OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
SecurityFocus Microsoft Newsletter #201

From: Marc Fossi (mfossisecurityfocus.com)
Date: Wed Aug 11 2004 - 09:13:13 CDT

SecurityFocus Microsoft Newsletter #201
----------------------------------------

This issue sponsored by: Qualys

ELIMINATE SASSER & OTHER THREATS - Free Network Security Audit
Stop waiting for anti-virus solutions to catch up with the latest worms.
Run a free security check today to detect and eliminate security risks in
your network BEFORE they can be compromised.

http://www.securityfocus.com/sponsor/Qualys_ms-secnews_040810

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Deploying Network Access Quarantine Control (part 1 of 2)
     2. Data Driven Attacks Using HTTP Tunneling
II. MICROSOFT VULNERABILITY SUMMARY
     1. Mozilla and Netscape SOAPParameter Integer Overflow Vulnerab...
     2. Horde IMP HTML+TIME HTML Injection Vulnerability
     3. StackDefender ObjectAttributes Invalid Pointer Dereference D...
     4. PuTTY Modpow Integer Handling Memory Corruption Vulnerabilit...
     5. StackDefender BaseAddress Invalid Pointer Dereference Denial...
     6. PHP-Nuke Delete God Admin Access Control Bypass Vulnerabilit...
     7. Acme thttpd Directory Traversal Vulnerability
     8. Gaim Multiple Unspecified MSN Protocol Buffer Overflow Vulne...
     9. Neon WebDAV Client Library Unspecified Vulnerability
     10. PSCP Modpow Base Integer Handling Buffer Overrun Vulnerabili...
     11. Opera Remote Location Object Cross-Domain Scripting Vulnerab...
     12. Mozilla Browser Input Type HTML Tag Unauthorized Access Vuln...
     13. Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling R...
     14. Mozilla Browser Non-FQDN SSL Certificate Spoofing Vulnerabil...
     15. Microsoft Internet Explorer mms Protocol Handler Executable ...
     16. Mozilla SSL Redirect Spoofing Vulnerability
     17. phpBB Login.PHP Cross-Site Scripting Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
     1. most avtive attack type (Thread)
     2. SecurityFocus Microsoft Newsletter #200 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
     1. WiSSH
     2. Firewall RuleMaker
     3. CAT Cellular Authentication Token and eAuthentication Servic...
     4. KeyCaptor Keylogger
     5. SpyBuster
     6. FreezeX
V. NEW TOOLS FOR MICROSOFT PLATFORMS
     1. MonitorMagic - Server & Network Monitor 6.0
     2. CipherPack Pro 3.2
     3. Savungan - Stateful Inspection Firewall for Windows with FUL... 2.0
     4. SSlDigger 1.0
     5. DiskLogon 1.0.17.112
     6. UndeleteSMS 1.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Deploying Network Access Quarantine Control (part 1 of 2)
By Jonathan Hassell

This article discusses Network Access Quarantine Control with Windows
Server 2003, which allows administrators to quarantine mobile users before
giving them full network access, by first ensuring these machines are
up-to-date according to a baseline security model.

http://www.securityfocus.com/infocus/1794

2. Data Driven Attacks Using HTTP Tunneling
By Ido Dubrawsky

In this article we will look at a means to bypass the access control
restrictions of a company's router or firewall. This information is
intended to provide help for those who are legitimately testing the
security of a network (whether they are in-house expertise or outside
consultants).

http://www.securityfocus.com/infocus/1793

II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Mozilla and Netscape SOAPParameter Integer Overflow Vulnerab...
BugTraq ID: 10843
Remote: Yes
Date Published: Aug 02 2004
Relevant URL: http://www.securityfocus.com/bid/10843
Summary:
It is reported that Mozilla and Netscape contain an integer overflow vulnerability in the SOAPParameter object constructor. This overflow may result in the corruption of critical heap memory structures, leading to possible remote code execution.

An attacker can exploit this issue by crafting a malicious web page and having unsuspecting users view the page in a vulnerable version of Mozilla or Netscape.

Netscape 7.0, 7.1, and versions of Mozilla prior to 1.7.1 are known to be vulnerable to this issue. Users of affected versions of Netscape are urged to switch to Mozilla 1.7.1 or later, as new versions of Netscape are not likely to appear.

2. Horde IMP HTML+TIME HTML Injection Vulnerability
BugTraq ID: 10845
Remote: Yes
Date Published: Aug 03 2004
Relevant URL: http://www.securityfocus.com/bid/10845
Summary:
Reportedly Horde IMP is affected by an HTML injection vulnerability due to insufficient sanitization of HTML+TIME script.

An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.

3. StackDefender ObjectAttributes Invalid Pointer Dereference D...
BugTraq ID: 10849
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10849
Summary:
StackDefender is prone to a vulnerability that may permit attackers to crash the computer. This issue may be triggered if the program attempts to dereference an invalid pointer.

To exploit this issue, the attacker must be able to cause memory corruption on the host computer, such as through exploitation of buffer overflow in another application. This will force the software to attempt to block attempts to exploit the memory corruption vulnerability and in turn expose this vulnerability.

This issue is known to affect StackDefender 1.10.

4. PuTTY Modpow Integer Handling Memory Corruption Vulnerabilit...
BugTraq ID: 10850
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10850
Summary:
Reportedly PuTTY is affected by a remote, pre-authentication code execution vulnerability.

An attacker might leverage this issue to execute arbitrary code on an affected system. As this issue is exploitable before any authorization and before the host key is verified, any remote attacker can exploit this to gain unauthorized access to a vulnerable computer with the privileges of the user that started the affected application.

5. StackDefender BaseAddress Invalid Pointer Dereference Denial...
BugTraq ID: 10851
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10851
Summary:
StackDefender is prone to a vulnerability that may permit attackers to crash the computer. This issue may be triggered if the program attempts to dereference an invalid pointer.

To exploit this issue, the attacker must be able to cause memory corruption on the host computer, such as through exploitation of buffer overflow in another application. This will force the software to attempt to block attempts to exploit the memory corruption vulnerability and in turn expose this vulnerability.

This issue is known to affect StackDefender 2.0.

6. PHP-Nuke Delete God Admin Access Control Bypass Vulnerabilit...
BugTraq ID: 10861
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10861
Summary:
PHP-Nuke is reported prone to an access control bypass vulnerability.

Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke "God Admin" account. This may be accomplished by making a specially crafted request for the "admin.php" script.

7. Acme thttpd Directory Traversal Vulnerability
BugTraq ID: 10862
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10862
Summary:
It is reported that thttpd is susceptible to a directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. This issue only exists in the Windows port of the application, as it does not correctly take into consideration the environmental attributes of file system access in applications.

This issue may allow an attacker to retrieve arbitrary, potentially sensitive files, from the affected host computer, as the user that the thttpd process is running as.

Version 2.07 beta 0.4 of thttpd, running on a Microsoft Windows platform is reported vulnerable to this issue.

8. Gaim Multiple Unspecified MSN Protocol Buffer Overflow Vulne...
BugTraq ID: 10865
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10865
Summary:
It is reported that there are multiple unspecified buffer overflow vulnerabilities in the MSN protocol module in Gaim.

Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.

9. Neon WebDAV Client Library Unspecified Vulnerability
BugTraq ID: 10869
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10869
Summary:
It is reported that Neon contains an unspecified vulnerability. The cause of this vulnerability is currently unknown.

Due to the nature of the library, it is likely that this is a remotely exploitable issue.

It is currently unknown what the affects and impacts of this issue is. This BID will be updated immediately when more information becomes available.

10. PSCP Modpow Base Integer Handling Buffer Overrun Vulnerabili...
BugTraq ID: 10870
Remote: Yes
Date Published: Aug 04 2004
Relevant URL: http://www.securityfocus.com/bid/10870
Summary:
PSCP is reported prone to a buffer overrun vulnerability.

An attacker might leverage this issue to execute arbitrary code on an affected system. As this issue is exploitable before any authorization and before the host key is verified, any remote attacker can exploit this to gain unauthorized access to a vulnerable computer with the privileges of the user that started the affected application.

11. Opera Remote Location Object Cross-Domain Scripting Vulnerab...
BugTraq ID: 10873
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10873
Summary:
Opera is affected by a remote location object cross-domain scripting vulnerability. This issue is due to a failure to properly validate methods that a user can access.

An attacker might leverage this issue to steal cookie based authentication credentials, conduct phishing attacks along with other attacks. Furthermore, provided there is an HTML script invoking 'location' methods local to a victim's computer (such as c:/winnt/help/ciadmin.htm in most Microsoft Windows implementations) an attacker can exploit this issue to gain read access to directory contents, files and email read using Opera's email utilities.

Although this issue is reported to affect versions 1.52 and 1.53 of the affected software, it is likely that earlier versions are also affected.

12. Mozilla Browser Input Type HTML Tag Unauthorized Access Vuln...
BugTraq ID: 10874
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10874
Summary:
Mozilla browser is reportedly affected by an input type HTML tag unauthorized access vulnerability. This issue is due to an access validation error that allows access to arbitrary files on an unsuspecting user's system.

This issue will allow an attacker to obtain arbitrary files residing on the computer of an unsuspecting user that activates a malicious script.

13. Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling R...
BugTraq ID: 10875
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10875
Summary:
Mozilla and Mozilla Thunderbird are reported prone to a remote heap overflow vulnerability. The issue is reported to exist due to a lack of sufficient boundary checks performed on POP3 data handled by SendUidl().

An attacker controlled POP3 mail server may exploit this condition by sending a specifically crafted email message to the affected mail client. This will result in the corruption of heap-based memory.

14. Mozilla Browser Non-FQDN SSL Certificate Spoofing Vulnerabil...
BugTraq ID: 10876
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10876
Summary:
Mozilla browser is reportedly vulnerable to an SSL certificate spoofing vulnerability in the 'cert_TestHostName()' function. This issue is due to a design error that fails to properly validate certified host names.

This issue would allow an attacker to spoof a trusted certificate from a third party site, facilitating phishing style attacks by luring an unsuspecting user to enter information on what is apparently a trusted site.

15. Microsoft Internet Explorer mms Protocol Handler Executable ...
BugTraq ID: 10879
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10879
Summary:
A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler. Windows Media Player is the application normally associated with this URI protocol handler.

This vulnerability would permit an attacker to influence the invocation arguments for the executable and could result in loss of compromise of various security properties. This may be exploited from a malicious Web page or possibly through HTML email.

It is not known if this issue is specific to the mms: URI protocol handler or if other URI protocol handlers on the system may be similarly affected. This vulnerability could be a general issue in Internet Explorer with many possible attack vectors, although there is not enough information available at this time to make this determination.

16. Mozilla SSL Redirect Spoofing Vulnerability
BugTraq ID: 10880
Remote: Yes
Date Published: Aug 05 2004
Relevant URL: http://www.securityfocus.com/bid/10880
Summary:
It is reported that Mozilla, and products derived from Mozilla are susceptible to an SSL redirect spoofing vulnerability.

By exploiting this vulnerability, an attacker can ensure that the victims browser contains the SSL lock icon, and will display the SSL certificate information of a legitimate site when the lock is clicked on.

This vulnerability may aid in Phishing style attacks.

Mozilla prior to 1.7, Mozilla Firebird 0.7, Mozilla Firefox prior to 0.9, and Mozilla Thunderbird prior to 0.7 are all reported vulnerable.

17. phpBB Login.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 10883
Remote: Yes
Date Published: Aug 06 2004
Relevant URL: http://www.securityfocus.com/bid/10883
Summary:
phpBB is affected by a cross-site scripting vulnerability in the 'login.php' script. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

This can be exploited by constructing links that pass malicious strings through the affected URI parameter. If an unsuspecting user visits such a link, the malicious, externally created content supplied in the link will be rendered (or executed, in the case of script code) as part of the 'login.php' document and within the context of the vulnerable website (including the phpBB forum).

Attackers may exploit this vulnerability to obtain the authentication credentials of other forum users. If the domain hosts other applications, their credentials and/or other sensitive information (session IDs, etc) may be exposed.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. most avtive attack type (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/371283

2. SecurityFocus Microsoft Newsletter #200 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/370780

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. WiSSH
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.wissh.com
Summary:

WiSSH (Windows over SSH) utilizes SSH tunneling technology to secure Microsoft's RDP protocol. Allows access to multiple hosts behind your network perimeter with only a single host's SSH port open to the Internet

2. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:

Firewall RuleMaker is a Windows-based firewall configuration version control software product for managers of Cisco PIX and Netscreen firewalls.

3. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:

Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.

We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.

4. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:

KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!

With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!

5. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:

Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.

SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.

6. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:

FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install

V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. MonitorMagic - Server & Network Monitor 6.0
By: Tools4ever
Relevant URL: http://www.tools4ever.com/products/monitormagic/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:

MonitorMagic is a proactive server and network monitoring and reporting tool for Windows 2003/XP/2000/NT servers, workstations and SNMP devices and supports agentless monitoring. MonitorMagic supports Windows and UNIX based resources such as memory, disk and CPU load and optionally records the values into a database to enable graphical trending and reporting. MonitorMagic ships with predefined policies for popular hardware and applications.

2. CipherPack Pro 3.2
By: VIO Systems Limited
Relevant URL: http://www.cipherpack.com
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

Encrypts and compresses files and data into a single Windows executable. The user just runs it and when the correct key is supplied, the file decrypts. Without the correct key, the original file contents can never be seen.

3. Savungan - Stateful Inspection Firewall for Windows with FUL... 2.0
By: Egemen Tas
Relevant URL: http://www.ModemWall.com/savungan.htm
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

Savungan is a stateful inspection firewall designed for Microsoft Windows platforms available with FULL SOURCE CODE. It is an advanced filtering agent for TCP/IP based networks, having very flexible rule language to make packet inspection more powerful and effective. Security administrators have had some difficulties to build and maintain a suitable filtering infrastructure after deploying a firewall.

4. SSlDigger 1.0
By: Rudolph Araujo
Relevant URL: http://www.foundstone.com/s3i
Platforms: Windows XP
Summary:

SSL Digger looks at the SSL Ciphers that a web server supports. It produces a report and grades the site.

5. DiskLogon 1.0.17.112
By: DiskLogon Development Team
Relevant URL: http://www.disklogon.com/DiskLogon.exe
Platforms: Windows 2000, Windows XP
Summary:

DiskLogon, like a Smart Card logon, is a software that enables you to log on to your computer with a removable disk.
DiskLogon saves you the trouble of entering your user name and password every time you log on. All you have to do is to plug in your removable disk, and you can log on to your computer quickly and safely. When you plug out your removable disk, your computer will automatically lock up you're your safety.

6. UndeleteSMS 1.0
By: Arne Vidstrom
Relevant URL: http://vidstrom.net/downloads/undeletesms.exe
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

UndeleteSMS can recover deleted SMS messages from a GSM SIM card.

VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribesecurityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadminsecurityfocus.com and ask to be manually removed.

VII. SPONSOR INFORMATION
-----------------------

This issue sponsored by: Qualys

ELIMINATE SASSER & OTHER THREATS - Free Network Security Audit
Stop waiting for anti-virus solutions to catch up with the latest worms.
Run a free security check today to detect and eliminate security risks in
your network BEFORE they can be compromised.

http://www.securityfocus.com/sponsor/Qualys_ms-secnews_040810

------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------