with DaCode could make it possible for an attacker to inject
arbitrary HTML in DaCode news posts.
DaCode does not sufficiently filter potentially malicious HTML code from
news posts. As a result, when a user chooses to view a news posting that
contains malicious HTML code, the code contained in the posted message
would be executed in the browser of the vulnerable user. This will occur
in the context of the site hosting the DaCode software. It should be noted
that administrative approval may be required before news posts are
actually displayed on the vulnerable site. If this is the case and a post
requires approval through a Web-based interface, then an administrator of
the vulnerable site may be the intended target of attacks.
Attackers may potentially exploit this issue to manipulate web content or
to steal cookie-based authentication credentials. It may be possible to
take arbitrary actions as the victim user.
This vulnerability was reported for DaCode 1.2.0. It is not known whether
other versions are affected.
14. MDG Web Server 4D Insecure Credential Storage Vulnerability
BugTraq ID: 5803
Remote: No
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5803
Summary:
MDG Web Server 4D is a HTTP Server implemented on top of the 4th Dimension
relational database. It runs on Microsoft Windows and other operating
systems.
Web Server 4D is reported to store various types of credentials for
optional modules in plaintext on the local filesystem. Local attackers
who can read the file containing the credentials may then use the
credentials to gain access to other types of sensitive information or
perform unauthorized actions.
Authentication credentials for the modules are stored in the 'Ws4d.4DD'
file in the Web Server 4D directory. These credentials will allow
unauthorized access to Storefronts, the Console, and the WebServer.
Database administration credentials are also stored in plaintext.
This issue has been reported in Web Server 4D 3.6. Other versions may
also be affected.
15. Zope Incorrect XML-RPC Request Information Disclosure Vulnerability
BugTraq ID: 5806
Remote: Yes
Date Published: Sep 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5806
Summary:
Zope is an open source web application server, maintained by the Zope
Project. Zope is available for Linux, Unix, and Microsoft Windows based
systems.
A vulnerability has been reported for Zope 2.5.1 and earlier. Reportedly,
Zope does not handle XML-RPC requests properly. Specially crafted XML-RPC
requests may cause Zope to respond to a request with an error page with
system specific details.
An attacker can exploit this vulnerability by making a special XML-RPC
request to the Zope server. Zope will fail when attempting to process this
request and will divulge sensitive information to the attacker.
It has also been reported that this vulnerability exists even when
starting Zope without the '-D' option.
This could result in information disclosure, and could potentially be used
to gain intelligence in launching an attack against a system.
16. Zope Through The Web Code Remote Denial Of Service Vulnerability
BugTraq ID: 5813
Remote: Yes
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5813
Summary:
Zope is a freely available, open source content management system. It is
available for Unix, Linux, and Microsoft operating systems.
A problem with Zope could make it possible for a remote user to launch a
denial of service.
Zope systems that permit users to write "Through The Web Code" could be
vulnerable to a denial of service. Due to insufficient validation of
input, it is possible for a remote user to submit a malicious piece of
code that will result in the shutdown of the vulnerable Zope server.
It should be noted that if a system running a vulnerable version of the
software allows remote users to write Python Scripts, DTML Methods, or
Page Templates via "Through The Web Code," the system is vulnerable to
denial of service.
17. PHPNuke Modules.PHP SQL Injection Vulnerability
BugTraq ID: 5799
Remote: Yes
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5799
Summary:
PHPNuke is a web based Portal system. Implemented in PHP, it is available
for a range of systems, including Microsoft Windows and Linux.
A SQL injection vulnerability has been discovered in all versions of
PHPNuke.
Due to insufficient sanitization of variables used to construct SQL
queries in the 'modules.php' script. It is possible to modify the logic of
SQL queries through malformed query strings in requests for the vulnerable
script.
By injecting SQL code into variables, it may be possible for an attacker
to cause a denial of service or corrupt database information.
This issue was reported in PHPNuke version 6.0. Other versions may also be
affected.
18. Microsoft PPTP Server Buffer Overflow Vulnerability
BugTraq ID: 5807
Remote: Yes
Date Published: Sep 26 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5807
Summary:
A buffer overflow vulnerability has been reported for Microsoft's PPTP
(Point to Point Tunneling Protocol) implementation. The vulnerability
reportedly exists in both the PPTP server and client applications. The
PPTP service listens to traffic on TCP port 1973.
Reportedly it is possible to exploit the buffer overflow condition prior
to authentication. A remote attacker who sends a specially crafted PPTP
packet to a vulnerable system may be able to cause the application to
corrupt kernel memory.
It is also possible for an attacker to include malicious shell code and
have it execute with the privileges of the PPTP process.
This vulnerability has been reported for PPTP implementations in Microsoft
Windows 2000 and Windows XP operating systems.
19. BEA WebLogic Server and Express HTTP Response Information Disclosure
Vulner$
BugTraq ID: 5819
Remote: Yes
Date Published: Sep 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5819
Summary:
BEA Systems WebLogic Server is a web and wireless application server for
Microsoft Windows and most Unix and Linux distributions. BEA WebLogic
Express provides a platform for serving dynamic data to web and wireless
applications.
BEA WebLogic Server and Express are reported to be prone to an issue which
has the potential to disclose sensitive information to malicious parties.
The vulnerable software occasionally returns two responses for a HTTP
request. This condition has to do with how the affected software buffers
HTTP response data.
As a result, two users may receive responses from a single user's request,
which may unintentionally expose sensitive information to a malicious
party. The nature of the information disclosed is entirely dependent on
what resource was requested when the condition occurs.
It has been reported by the vendor that there is no way for an attacker to
trigger this vulnerability, and that the condition may occur randomly.
20. VBulletin Calendar.PHP Command Execution Vulnerability
BugTraq ID: 5820
Remote: Yes
Date Published: Sep 27 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5820
Summary:
vBulletin is commercial web forum software written in PHP and back-ended
by a MySQL database. It will run on most Linux and Unix variants, as well
as Microsoft operating systems.
A remote command execution vulnerability has been reported for vBulletin.
The vulnerability is due to vBulletin failing to properly sanitize
user-supplied input from URI parameters.
The vulnerability occurs in the 'calendar.php' file included with
vBulletin. Reportedly, modifying certain URI parameters may result in the
execution of attacker-supplied commands on the vulnerable system with the
privileges of the webserver process.
21. Zope ZCatalog Plug-In Remote Method Vulnerability
BugTraq ID: 5812
Remote: Yes
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5812
Summary:
Zope is a freely available, open source content management system. It is
available for Unix, Linux, and Microsoft operating systems.
It has been reported that a problem in Zope may lead to users gaining
access to intended information.
Under some circumstances, it may be possible for a remote user to take
advantage of the plug-ins functionality of ZCatalog, included with the
Zope package. Due to insecure default settings, it may be possible for
remote users to call arbitrary methods of catalog indexes anonymously.
It should also be noted that untrusted code run on the Zope system could
also allow the calling of arbitrary methods, and potentially call
malicious catalog indexes.
22. ACWeb Cross-Site Scripting Vulnerability
BugTraq ID: 5793
Remote: Yes
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5793
Summary:
acWEB is an open-source HTTP server intended for use on Microsoft Windows
operating systems.
acWEB is prone to cross-site scripting attacks. It is possible to
construct a malicious link to the web server which contains arbitrary
script code. When the link is visited, the script code will be executed
in the web client of the user visiting the link. The code will be
executed in the context of the webserver.
This issue may potentially be exploited to steal cookie-based
authentication credentials for sites hosted by the webserver. Other
attacks are also possible.
23. Drupal News Message HTML Injection Vulnerability
BugTraq ID: 5801
Remote: Yes
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5801
Summary:
Drupal is a freely available, open source content management system
implemented in PHP. It is available for the Unix, Linux, and Microsoft
operating environments.
Problems with Drupal could make it possible for an attacker to inject
arbitrary HTML in Drupal news posts.
Drupal does not sufficiently filter potentially malicious HTML code from
news posts. As a result, when a user chooses to view a news posting that
contains malicious HTML code, the code contained in the posted message
would be executed in the browser of the vulnerable user. This will occur
in the context of the site hosting the Drupal software. It should be noted
that administrative approval may be required before news posts are
actually displayed on the vulnerable site. If this is the case and a post
requires approval through a Web-based interface, then an administrator of
the vulnerable site may be the intended target of attacks.
Attackers may potentially exploit this issue to manipulate web content or
to steal cookie-based authentication credentials. It may be possible to
take arbitrary actions as the victim user.
This vulnerability was reported for Drupal 4.0.0. It is not known whether
other versions are affected.
24. PHPWebSite News Message HTML Injection Vulnerability
BugTraq ID: 5802
Remote: Yes
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5802
Summary:
phpWebSite is a freely available, open source portal content management
system implemented in PHP. It is available for the Unix, Linux, and
Microsoft operating environments.
Problems with phpWebSite could make it possible for an attacker to inject
arbitrary HTML in phpWebSite news posts.
phpWebSite does not sufficiently filter potentially malicious HTML code
from news posts. As a result, when a user chooses to view a news posting
that contains malicious HTML code, the code contained in the posted
message would be executed in the browser of the vulnerable user. This will
occur in the context of the site hosting the phpWebSite software. It
should be noted that administrative approval may be required before news
posts are actually displayed on the vulnerable site. If this is the case
and a post requires approval through a Web-based interface, then an
administrator of the vulnerable site may be the intended target of
attacks.
Attackers may potentially exploit this issue to manipulate web content or
to steal cookie-based authentication credentials. It may be possible to
take arbitrary actions as the victim user.
This vulnerability was reported for phpWebSite 0.8.3. It is not known
whether other versions are affected.
25. Microsoft FrontPage Server Extensions SmartHTML Buffer Overflow
Vulnerabili$
BugTraq ID: 5804
Remote: Yes
Date Published: Sep 25 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5804
Summary:
Microsoft FrontPage Server Extensions is a feature included by default
with Internet Information Server 4.0, 5.0 and 5.1. A vulnerability has
been reported in the SmartHTML (shtml.dll) interpreter component of
FrontPage Server Extensions.
According to Microsoft, the issue is related to handling of certain
requests for a specific type of file. In FrontPage Server Extensions
2000, the vulnerability is only exploitable as a denial of service. It is
possible to cause consumption of CPU due to an infinite loop condition.
This may adversely affect the server ability to perform other functions.
On vulnerable FrontPage Server Extensions 2002 installations, remote
attackers may exploit this vulnerability to execute arbitrary code on
target hosts. This is due to it being a buffer overflow condition.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Why does W2k allow blank passwords even with GPO configured? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/293087
2. win xp sp1 changes ICF settings/rules and/or default behavior for
snmp pa$
Relevant URL:
http://online.securityfocus.com/archive/88/293061
3. I'm falling my hairs with this domain gpo problem (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/293006
4. SecurityFocus Microsoft Newsletter #105 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/292884
5. FW: Hosting multiple sites/ASP.NET security (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/292892
6. FW: I'm falling my hairs with this domain gpo problem (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/292890
IV. MICROSOFT PRODUCTS
----------------------
1. Advanced Checker
by Trusted Systems Services
Platforms: Windows NT
Relevant URL:
http://www.trustedsystems.com/advanced_checker.htm
Advanced Checker a scripting language that lets you easily program scripts
to check, set, and enforce your network-wide Windows NT security and
intrusion detection policies. It gives you unprecedented power and
flexibility in a comprehensive, easy-to-use package. Advanced Checker will
fundamentally change the way you audit, monitor, install, and manage the
security of your Windows NT networks, especially if you are an advanced
administrator of a diverse, enterprise network.
2. Event Analyst
by Dorian Software Creations, Inc.
Platforms: Windows 2000, Windows NT
Relevant URL:
http://www.eventanalyst.com/
Using Event Analyst's special event log "windowing" technology,
administrators can examine different cross sections of event log records
from multiple different sources all at the same time. Event Analyst's
highly intuitive interface allows the administrator to seek quickly
through the logs, jumping to specific dates or rapidly scrolling through
the logs chronologically.
3. Iris Network Traffic Analyzer
by eEye
Platforms: Windows 2000, Windows 95/98, Windows NT
Relevant URL:
http://www.eeye.com/html/Products/Iris/index.html
Iris is a next-generation network protocol analyzer or "sniffer" that
allows the network administrator to capture and retrace the steps of any
network user with never before seen ease. By monitoring both incoming and
outgoing network traffic, Iris functions as a complete systems management
watchdog. This latest release of Iris has many new features including new
network graphing capabilities.
V. MICROSOFT TOOLS
-------------------
1. Logrep v1.12
by Tevfik Karagulle
Relevant URL:
http://logrep.sourceforge.net/
Platforms: Linux, POSIX, Windows 2000, Windows NT
Summary:
Logrep is a framework for extraction and presentation of information from
various logfiles. Currently Snort, Squid, Postfix, Apache, Trend Micro
VirusWall, and Microsoft IIS are supported. HTML reports, 2D analysis,
overview page, secure communication, and bar charts are available.
2. 2. RelayTCP
by DLC Sistemas
Relevant URL:
http://www.dlcsistemas.com/html/relay_tcp.html
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
RelayTCP allows to redirect TCP/IP connections from a local port to a
remote IP and port. Relay TCP has the capacity to record all the
connections made and the data transferred. It's useful for transferred
data debuggin purposes
3. Windump v3.52
by NT Objectives Inc, infontobjectives.com
Relevant URL:
http://www.ntobjectives.com/
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
Windump 2.03 is a dynamically loadable version of the excellent Windump
2.02 port. This modified app consist of only 2 parts, the .exe and the
.sys.
VI. SPONSORSHIP INFORMATION
---------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT! - Cross-site scripting vulnerabilities in web applications allow
hackers to compromise confidential information, manipulate or steal
cookies, and create requests that can be mistaken for those of a valid
user!! All via port 80 and 443! Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
Please visit us at: http://www.spidynamics.com/mktg/xss1/
-------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]