SecurityFocus Microsoft Newsletter #285 ----------------------------------------
Test your Network Security Free with QualysGuard Requiring NO software, QualysGuard will safely and accurately test your network and provide you with the necessary fixes to proactively guard your network. Try QualysGuard Risk Free with No Obligation. http://www.securityfocus.com/cgi-bin/ib.pl ------------------------------------------------------------------ I. FRONT AND CENTER 1. Two attacks against VoIP 2. Open source security testing methodology 3. This Means Warcraft! II. MICROSOFT VULNERABILITY SUMMARY 1. HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability 2. PHP PHPInfo Large Input Cross-Site Scripting Vulnerability 3. Microsoft Windows Help Image Processing Heap Overflow Vulnerability 4. Samba Machine Trust Account Local Information Disclosure Vulnerability 5. MPlayer Multiple Integer Overflow Vulnerabilities 6. SweetSuite.NET Content Management System Search.ASPX Cross-Site Scripting Vulnerability 7. Microsoft Office XP Array Index Denial of Service Vulnerability 8. Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. New IE flaw and exploit sites/migration to non-MS browser 2. SecurityFocus Microsoft Newsletter #284 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Two attacks against VoIP By Peter Thermos This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. The first attack demonstrates the ability to hijack a user's VoIP Subscription and subsequent communications. The second attack looks at the ability to eavesdrop in to VoIP communications. http://www.securityfocus.com/infocus/1862 2. Open source security testing methodology By Federico Biancuzzi Truth is made of numbers. Following this golden rule, Federico Biancuzzi interviewed Pete Herzog, founder of ISECOM and creator of the OSSTMM, to talk about the upcoming revision 3.0 of the Open Source Security Testing Methodology Manual. He discusses why we need a testing methodology, why use open source, the value of certifications, and plans for a new vulnerability scanner developed with a different approach than Nessus. http://www.securityfocus.com/columnists/395 3. This Means Warcraft! By Mark Rasch A recent World of Warcraft case involved a WoW book by Brian Knopp that was being sold on eBay. It resulted in automated takedown notices by "lawyerbots" and shows how the legal process today can end up silencing legitimate uses of trademarks and copyrights. http://www.securityfocus.com/columnists/396 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability BugTraq ID: 17367 Remote: Yes Date Published: 2006-04-04 Relevant URL: http://www.securityfocus.com/bid/17367 Summary: The HP Color LaserJet 2500/4600 Toolbox is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks. 2. PHP PHPInfo Large Input Cross-Site Scripting Vulnerability BugTraq ID: 17362 Remote: Yes Date Published: 2006-04-03 Relevant URL: http://www.securityfocus.com/bid/17362 Summary: PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 3. Microsoft Windows Help Image Processing Heap Overflow Vulnerability BugTraq ID: 17325 Remote: Yes Date Published: 2006-03-31 Relevant URL: http://www.securityfocus.com/bid/17325 Summary: The Microsoft Windows Help File viewer (winhlp32.exe) is reported prone to a heap-overflow vulnerability. This vulnerability presents itself when the application handles a specially crafted Windows Help (.hlp) file. A successful attack may facilitate arbitrary code execution in the context of a vulnerable user who opens a malicious file. 4. Samba Machine Trust Account Local Information Disclosure Vulnerability BugTraq ID: 17314 Remote: No Date Published: 2006-03-30 Relevant URL: http://www.securityfocus.com/bid/17314 Summary: Samba is susceptible to a local information-disclosure vulnerability. This issue is due to a design error that potentially leads to sensitive information being written to log files. This occurs when the debugging level has been set to 5 or higher. This issue allows local attackers to gain access to the machine trust account of affected computers. Attackers may then impersonate the affected server in the domain. By impersonating the member server, attackers may gain access to further sensitive information, including the users and groups in the domain; other information may also be available. This may aid attackers in further attacks. Samba versions 3.0.21 through to 3.0.21c that use the 'winbindd' daemon are susceptible to this issue. 5. MPlayer Multiple Integer Overflow Vulnerabilities BugTraq ID: 17295 Remote: Yes Date Published: 2006-03-29 Relevant URL: http://www.securityfocus.com/bid/17295 Summary: MPlayer is susceptible to two integer-overflow vulnerabilities. An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may help the attacker gain unauthorized access or escalate privileges. MPlayer version 1.0.20060329 is affected by these issues; other versions may also be affected. 6. SweetSuite.NET Content Management System Search.ASPX Cross-Site Scripting Vulnerability BugTraq ID: 17254 Remote: Yes Date Published: 2006-03-27 Relevant URL: http://www.securityfocus.com/bid/17254 Summary: SweetSuite.NET Content Management System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 7. Microsoft Office XP Array Index Denial of Service Vulnerability BugTraq ID: 17252 Remote: Yes Date Published: 2006-03-27 Relevant URL: http://www.securityfocus.com/bid/17252 Summary: Microsoft Office is prone to a denial-of-service condition when handling malformed array indices. When an Office application such as Excel, Word, or PowerPoint tries to open a file containing a malformed array index, an exception will be thrown, causing the application to fail. Office XP is vulnerable to this issue; other versions may also be affected. 8. Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities BugTraq ID: 17243 Remote: Yes Date Published: 2006-03-27 Relevant URL: http://www.securityfocus.com/bid/17243 Summary: Microsoft .NET Framework SDK contains tools for assembling and disassembling MSIL files. These tools are prone to buffer-overflow vulnerabilities that attackers could exploit to cause a denial of service or potentially execute arbitrary code. These issues were reported to affect the .NET Framework SDK version 1.1 SP1; earlier versions may also be affected. Version 2.0 may also be affected, but code execution does not seem possible. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. New IE flaw and exploit sites/migration to non-MS browser http://www.securityfocus.com/archive/88/429472 2. SecurityFocus Microsoft Newsletter #284 http://www.securityfocus.com/archive/88/429365 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ Test your Network Security Free with QualysGuard Requiring NO software, QualysGuard will safely and accurately test your network and provide you with the necessary fixes to proactively guard your network. Try QualysGuard Risk Free with No Obligation. http://www.securityfocus.com/cgi-bin/ib.pl --------------------------------------------------------------------------- ---------------------------------------------------------------------------
