SecurityFocus Microsoft Newsletter #339 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8O SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Online Impersonations: No Validation Required 2. 0wning Vista from the boot II. MICROSOFT VULNERABILITY SUMMARY 1. Cdelia Software ImageProcessing Malformed BMP File Denial of Service Vulnerability 2. Nullsoft Winamp PLS File Remote Denial of Service Vulnerability 3. Apple Quicktime Unspecified Java Handling Arbitrary Code Execution Vulnerability 4. Sendmail Unspecified Denial Of Service Vulnerability 5. OpenSSH S/Key Remote Information Disclosure Vulnerability 6. WSFTP Null Pointer Dereference Remote Denial of Service Vulnerability 7. Check Point Zone Alarm Srescan.SYS Multiple Local Privilege Escalation Vulnerabilities 8. Foxit Reader Malformed PDF File Denial of Service Vulnerability 9. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie 10. Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability 11. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability 12. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability 13. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability 14. NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities 15. Oracle April 2007 Security Update Multiple Vulnerabilities 16. NetSprint Toolbar ActiveX Denial of Service Vulnerability 17. MiniShare Multiple Request Handling Remote Denial of Service Vulnerability 18. SSH Tectia Server IBM z/OS Local Privilege Escalation Vulnerability 19. FileZilla Multiple Unspecified Format String Vulnerabilities 20. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability 21. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #338 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Online Impersonations: No Validation Required By Dr. Neal Krawetz It is said that imitation is the sincerest form of flattery. Unfortunately, online social networks provide no method for distinguishing an impersonation from the real thing. While your online words and actions may circulate for years, so do those of an impersonator. http://www.securityfocus.com/columnists/441 2. 0wning Vista from the boot By Federico Biancuzzi Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM. http://www.securityfocus.com/columnists/442 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Cdelia Software ImageProcessing Malformed BMP File Denial of Service Vulnerability BugTraq ID: 23629 Remote: Yes Date Published: 2007-04-24 Relevant URL: http://www.securityfocus.com/bid/23629 Summary: Cdelia Software ImageProcessing is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. 2. Nullsoft Winamp PLS File Remote Denial of Service Vulnerability BugTraq ID: 23627 Remote: Yes Date Published: 2007-04-24 Relevant URL: http://www.securityfocus.com/bid/23627 Summary: Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed PLS files. Successfully exploiting this issue allows remote attackers to crash affected applications. This issue is reported to affect Winamp 5.33; other versions may also be affected. 3. Apple Quicktime Unspecified Java Handling Arbitrary Code Execution Vulnerability BugTraq ID: 23608 Remote: Yes Date Published: 2007-04-23 Relevant URL: http://www.securityfocus.com/bid/23608 Summary: QuickTime is prone to a vulnerability that may aid in the remote compromise of a vulnerable computer. The issue occurs when a Java-enabled browser is used to view a malicious website. QuickTime must also be installed. Few details are currently available regarding this issue. This BID will be updated as more information emerges. This issue is exploitable through both Safari and Mozilla Firefox running on Mac OS X. Reports indicate that Firefox on Microsoft Windows platforms may also be an exploit vector. 4. Sendmail Unspecified Denial Of Service Vulnerability BugTraq ID: 23606 Remote: Yes Date Published: 2007-04-23 Relevant URL: http://www.securityfocus.com/bid/23606 Summary: Sendmail is prone to a denial-of-service vulnerability. No further information is available at the moment. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Insufficient information is currently available to determine whether this is only an HP-specific issue. This BID will be updated as soon as more information emerges. This issue may have already been disclosed in a previous BID, but not enougyh information is available for a proper correlation at this time. This BID may be retired as more information emerges. 5. OpenSSH S/Key Remote Information Disclosure Vulnerability BugTraq ID: 23601 Remote: Yes Date Published: 2007-04-23 Relevant URL: http://www.securityfocus.com/bid/23601 Summary: OpenSSH contains an information-disclosure vulnerability when S/Key authentication is enabled. This issue occurs because the application fails to properly obscure the existence of valid usernames in authentication attempts. Exploiting this vulnerability allows remote users to test for the existence of valid usernames. Knowledge of system users may aid in further attacks. 6. WSFTP Null Pointer Dereference Remote Denial of Service Vulnerability BugTraq ID: 23584 Remote: Yes Date Published: 2007-04-21 Relevant URL: http://www.securityfocus.com/bid/23584 Summary: WSFTP is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users. 7. Check Point Zone Alarm Srescan.SYS Multiple Local Privilege Escalation Vulnerabilities BugTraq ID: 23579 Remote: No Date Published: 2007-04-20 Relevant URL: http://www.securityfocus.com/bid/23579 Summary: Check Point ZoneAlarm is prone to multiple local privilege-escalation vulnerabilities. On a default installation, only certain restricted accounts can access the vulnerable sections of the application. An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. Check Point ZoneAlarm versions using ZoneAlarm Spyware Removal Engine (SRE) versions prior to 5.0.156.0 are vulnerable to this issue; other products using the vulnerable engine are reported vulnerable. 8. Foxit Reader Malformed PDF File Denial of Service Vulnerability BugTraq ID: 23576 Remote: Yes Date Published: 2007-04-20 Relevant URL: http://www.securityfocus.com/bid/23576 Summary: Foxit Reader is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Foxit Reader 2.0; other versions may also be affected. 9. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie BugTraq ID: 23570 Remote: Yes Date Published: 2007-04-19 Relevant URL: http://www.securityfocus.com/bid/23570 Summary: RaidenFTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle user-supplied input. Exploiting these issues allows remote attackers to crash the application, denying further service to legitimate users. These issues affect RaidenFTPD 2.4; other versions may also be vulnerable. 10. Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability BugTraq ID: 23568 Remote: Yes Date Published: 2007-04-19 Relevant URL: http://www.securityfocus.com/bid/23568 Summary: Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed MIDI files. Successfully exploiting this issue allows remote attackers to crash affected applications. Code execution may also be possible, but this has not been confirmed. This issue is reported to affect Winamp 5.3; other versions may also be affected. 11. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability BugTraq ID: 23566 Remote: No Date Published: 2007-04-19 Relevant URL: http://www.securityfocus.com/bid/23566 Summary: OpenAFS for Microsoft Windows is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected conditions. Successfully exploiting this issue allows local attackers to trigger computer crashes. These crashes will occur every time Windows tries to start, creating a prolonged denial-of-service condition. Versions of OpenAFS prior to 1.5.19 running on Windows are vulnerable. Note that this issue is present only if MIT Kerberos for Windows is also installed on vulnerable computers. 12. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability BugTraq ID: 23556 Remote: Yes Date Published: 2007-04-18 Relevant URL: http://www.securityfocus.com/bid/23556 Summary: Novell Groupwise WebAccess is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 13. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability BugTraq ID: 23547 Remote: Yes Date Published: 2007-04-18 Relevant URL: http://www.securityfocus.com/bid/23547 Summary: Novell SecureLogin is prone to a vulnerability that allows attackers to bypass security restrictions as well as a vulnerability that may allow attackers to gain elevated privileges on the affected computer. These issues affect Novell Access Management Server 3 IR1. 14. NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities BugTraq ID: 23535 Remote: Yes Date Published: 2007-04-17 Relevant URL: http://www.securityfocus.com/bid/23535 Summary: NetSprint Ask IE Toolbar ActiveX control is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially exploit these issues to execute code, but this has not been confirmed. NetSprint Ask IE Toolbar 1.1 is vulnerable; other versions may also be affected. 15. Oracle April 2007 Security Update Multiple Vulnerabilities BugTraq ID: 23532 Remote: Yes Date Published: 2007-04-17 Relevant URL: http://www.securityfocus.com/bid/23532 Summary: Oracle has released a Critical Patch Update advisory for April 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. 16. NetSprint Toolbar ActiveX Denial of Service Vulnerability BugTraq ID: 23530 Remote: Yes Date Published: 2007-04-17 Relevant URL: http://www.securityfocus.com/bid/23530 Summary: NetSprint Toolbar ActiveX control is prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially be able to exploit this issue to execute code, but this has not been confirmed. NetSprint Toolbar ActiveX Control 1.1 is vulnerable to this issue; other versions may also be vulnerable. 17. MiniShare Multiple Request Handling Remote Denial of Service Vulnerability BugTraq ID: 23517 Remote: Yes Date Published: 2007-04-16 Relevant URL: http://www.securityfocus.com/bid/23517 Summary: MiniShare is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the server application, denying further service to legitimate users. 18. SSH Tectia Server IBM z/OS Local Privilege Escalation Vulnerability BugTraq ID: 23508 Remote: No Date Published: 2007-04-16 Relevant URL: http://www.securityfocus.com/bid/23508 Summary: SSH Tectia server for IBM z/OS is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to gain certain elevated privileges on a vulnerable computer and launch further attacks. Successful exploits may facilitate a compromise of vulnerable computers. This issue affects versions prior to 5.4.0. 19. FileZilla Multiple Unspecified Format String Vulnerabilities BugTraq ID: 23506 Remote: Yes Date Published: 2007-04-16 Relevant URL: http://www.securityfocus.com/bid/23506 Summary: FileZilla is prone to multiple unspecified format-string vulnerabilities because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker can exploit these issues to execute arbitrary code within the context of the affected application, denying service to legitimate users. These issues affect versions prior to 2.2.32. 20. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability BugTraq ID: 23494 Remote: No Date Published: 2007-04-15 Relevant URL: http://www.securityfocus.com/bid/23494 Summary: ZoneAlarm is prone to a local denial-of-service vulnerability. This issue occurs when attackers supply invalid argument values to the 'vsdatant.sys' driver. A local attacker may exploit this issue to crash affected computers, denying service to legitimate users. ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well. 21. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities BugTraq ID: 21668 Remote: Yes Date Published: 2007-04-18 Relevant URL: http://www.securityfocus.com/bid/21668 Summary: The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to: - execute arbitrary code - perform cross-site scripting attacks - inject arbitrary content - gain escalated privileges - crash affected applications and potentially execute arbitrary code. Other attacks may also be possible. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #338 http://www.securityfocus.com/archive/88/466639 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8O
