SecurityFocus Microsoft Newsletter #271
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Tracked by cellphone
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Information Server 5.1 DLL Request Denial of
Service Vulnerability
2. Microsoft Excel Unspecified Memory Corruption Vulnerabilities
3. Acuity CMS ASP Search Module Cross-Site Scripting Vulnerability
4. Allinta CMS Multiple Cross-Site Scripting Vulnerabilities
5. Symantec Antivirus Library RAR Decompression Heap Overflow
Vulnerabilities
6. Pegasus Mail Multiple Remote Code Execution Vulnerabilities
7. Extensis Portfolio Netpublish Server Server.NP Directory Traversal
Vulnerability
8. Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
9. Blender BlenLoader File Processing Integer Overflow Vulnerability
10. McAfee VirusScan Security Center ActiveX Control Arbitrary File Overwrite
Vulnerability
11. RARLAB WinRAR File Name Potential Buffer Overflow Vulnerability
12. Interaction SIP Proxy Remote Heap Corruption Denial Of Service
Vulnerability
13. MediaWiki Inline Style Attribute Security Check Bypass Vulnerability
14. McAfee VirusScan Path Specification Local Privilege Escalation
Vulnerability
15. Nexus Concepts Dev Hound Multiple Vulnerabilities
16. Sun Solaris PC NetLink Insecure Permissions Vulnerability
17. Golden FTP Server APPE Command Buffer Overflow Vulnerability
18. Bugzilla Syncshadowdb Insecure Temporary File Creation Vulnerability
19. Dev Web Management System Multiple Input Validation Vulnerabilities
20. BZFlag Unterminated Callsign Denial Of Service Vulnerability
21. Microsoft Internet Explorer HTML Parsing Denial of Service
Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #270
2. prevent DHCP server giving out leases to non-domain machines?
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Tracked by cellphone
By Mark Rasch
We know that technology can be used to track people's location via a cellphone,
but how difficult is it for law enforcement to get a court order and do this
legally?
http://www.securityfocus.com/columnists/376
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Information Server 5.1 DLL Request Denial of Service
Vulnerability
BugTraq ID: 15921
Remote: Yes
Date Published: 2005-12-17
Relevant URL: http://www.securityfocus.com/bid/15921
Summary:
It has been reported that a remotely exploitable denial of service
vulnerability exists in Microsoft Internet Information Server 5.1. According
to the author, versions 5.0 and 6.0 are not affected.
2. Microsoft Excel Unspecified Memory Corruption Vulnerabilities
BugTraq ID: 15926
Remote: Yes
Date Published: 2005-12-19
Relevant URL: http://www.securityfocus.com/bid/15926
Summary:
Microsoft Excel is susceptible to two unspecified memory corruption
vulnerabilities. The issues present themselves when Microsoft Excel attempts to
process malformed or corrupted XLS files.
Attackers may exploit these issues to crash the affected application. The
possibility to execute arbitrary machine code through these issues has not
currently been ruled out.
This BID will be updated, and potentially split into separate records as
further information is disclosed.
3. Acuity CMS ASP Search Module Cross-Site Scripting Vulnerability
BugTraq ID: 15934
Remote: Yes
Date Published: 2005-12-19
Relevant URL: http://www.securityfocus.com/bid/15934
Summary:
Acuity CMS ASP is prone to a cross-site scripting vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.
Acuity CMS ASP 2.6.2 is affected by this issue. Other versions may also be
vulnerable.
4. Allinta CMS Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15935
Remote: Yes
Date Published: 2005-12-19
Relevant URL: http://www.securityfocus.com/bid/15935
Summary:
Allinta CMS is prone to a cross-site scripting vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. This
may facilitate the theft of cookie-based authentication credentials as well as
other attacks.
Allinta versions 2.3.2 and earlier are reportedly affected by this
vulnerability.
5. Symantec Antivirus Library RAR Decompression Heap Overflow Vulnerabilities
BugTraq ID: 15971
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15971
Summary:
The Symantec antivirus library is prone to multiple heap-based buffer overflow
vulnerabilities.
This vulnerability could be exploited to compromise computers running
applications that utilize the affected library. The issue exists in the RAR
archive decompression routines. The issue may affect all platforms running
applications that include the library, including Microsoft Windows and Mac OS X
releases of the applications.
Symantec is currently investigating this issue. It is noted that the issue
could affect third-party applications that include the library.
6. Pegasus Mail Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 15973
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15973
Summary:
Pegasus Mail is prone to multiple remote code execution vulnerabilities.
The following specific vulnerabilities were identified:
A buffer overflow vulnerability arises when the application handles a malformed
POP3 reply from a server.
An off-by-one buffer overflow vulnerability arises when the application handles
a malicious email message.
Pegasus Mail 4.21c and 4.30PB1 are reportedly vulnerable. Other versions may
be affected as well.
7. Extensis Portfolio Netpublish Server Server.NP Directory Traversal
Vulnerability
BugTraq ID: 15974
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15974
Summary:
Portfolio Netpublish Server is prone to a directory traversal vulnerability.
This issue is due to a failure in the application to properly sanitize
user-supplied input.
An attacker can exploit this issue to retrieve arbitrary files in the context
of the affected application. Information obtained may aid in further attacks
against the underlying system; other attacks are also possible.
Netpublish Server 7 is vulnerable; other versions may also be affected.
8. Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
BugTraq ID: 15980
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15980
Summary:
WorldMail IMAPd service is prone to a remote buffer overflow vulnerability.
This issue is due to a failure in the application to do proper bounds checking
on user-supplied data before using it in finite sized buffers.
An attacker can exploit this issue to crash the server resulting in a denial of
service to legitimate users. Arbitrary code execution may also be possible;
this may facilitate a compromise of the underlying system.
This issue is reported to affect IMAPd service version 6.1.19.0 of WorldMail
3.0; other versions may also be vulnerable.
9. Blender BlenLoader File Processing Integer Overflow Vulnerability BugTraq
ID: 15981
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15981
Summary:
Blender is susceptible to an integer overflow vulnerability. This issue is due
to a failure of the application to properly sanitize user-supplied input prior
to using it in a memory allocation and copy operation.
This issue allows attackers to execute arbitrary machine code in the context of
the user running the affected application.
10. McAfee VirusScan Security Center ActiveX Control Arbitrary File Overwrite
Vulnerability
BugTraq ID: 15986
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15986
Summary:
McAfee VirusScan Security Center is prone to an arbitrary file overwrite
vulnerability. Attackers are able to create and modify arbitrary files.
Successful exploitation can lead to various attacks including potential
arbitrary code execution and remote unauthorized access.
11. RARLAB WinRAR File Name Potential Buffer Overflow Vulnerability
BugTraq ID: 15999
Remote: Yes
Date Published: 2005-12-21
Relevant URL: http://www.securityfocus.com/bid/15999
Summary:
A client-side buffer overflow vulnerability has been reported in the file name
processing functionality of WinRAR.
A remote attacker may supply malicious files to a user to be compressed by
WinRAR to exploit this issue. A remote compromise is also possible if the
application employs the same routines for decompression, however, this is
entirely conjecture and has not been confirmed.
WinRAR 3.51 is reportedly vulnerable. Other versions may be affected as well.
12. Interaction SIP Proxy Remote Heap Corruption Denial Of Service
Vulnerability
BugTraq ID: 16001
Remote: Yes
Date Published: 2005-12-21
Relevant URL: http://www.securityfocus.com/bid/16001
Summary:
Interaction SIP Proxy is susceptible to a remote denial of service
vulnerability. This issue is due to a failure of the application to properly
bounds check user-supplied input data, resulting in a heap memory corruption.
This issue allows remote attackers to crash the affected server application,
denying further telephony service to legitimate users. It may be possible to
exploit this issue for remote code execution, but this has not been confirmed.
Version 3.0.010 of Interaction SIP Proxy is vulnerable to this issue; other
versions may also be affected.
13. MediaWiki Inline Style Attribute Security Check Bypass Vulnerability
BugTraq ID: 16032
Remote: Yes
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16032
Summary:
MediaWiki is prone to a vulnerability that may allow attackers to execute
script code in a user's browser.
Security checks related to inline style attributes can be bypassed,
facilitating injection of script code to be executed in a user's browser.
MediaWiki 1.5.3 is known to be vulnerable to this issue, however, other
versions may be affected as well.
14. McAfee VirusScan Path Specification Local Privilege Escalation
Vulnerability
BugTraq ID: 16040
Remote: No
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16040
Summary:
McAfee VirusScan is prone to a vulnerability that could allow an arbitrary file
to be executed.
The 'naPrdMgr.exe' process calls applications without using properly quoted
paths. Successful exploitation may allow local attackers to gain elevated
privileges.
McAfee VirusScan Enterprise 8.0i (patch 11) is reportedly vulnerable. Other
versions may be affected as well.
15. Nexus Concepts Dev Hound Multiple Vulnerabilities
BugTraq ID: 16042
Remote: Yes
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16042
Summary:
Dev Hound is prone to multiple vulnerabilities. These issues can allow an
attacker to obtain sensitive information and carry out HTML injection attacks.
Dev Hound 2.24 and prior versions are affected by these issues.
16. Sun Solaris PC NetLink Insecure Permissions Vulnerability
BugTraq ID: 16059
Remote: No
Date Published: 2005-12-26
Relevant URL: http://www.securityfocus.com/bid/16059
Summary:
PC NetLink is susceptible to an insecure permissions vulnerability. This issue
is due to a flaw in the 'slsadmin' and 'slsmgr' scripts.
This issue allows local attackers to improperly access files on the local
filesystem. Malicious users may write to the local filesystem with the
privileges of the user running the affected scripts.
17. Golden FTP Server APPE Command Buffer Overflow Vulnerability
BugTraq ID: 16060
Remote: Yes
Date Published: 2005-12-26
Relevant URL: http://www.securityfocus.com/bid/16060
Summary:
Golden FTP Server is prone to a remote buffer overflow vulnerability.
An attacker can exploit this issue to crash the server resulting in a denial of
service to legitimate users. Arbitrary code execution may also be possible,
which may facilitate a complete compromise of the underlying system.
18. Bugzilla Syncshadowdb Insecure Temporary File Creation Vulnerability
BugTraq ID: 16061
Remote: No
Date Published: 2005-12-26
Relevant URL: http://www.securityfocus.com/bid/16061
Summary:
Bugzilla creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if
critical files are overwritten in the attack. Other attacks may be possible as
well.
19. Dev Web Management System Multiple Input Validation Vulnerabilities
BugTraq ID: 16063
Remote: Yes
Date Published: 2005-12-27
Relevant URL: http://www.securityfocus.com/bid/16063
Summary:
Dev Web Management System is prone to multiple input validation
vulnerabilities. These issues may allow SQL injection and cross-site scripting
attacks.
Dev Web Management System versions 1.5 and earlier are prone to these issues.
20. BZFlag Unterminated Callsign Denial Of Service Vulnerability
BugTraq ID: 16066
Remote: Yes
Date Published: 2005-12-25
Relevant URL: http://www.securityfocus.com/bid/16066
Summary:
BZFlag is prone to a denial of service vulnerability.
This vulnerability may be triggered by a malformed callsign message.
21. Microsoft Internet Explorer HTML Parsing Denial of Service Vulnerabilities
BugTraq ID: 16070
Remote: Yes
Date Published: 2005-12-27
Relevant URL: http://www.securityfocus.com/bid/16070
Summary:
Microsoft Internet Explorer is affected by multiple denial of service
vulnerabilities.
An attacker may exploit these issues by enticing a user to visit a malicious
site resulting in a denial of service condition in the application.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #270
http://www.securityfocus.com/archive/88/419979
2. prevent DHCP server giving out leases to non-domain machines?
http://www.securityfocus.com/archive/88/419952
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
---------------------------------------------------------------------------
---------------------------------------------------------------------------
