|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SecurityFocus Microsoft Newsletter #187
From: Marc Fossi (mfossi
securityfocus.com)
Date: Mon May 03 2004 - 15:39:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SecurityFocus Microsoft Newsletter #187
----------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. WiFi High Crimes
2. Stop Being a Victim
II. MICROSOFT VULNERABILITY SUMMARY
1. Yahoo! Messenger YInsthelper.DLL Multiple Buffer Overflow Vu...
2. McAfee ePolicy Orchestrator Undisclosed Command Execution Vu...
3. Microsoft Windows Long Share Name Buffer Overrun Vulnerabili...
4. OpenBB Multiple Input Validation Vulnerabilities
5. OpenBB Private Message Disclosure Vulnerability
6. OpenBB Arbitrary Avatar File Upload Vulnerability
7. PHPWebSite phpwsBB and phpwsContacts Modules Information Dis...
8. HP Web Jetadmin Multiple Vulnerabilities
9. Citrix MetaFrame XP Client Drive Access Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. IE questions (Thread)
2. w2k logon from one computer only (Thread)
3. admiRE: w2k logon from one computer only (Thread)
4. XP SP2's "Security Center" (Thread)
5. Article Announcement: Stop Being a Victim (Thread)
6. Article Announcement: Common Security Vulnerabilitie... (Thread)
7. SecurityFocus Microsoft Newsletter #186 (Thread)
8. EventID 256 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. SP I-NET
2. East-Tec Eraser 2004
3. Steganos Security Suite 6
4. Symantec?s Norton Internet Security 2004 Professional
5. secure2trust
6. N-Stealth Security Scanner
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Socks via HTTP v1.0.1
2. OSIRIS v4.0.0
3. Chwinpw v1.0
4. N-Stealth HTTP Security Scanner v5.2
5. CryptoHeaven v2.3.3
6. Telconi Terminal for Cisco IOS v0.6a
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. WiFi High Crimes
By Mark Rasch
Before WiFi can entirely fulfill its promise, we'll have to confront an
oppressive latticework of outdated criminal laws.
http://www.securityfocus.com/columnists/237
2. Stop Being a Victim
By Tim Mullen
An influential newspaper columnist blames "contemptuous techies" for
allowing users to fall prey to viruses and spyware. But don't some users
deserve a little contempt?
http://www.securityfocus.com/columnists/236
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Yahoo! Messenger YInsthelper.DLL Multiple Buffer Overflow Vu...
BugTraq ID: 10199
Remote: Yes
Date Published: Apr 23 2004
Relevant URL: http://www.securityfocus.com/bid/10199
Summary:
Yahoo! Messenger COM objects YInstHelper.YInstStarter.1 and YInstHelper.YSearchSetting2 have been reported prone to remotely exploitable buffer overflow vulnerabilities.
The conditions are triggered when properties are assigned values (strings) of excessive length. By crafting a HTML page that invokes this COM object, and passing data to one of the affected properties, an attacker may overwrite values that are crucial to controlling program execution flow.
Immediate consequences of exploit attempts may result in the web browser instance, and all windows spawned from it, crashing when the malicious site is viewed. It is likely possible for attackers to execute instructions on affected client systems.
2. McAfee ePolicy Orchestrator Undisclosed Command Execution Vu...
BugTraq ID: 10200
Remote: Yes
Date Published: Apr 23 2004
Relevant URL: http://www.securityfocus.com/bid/10200
Summary:
McAfee ePolicy Orchestrator has been reported prone to an undisclosed command execution vulnerability.
An attacker may exploit this issue to execute commands in the context of the affected software.
Few details regarding this issue are currently available. This BID will be updated as further details are announced.
3. Microsoft Windows Long Share Name Buffer Overrun Vulnerabili...
BugTraq ID: 10213
Remote: Yes
Date Published: Apr 25 2004
Relevant URL: http://www.securityfocus.com/bid/10213
Summary:
Microsoft Windows operating systems have been reported to be prone to a remotely exploitable buffer overrun condition.
This issue is exposed when a client attempts to connect to an SMB share with an overly long name. This may cause explorer.exe or Internet Explorer to crash but could also potentially be leveraged to execute arbitrary code as the client user.
Microsoft Windows Server 2003 is reportedly not affected by this issue.
4. OpenBB Multiple Input Validation Vulnerabilities
BugTraq ID: 10214
Remote: Yes
Date Published: Apr 26 2004
Relevant URL: http://www.securityfocus.com/bid/10214
Summary:
It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.
The SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
The cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
5. OpenBB Private Message Disclosure Vulnerability
BugTraq ID: 10217
Remote: Yes
Date Published: Apr 26 2004
Relevant URL: http://www.securityfocus.com/bid/10217
Summary:
It has been reported that OpenBB is affected by a private message disclosure vulnerability. This issue is due to a design error that fails to validate user credentials.
This issue might allow an attacker to read arbitrary private messages posted to the bulletin board; limiting confidentiality.
6. OpenBB Arbitrary Avatar File Upload Vulnerability
BugTraq ID: 10218
Remote: Yes
Date Published: Apr 26 2004
Relevant URL: http://www.securityfocus.com/bid/10218
Summary:
Reportedly OpenBB is affected by an arbitrary avatar file upload vulnerability. This issue is due to a failure of the application to restrict the file types that are uploaded.
This issue may allow a malicious user displaying their avatar file with their posts to have arbitrary, client-side script executed in an unsuspecting user's browser within the context if the affected website; facilitating HTML injection. This this may lead to cookie based authentication credential theft as well as other attacks.
7. PHPWebSite phpwsBB and phpwsContacts Modules Information Dis...
BugTraq ID: 10220
Remote: Yes
Date Published: Apr 26 2004
Relevant URL: http://www.securityfocus.com/bid/10220
Summary:
It has been reported that phpwsBB and phpwsContacts modules for phpWebSite are prone to a vulnerability that could allow an attacker to gather sensitive information.
Due to a lack of details, further information cannot be provided at the moment. This BID will be updated as more information becomes available.
phpwsBB version 0.9.1 and phpwsContacts version 0.8.2 and prior versions are reported to be affected by this issue.
8. HP Web Jetadmin Multiple Vulnerabilities
BugTraq ID: 10224
Remote: Yes
Date Published: Apr 27 2004
Relevant URL: http://www.securityfocus.com/bid/10224
Summary:
Multiple vulnerabilities have been identified in the application that may allow remote attackers to disclose sensitive information, carry out denial of service attacks, and gain unauthorized access to a vulnerable server.
These issues are reported to affect HP Web JetAdmin 6.5 and prior, however, version 7.0 may be affected by most of these issues as well.
9. Citrix MetaFrame XP Client Drive Access Vulnerability
BugTraq ID: 10234
Remote: Yes
Date Published: Apr 29 2004
Relevant URL: http://www.securityfocus.com/bid/10234
Summary:
Citrix MetaFrame XP has been reported prone to an access validation vulnerability. It is reported that an Administrator may access the drives of a connected client using the clients ICA connection.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. IE questions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/361920
2. w2k logon from one computer only (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/361782
3. admiRE: w2k logon from one computer only (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/361778
4. XP SP2's "Security Center" (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/361735
5. Article Announcement: Stop Being a Victim (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/361683
6. Article Announcement: Common Security Vulnerabilitie... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/361517
7. SecurityFocus Microsoft Newsletter #186 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/361516
8. EventID 256 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/361477
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. SP I-NET
By: Unisys
Platforms: Windows 95/98, Windows NT
Relevant URL: http://www.unisys.com/sp-security
Summary:
Designed for business-to-business communications requiring trusted relationships, SP I-NET ensures confidentiality of data, authenticates the identity of the involved parties, and ensures the privacy of their communication.
2. East-Tec Eraser 2004
By: EAST Technologies
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.east-tec.com/eraser/index.htm
Summary:
East-Tec Eraser ("Eraser" in short) is an advanced security application for Windows 95/98/Me/NT/2000/XP designed to help you completely eliminate sensitive data from your computer and protect your computer and Internet privacy.
Eraser introduces a new meaning for the verb TO ERASE. Erasing a file now means wiping its contents beyond recovery, scrambling its name and dates and finally removing it from disk. When you want to get rid of sensitive files or folders beyond recovery, add them to the Eraser list of doomed files and ask Eraser to do the job. Eraser offers tight integration with the Windows shell, so you can drag files and folders from Explorer and drop them in Eraser, or you can erase them directly from Explorer by selecting Erase beyond recovery from the context menu.
3. Steganos Security Suite 6
By: Steganos
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.steganos.com/?product=SSS6&language=en
Summary:
With Steganos Data Safe, Internet Trace Destructor 6.5, Password Manager, steganography function, E-Mail-Encryption, Deep Cleaning Shredder and much more, The Steganos Security Suite has been one of the best-selling encryption products for years and is used by 2 million people worldwide. Only the most modern encryption algorithms, such as the Advanced Encryption Standard (AES) are used. You can now save up to 128 GB* to its four virtual drives in real time - enough space for your film archive, large graphics files and other sensitive data.
4. Symantec?s Norton Internet Security 2004 Professional
By: Symantec
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.symantec.com/smallbiz/nis_pr/
Summary:
Symantec?s Norton Internet Security 2004 Professional protects you and your business from online threats. It eliminates viruses automatically, blocks hackers, safeguards your personal information, fights spam, increases online productivity, recovers lost or damaged files, and thoroughly deletes confidential data you no longer need. Available in 5 and 10-user Small Office Packs.
5. secure2trust
By: Avoco Secure
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.avocosecure.com/html_pages/products_service.html
Summary:
secure2trust gives you the power to create documents that remain under your corporate control throughout their entire existence. Even if you allow another party to have a copy of your original document you can be sure that the copy will always have your original controls as part of its properties. The digital rights options which will control printing, copying, viewing, etc give you persistent and secure digital asset protection and intellectual property control. Digital rights mechanisms are the only way to ensure document integrity in a persistent way for both inter and intra company communications.
6. N-Stealth Security Scanner
By: N-Stalker
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.nstalker.com/products/nstealth/
Summary:
N-Stealth is a vulnerability-assessment product that scans web servers to identify security problems and weaknesses that might allow an attacker to gain privileged access. The software comes with an extensive database of over 30,000 vulnerabilities and exploits. N-Stealth® is more actively maintained than the network security scanners and consequently has a larger database of vulnerabilities.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Socks via HTTP v1.0.1
By: Florent Cueto
Relevant URL: http://cqs.dyndns.org/socks/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Socks via HTTP is a program to tunnel socks via HTTP. It is entirely written in Java.
2. OSIRIS v4.0.0
By: The Shmoo Group
Relevant URL: http://osiris.shmoo.com
Platforms: BSDI, FreeBSD, Linux, MacOS, OpenBSD, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Osiris is a host integrity management system that can be used to monitor
changes to a network of hosts over time and report those changes back to
the administrator(s). Currently, this includes monitoring any changes to
the filesystems. Osiris takes periodic snapshots of the filesystem and
stores them in a database. These databases, as well as the
configurations and logs, are all stored on a central management host.
When changes are detected, Osiris will log these events to the system
log and optionally send email to an administrator. In addition to files,
Osiris has preliminary support for the monitoring of other system
information including user lists, file system details, kernel modules,
and network interface configurations (not included with in this beta
release).
3. Chwinpw v1.0
By: <tevfikitefix.no>
Relevant URL: http://www.itefix.no/chwinpw/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Chwinpw is a small command line utility that can securely change passwords on remote windows machines. It can help to enforce a higher degree of security, by periodic password maintenance of vital accounts. Chwinpw can be run from a logon script or from a central location. It is also possible to instruct chwinpw to make bulk changes.
4. N-Stealth HTTP Security Scanner v5.2
By: qw erty <qwerty.net >
Relevant URL: http://www.nstalker.com/products/nstealth/download.php
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
N-Stealth is a comprehensive web server security-auditing tool that scans for over 30,000 vulnerabilities. It is ideal for system administrators, security consultant and IT professionals.
5. CryptoHeaven v2.3.3
By: Marcin Kurzawa <marcincryptoheaven.com>
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.
6. Telconi Terminal for Cisco IOS v0.6a
By: Stywiz
Relevant URL: http://www.telconi.com/
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Telconi Terminal is an unique network management application with interactive full-screen configuration editing, browsing, help facility support, debugging, and more. It focuses on common Cisco IOS functionality present with any hardware or software configuration, and complements the command line interface with a rich set of features. It is intended for users with knowledge of Cisco IOS, and is designed to work with any IOS-based device, such as routers and switches.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribesecurityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadminsecurityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]