SecurityFocus Microsoft Newsletter #289
----------------------------------------
FREE Safend Auditor - Monitor your endpoints!
Safend's FREE Auditor provides the visibility you need to protect your desktops
and laptops. Safend Auditor identifies every USB, FireWire and PCMCIA device
that has connected to your endpoints. Asses you endpoint vulnerabilities for
FREE!
http://www.securityfocus.com/cgi-bin/ib.pl
------------------------------------------------------------------
I. FRONT AND CENTER
1. Sendmail and secure design
2. Five common Web application vulnerabilities
II. MICROSOFT VULNERABILITY SUMMARY
1. EMC Dantz Retrospect Backup Server Local Privilege Escalation
Vulnerability
2. Invision Gallery Post.PHP SQL Injection Vulnerability
3. MySQL Remote Information Disclosure and Buffer Overflow
Vulnerabilities
4. Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
5. LibTiff Double Free Memory Corruption Vulnerability
6. LibTiff TIFFFetchData Integer Overflow Vulnerability
7. LibTiff Multiple Denial of Service Vulnerabilities
8. PowerISO Directory Traversal Vulnerability
9. MagicISO Directory Traversal Vulnerability
10. EZB Systems UltraISO Directory Traversal Vulnerability
11. WinISO Directory Traversal Vulnerability
12. Invision Power Board Func_msg.PHP SQL Injection Vulnerability
13. Microsoft Internet Explorer MHTML URI Handler Information Disclosure
Vulnerability
14. Microsoft Internet Explorer Modal Dialog Manipulation Vulnerability
15. Juniper SSL-VPN Client ActiveX Control Remote Buffer Overflow
Vulnerability
16. Invision Power Board Index.PHP CK Parameter SQL Injection
Vulnerability
17. Pablo Software Solutions Quick 'n Easy FTP Server Logging Buffer
Overflow Vulnerability
18. Sybase Pylon Anywhere Unauthorized Access Vulnerability
19. Lotus Domino Unspecified LDAP Denial of Service Vulnerability
20. IZArc Hostile Destination Path Vulnerability
21. Blender BVF File Import Python Code Execution Vulnerability
22. Skulltag Remote Format String Vulnerability
23. Microsoft Internet Explorer Nested OBJECT Tag Memory Corruption
Vulnerability
24. iOpus Secure Email Attachments Encryption Weakness
III. MICROSOFT FOCUS LIST SUMMARY
1. EFS rollout using Active Directory
2. SecurityFocus Microsoft Newsletter #288
3. Laptop Encryption & Write Permissions
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Sendmail and secure design
By Jason Miller
Sendmail's wide market share, ancient code base and long vulnerability history
make it an interesting example about the need for software to start from a
secure design.
http://www.securityfocus.com/columnists/400
2. Five common Web application vulnerabilities
By Sumit Siddharth, Pratiksha Doshi
This article looks at five common Web application attacks, primarily for PHP
applications, and then presents a short case study of a vulnerable Website that
was found using Google and easily exploited.
http://www.securityfocus.com/infocus/1864
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. EMC Dantz Retrospect Backup Server Local Privilege Escalation Vulnerability
BugTraq ID: 17798
Remote: No
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17798
Summary:
Dantz Retrospect Backup Server is prone to a local privilege-escalation
vulnerability. This issue is due to a failure of the application to properly
ensure that administrative privileges are dropped prior to executing
applications.
This issue allows local users to gain administrative privileges, facilitating
the complete compromise of affected computers.
2. Invision Gallery Post.PHP SQL Injection Vulnerability
BugTraq ID: 17793
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17793
Summary:
Invision Gallery is prone to a SQL-injection vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied input before
using it in an SQL query.
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
3. MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
BugTraq ID: 17780
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is susceptible to multiple remote vulnerabilities. The issues are:
- A buffer-overflow vulnerability due to insufficient bounds-checking of
user-supplied data prior to copying it to an insufficiently sized
memory-buffer. This issue allows remote attackers to execute arbitrary machine
code in the context of affected database servers. Failed exploit attempts
likely result in crashing the server and denying further service to legitimate
users.
- Two information-disclosure vulnerabilities due to insufficient
input-sanitization and bounds-checking of user-supplied data. These issues
allow remote users to gain access to potentially sensitive information that may
aid them in further attacks.
4. Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
BugTraq ID: 17754
Remote: Yes
Date Published: 2006-05-01
Relevant URL: http://www.securityfocus.com/bid/17754
Summary:
ClamAV's freshclam utility is susceptible to a remote buffer-overflow
vulnerability. The utility fails to perform sufficient boundary checks in
server-supplied HTTP data before copying it to an insufficiently sized memory
buffer.
To exploit this issue, attackers must subvert webservers in the ClamAV database
server pool. Or, they would perform DNS-based attacks or man-in-the-middle
attacks to cause affected freshclam applications to connect to
attacker-controlled webservers.
This issue allows remote attackers to execute arbitrary machine code in the
context of the freshclam utility. The affected utility may run with superuser
privileges, aiding remote attackers in the complete compromise of affected
computers.
ClamAV versions 0.88 and 0.88.1 are affected by this issue.
5. LibTiff Double Free Memory Corruption Vulnerability
BugTraq ID: 17733
Remote: Yes
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17733
Summary:
Applications using the LibTIFF library are prone to a double-free
vulnerability; a fix is available.
Attackers may be able to exploit this issue to cause denial-of-service
conditions in affected applications using a vulnerable version of the library;
arbitrary code execution may also be possible.
6. LibTiff TIFFFetchData Integer Overflow Vulnerability
BugTraq ID: 17732
Remote: Yes
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17732
Summary:
Applications using the LibTIFF library are prone to an integer-overflow
vulnerability.
An attacker could exploit this vulnerability to execute arbitrary code in the
context of the vulnerable application that uses the affected library. Failed
exploit attempts will likely cause denial-of-service conditions.
7. LibTiff Multiple Denial of Service Vulnerabilities
BugTraq ID: 17730
Remote: Yes
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17730
Summary:
LibTIFF is affected by multiple denial-of-service vulnerabilities.
An attacker can exploit these vulnerabilities to cause a denial of service in
applications using the affected library.
8. PowerISO Directory Traversal Vulnerability
BugTraq ID: 17726
Remote: Yes
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17726
Summary:
Reportedly, an attacker can carry out attacks using directory-traversal
strings. These issues occur when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files
and to overwrite files on a computer in the context of the user running the
affected application. A successful exploit may aid in further attacks.
This issue affects PowerISO version 2.9; other versions may also be affected.
9. MagicISO Directory Traversal Vulnerability
BugTraq ID: 17725
Remote: Yes
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17725
Summary:
Reportedly, an attacker can carry out attacks using directory-traversal
strings. These issues occur when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files
and to overwrite files on a computer in the context of the user running the
affected application. A successful exploit may aid in further attacks.
This issue affects MagicISO version 5.0 Build 0166; other versions may also be
affected.
10. EZB Systems UltraISO Directory Traversal Vulnerability
BugTraq ID: 17724
Remote: Yes
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17724
Summary:
Reportedly, an attacker can carry out attacks using directory-traversal
strings. These issues occur when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files
and to overwrite files on a computer in the context of the user running the
affected application. A successful exploit may aid in further attacks.
This issue affects UltraISO version 8.0.0. 1392; other versions may also be
affected.
11. WinISO Directory Traversal Vulnerability
BugTraq ID: 17721
Remote: Yes
Date Published: 2006-04-28
Relevant URL: http://www.securityfocus.com/bid/17721
Summary:
Reportedly, an attacker can carry out attacks using directory-traversal
strings. These issues occur when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files
and to overwrite files on a computer in the context of the user running the
affected application. A successful exploit may aid in further attacks.
This issue affects WinISO version 5.3; other versions may also be affected.
12. Invision Power Board Func_msg.PHP SQL Injection Vulnerability
BugTraq ID: 17719
Remote: Yes
Date Published: 2006-04-27
Relevant URL: http://www.securityfocus.com/bid/17719
Summary:
Invision Power Board is prone to an SQL-injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
13. Microsoft Internet Explorer MHTML URI Handler Information Disclosure
Vulnerability
BugTraq ID: 17717
Remote: Yes
Date Published: 2006-04-27
Relevant URL: http://www.securityfocus.com/bid/17717
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure
vulnerability.
This vulnerability may let a malicious website access properties of a site in
an arbitrary external domain in the context of the victim user's browser.
Attackers could exploit this issue to gain access to sensitive information
(such as cookies or passwords) that is associated with the external domain.
14. Microsoft Internet Explorer Modal Dialog Manipulation Vulnerability
BugTraq ID: 17713
Remote: Yes
Date Published: 2006-04-26
Relevant URL: http://www.securityfocus.com/bid/17713
Summary:
Internet Explorer is prone to a remote code-execution vulnerability through
exploiting a race-condition when displaying modal security dialog boxes.
This issue may be exploited to cause users to inadvertently allow remote-code
to be executed.
15. Juniper SSL-VPN Client ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 17712
Remote: Yes
Date Published: 2006-04-26
Relevant URL: http://www.securityfocus.com/bid/17712
Summary:
Juniper SSL-VPN Client ActiveX control is prone to a buffer-overflow
vulnerability. The software fails to perform sufficient bounds-checking of
user-supplied input before copying it to an insufficiently sized memory buffer.
Invoking the object from a malicious website may trigger the condition. If the
vulnerability were successfully exploited, this would corrupt process memory,
resulting in arbitrary code execution. Arbitrary code would be executed in the
context of the client application.
16. Invision Power Board Index.PHP CK Parameter SQL Injection Vulnerability
BugTraq ID: 17690
Remote: Yes
Date Published: 2006-04-25
Relevant URL: http://www.securityfocus.com/bid/17690
Summary:
Invision Power Board is prone to an SQL-injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied input
before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
17. Pablo Software Solutions Quick 'n Easy FTP Server Logging Buffer Overflow
Vulnerability
BugTraq ID: 17681
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17681
Summary:
Quick 'n Easy FTP Server is prone to a buffer-overflow vulnerability. This
issue is due to a failure in the application to do proper bounds checking on
user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary machine code in the
context of the affected server application. This likely occurs with
SYSTEM-level privileges.
18. Sybase Pylon Anywhere Unauthorized Access Vulnerability
BugTraq ID: 17677
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17677
Summary:
Sybase Pylon Anywhere is prone to an access-validation vulnerability. This
issue could allow an authenticated attacker to access other users' data.
Pylon Anywhere versions prior to 7.0 are vulnerable.
19. Lotus Domino Unspecified LDAP Denial of Service Vulnerability
BugTraq ID: 17669
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17669
Summary:
Lotus Domino LDAP server is prone to an unspecified denial-of-service
vulnerability when handling malformed requests.
Lotus Domino version 7.0 is vulnerable; earlier versions may also be affected.
This issue may be related to the one described in BID 16523 (Lotus Domino LDAP
Denial of Service Vulnerability), but insufficient details are currently
available to make a proper determination.
20. IZArc Hostile Destination Path Vulnerability
BugTraq ID: 17664
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17664
Summary:
IZArc contains a vulnerability in the handling of pathnames for archived files.
By specifying a path for an archived item that points outside the expected
destination directory, the creator of the archive can cause the file to be
extracted to arbitrary locations on the filesystem, possibly including paths
containing system binaries and other sensitive or confidential information.
Presumably, an attacker could use this to create or overwrite binaries in any
desired location, using the privileges of the invoking user.
Version 3.5 beta 3 is vulnerable; other versions may also be affected.
21. Blender BVF File Import Python Code Execution Vulnerability
BugTraq ID: 17663
Remote: Yes
Date Published: 2006-04-24
Relevant URL: http://www.securityfocus.com/bid/17663
Summary:
Blender is susceptible to a Python code-execution vulnerability. This issue is
due to the application's failure to properly sanitize user-supplied input
before using it in a Python 'eval' statement.
This issue allows attackers to execute arbitrary Python code in the context of
the user running the affected application.
22. Skulltag Remote Format String Vulnerability
BugTraq ID: 17659
Remote: Yes
Date Published: 2006-04-23
Relevant URL: http://www.securityfocus.com/bid/17659
Summary:
Skulltag is reported prone to a remote format-string vulnerability.
As a result of this issue, malicious data containing format specifiers may be
interpreted literally by the application, which may cause attacker-specified
memory to be disclosed or corrupted, leading to arbitrary code execution.
A successful exploit could cause the application to fail or arbitrary code to
run in the context of the application.
23. Microsoft Internet Explorer Nested OBJECT Tag Memory Corruption
Vulnerability
BugTraq ID: 17658
Remote: Yes
Date Published: 2006-04-22
Relevant URL: http://www.securityfocus.com/bid/17658
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This
issue is due to a flaw in the application in handling nested OBJECT tags in
HTML content.
An attacker could exploit this issue via a malicious web page to potentially
execute arbitrary code in the context of the currently logged-in user, but this
has not been confirmed. Exploit attempts likely result in crashing the affected
application. Attackers could exploit this issue through HTML email/newsgroup
postings or through other applications that employ the affected component.
Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 is reportedly
vulnerable to this issue; other versions may also be affected.
24. iOpus Secure Email Attachments Encryption Weakness
BugTraq ID: 17656
Remote: Yes
Date Published: 2006-04-22
Relevant URL: http://www.securityfocus.com/bid/17656
Summary:
iOpus Secure Email Attachments is susceptible to an insecure-encryption
weakness. This issue is due to a design flaw in the encryption algorithm used
in the application.
The insecure method of encrypting attachments may result in a substantially
less than brute-force attack against certain passwords used to encrypt
attachments.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. EFS rollout using Active Directory
http://www.securityfocus.com/archive/88/432081
2. SecurityFocus Microsoft Newsletter #288
http://www.securityfocus.com/archive/88/432070
3. Laptop Encryption & Write Permissions
http://www.securityfocus.com/archive/88/430680
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
FREE Safend Auditor - Monitor your endpoints!
Safend's FREE Auditor provides the visibility you need to protect your desktops
and laptops. Safend Auditor identifies every USB, FireWire and PCMCIA device
that has connected to your endpoints. Asses you endpoint vulnerabilities for
FREE!
http://www.securityfocus.com/cgi-bin/ib.pl
---------------------------------------------------------------------------
---------------------------------------------------------------------------
