SecurityFocus Microsoft Newsletter #288

Marc Fossi Wed, 26 Apr 2006 06:53:56 -0700

SecurityFocus Microsoft Newsletter #288
----------------------------------------


This Issue is Sponsored By: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!" -White PaperBlind SQL Injection can deliver total control of your server to a hacker givingthem the ability to read, write and manipulate all data stored in your backendsystems! Download this *FREE* white paper from SPI Dynamics for a completeguide to protection!


https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000CGKl

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Forensic felonies
       2. Lessons learned from Microsoft's MS06-013 patch
II.  MICROSOFT VULNERABILITY SUMMARY

1. Invision Power Board Index.PHP CK Parameter SQL InjectionVulnerability2. Pablo Software Solutions Quick 'n Easy FTP Server Logging BufferOverflow Vulnerability

       3. Sybase Pylon Anywhere Unauthorized Access Vulnerability
       4. Lotus Domino Unspecified LDAP Denial of Service Vulnerability
       5. IZArc Hostile Destination Path Vulnerability
       6. Blender BVF File Import Python Code Execution Vulnerability
       7. Skulltag Remote Format String Vulnerability

8. Microsoft Internet Explorer Nested OBJECT Tag Memory CorruptionVulnerability

       9. iOpus Secure Email Attachments Encryption Weakness
       10. SolarWinds TFTP Server Directory Traversal Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY

1. File/Directory Permission Setting in Windows 2k/2003 SecurityTemplate

       2. SecurityFocus Microsoft Newsletter #287
       3. Internet security on "hotspots"
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Forensic felonies
By Mark Rasch

A new law in Georgia on private investigators extends to computer forensics andcomputer incident response, meaning that forensics experts who testify in courtwithout a PI license may be committing a felony.

http://www.securityfocus.com/columnists/399

2. Lessons learned from Microsoft's MS06-013 patch
By Bob Rudis

This article takes a quick look at the functionality changes in MS06-013, andthen discusses the new types of deployment decisions that are being made withinenterprise environments in light of this critical Microsoft security patch.

http://www.securityfocus.com/infocus/1863


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Invision Power Board Index.PHP CK Parameter SQL Injection Vulnerability
BugTraq ID: 17690
Remote: Yes
Date Published: 2006-04-25
Relevant URL: http://www.securityfocus.com/bid/17690
Summary:

Invision Power Board is prone to an SQL injection vulnerability. This issue isdue to a failure in the application to properly sanitize user-supplied inputbefore using it in an SQL query.

A successful exploit could result in a compromise of the application,disclosure or modification of data, or may permit an attacker to exploitvulnerabilities in the underlying database implementation.

2. Pablo Software Solutions Quick 'n Easy FTP Server Logging Buffer OverflowVulnerability

BugTraq ID: 17681
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17681
Summary:

Quick 'n Easy FTP Server is prone to a buffer-overflow vulnerability. Thisissue is due to a failure in the application to do proper bounds checking onuser-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary machine code in thecontext of the affected server application. This likely occurs withSYSTEM-level privileges.


3. Sybase Pylon Anywhere Unauthorized Access Vulnerability
BugTraq ID: 17677
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17677
Summary:

Sybase Pylon Anywhere is prone to an access-validation vulnerability. Thisissue could allow an authenticated attacker to access other users' data.


Pylon Anywhere versions prior to 7.0 are vulnerable.

4. Lotus Domino Unspecified LDAP Denial of Service Vulnerability
BugTraq ID: 17669
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17669
Summary:

Lotus Domino LDAP server is prone to an unspecified denial-of-servicevulnerability when handling malformed requests.


Lotus Domino version 7.0 is vulnerable; earlier versions may also be affected.

This issue may be related to the one described in BID 16523 (Lotus Domino LDAPDenial of Service Vulnerability), but insufficient details are currentlyavailable to make a proper determination.


5. IZArc Hostile Destination Path Vulnerability
BugTraq ID: 17664
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17664
Summary:
IZArc contains a vulnerability in the handling of pathnames for archived files.

By specifying a path for an archived item that points outside the expecteddestination directory, the creator of the archive can cause the file to beextracted to arbitrary locations on the filesystem, possibly including pathscontaining system binaries and other sensitive or confidential information.

Presumably, an attacker could use this to create or overwrite binaries in anydesired location, using the privileges of the invoking user.


Version 3.5 beta 3 is vulnerable; other versions may also be affected.

6. Blender BVF File Import Python Code Execution Vulnerability
BugTraq ID: 17663
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17663
Summary:

Blender is susceptible to a Python code-execution vulnerability. This issue isdue to the application's failure to properly sanitize user-supplied inputbefore using it in a Python 'eval' statement.

This issue allows attackers to execute arbitrary Python code in the context ofthe user running the affected application.


7. Skulltag Remote Format String Vulnerability
BugTraq ID: 17659
Remote: Yes
Date Published: 2006-04-23
Relevant URL: http://www.securityfocus.com/bid/17659
Summary:
Skulltag is reported prone to a remote format-string vulnerability.

As a result of this issue, malicious data containing format specifiers may beinterpreted literally by the application, which may cause attacker-specifiedmemory to be disclosed or corrupted, leading to arbitrary code execution.

A successful exploit could cause the application to fail or arbitrary code torun in the context of the application.

8. Microsoft Internet Explorer Nested OBJECT Tag Memory CorruptionVulnerability

BugTraq ID: 17658
Remote: Yes
Date Published: 2006-04-22
Relevant URL: http://www.securityfocus.com/bid/17658
Summary:

Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Thisissue is due to a flaw in the application in handling nested OBJECT tags inHTML content.

An attacker could exploit this issue via a malicious web page to potentiallyexecute arbitrary code in the context of the currently logged-in user, but thishas not been confirmed. Exploit attempts likely result in crashing the affectedapplication. Attackers could exploit this issue through HTML email/newsgrouppostings or through other applications that employ the affected component.

Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 is reportedlyvulnerable to this issue; other versions may also be affected.


9. iOpus Secure Email Attachments Encryption Weakness
BugTraq ID: 17656
Remote: Yes
Date Published: 2006-04-22
Relevant URL: http://www.securityfocus.com/bid/17656
Summary:

iOpus Secure Email Attachments is susceptible to an insecure-encryptionweakness. This issue is due to a design flaw in the encryption algorithm usedin the application.

The insecure method of encrypting attachments may result in a substantiallyless than brute-force attack against certain passwords used to encryptattachments.


10. SolarWinds TFTP Server Directory Traversal Vulnerability
BugTraq ID: 17648
Remote: Yes
Date Published: 2006-04-21
Relevant URL: http://www.securityfocus.com/bid/17648
Summary:
TFTP Server is prone to a directory-traversal vulnerability.

An attacker can exploit this issue to retrieve arbitrary files from thevulnerable computer in the context of the affected server process. This mayfacilitate a complete compromise of the affected computer because theapplication is typically run with SYSTEM privileges.


III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. File/Directory Permission Setting in Windows 2k/2003 Security Template
http://www.securityfocus.com/archive/88/431867

2. SecurityFocus Microsoft Newsletter #287
http://www.securityfocus.com/archive/88/431339

3. Internet security on "hotspots"
http://www.securityfocus.com/archive/88/431338

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------

To unsubscribe send an e-mail message to[EMAIL PROTECTED] from the subscribed address. Thecontents of the subject or message body do not matter. You will receive aconfirmation request message to which you will have to answer. Alternativelyyou can also visit http://www.securityfocus.com/newsletters and unsubscribe viathe website.

If your email address has changed email [EMAIL PROTECTED] and ask tobe manually removed.


V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SPI Dynamics


https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000CGKl





---------------------------------------------------------------------------
---------------------------------------------------------------------------

SecurityFocus Microsoft Newsletter #288

Reply via email to