SecurityFocus Microsoft Newsletter #340 ----------------------------------------
This Issue is Sponsored by: Watchfire As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Time for a new certification 2. 0wning Vista from the boot II. MICROSOFT VULNERABILITY SUMMARY 1. ZoneAlarm VSdatant Driver Denial of Service Vulnerability 2. VMware Multiple Denial Of Service Vulnerabilities 3. Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities 4. Winamp MP4 File Parsing Buffer Overflow Vulnerability 5. IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow Vulnerability 6. Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability 7. Fresh View PSP File Buffer Overflow Vulnerability 8. Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability 9. ABC-View Manager PSP File Buffer Overflow Vulnerability 10. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability 11. Cdelia Software ImageProcessing Malformed BMP File Denial of Service Vulnerability 12. Nullsoft Winamp PLS File Remote Denial of Service Vulnerability 13. Sendmail Unspecified Denial Of Service Vulnerability 14. OpenSSH S/Key Remote Information Disclosure Vulnerability 15. WSFTP Null Pointer Dereference Remote Denial of Service Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. Restrict Windows login to certain IPs/hosts for certain domain accounts? 2. SecurityFocus Microsoft Newsletter #339 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Time for a new certification By Don Parker I wrote a column for Securityfocus some time ago that aired my concerns over GIAC dropping the practical portion of their certification process. That column resulted in a lot of feedback, with most agreeing about how GIAC bungled what was up till then, the best certification around. http://www.securityfocus.com/columnists/443 2. 0wning Vista from the boot By Federico Biancuzzi Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM. http://www.securityfocus.com/columnists/442 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. ZoneAlarm VSdatant Driver Denial of Service Vulnerability BugTraq ID: 23734 Remote: No Date Published: 2007-05-01 Relevant URL: http://www.securityfocus.com/bid/23734 Summary: ZoneAlarm is prone to a local denial-of-service vulnerability because the application fails to validate its input buffer. An attacker may exploit this issue to crash affected computers, denying service to legitimate users. Arbitrary code execution may be possible, this has not been confirmed. ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well. 2. VMware Multiple Denial Of Service Vulnerabilities BugTraq ID: 23732 Remote: Yes Date Published: 2007-05-01 Relevant URL: http://www.securityfocus.com/bid/23732 Summary: VMware is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial-of-service conditions. Versions prior to 5.5.4 Build 44386 are vulnerable to these issues. 3. Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities BugTraq ID: 23730 Remote: Yes Date Published: 2007-05-01 Relevant URL: http://www.securityfocus.com/bid/23730 Summary: Trillian is prone to multiple buffer-overflow issues and an information leak in its IRC module. These issues occur because the application fails to properly bounds-check user-supplied data before copying it into fixed-sized memory buffers and fails to respond properly to exceptional conditions. Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients or to steal the contents of client-server communications. Trillian 3.1 is affected. 4. Winamp MP4 File Parsing Buffer Overflow Vulnerability BugTraq ID: 23723 Remote: Yes Date Published: 2007-04-30 Relevant URL: http://www.securityfocus.com/bid/23723 Summary: Winamp is prone to a buffer-overflow vulnerability when it attempts to process certain files. This issue occurs because the application fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Winamp 5.02 through 5.34. UPDATE: The vendor states that this issue will be addressed in Winamp 5.35. 5. IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow Vulnerability BugTraq ID: 23674 Remote: Yes Date Published: 2007-04-26 Relevant URL: http://www.securityfocus.com/bid/23674 Summary: IncrediMail is prone to a stack-based buffer-overflow vulnerability because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer. An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control. Successful exploits will corrupt process memory, allowing attacker-supplied arbitrary code to run in the context of the client application using the affected ActiveX control. 6. Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability BugTraq ID: 23668 Remote: Yes Date Published: 2007-04-25 Relevant URL: http://www.securityfocus.com/bid/23668 Summary: Multiple browsers are prone to an HTTP-response-splitting vulnerability because the software fails to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. This issue affects Microsoft Internet Explorer 7.0.5730.11 and Mozilla Firefox 2.0.0.3; other versions and browsers may also be affected. 7. Fresh View PSP File Buffer Overflow Vulnerability BugTraq ID: 23660 Remote: Yes Date Published: 2007-04-25 Relevant URL: http://www.securityfocus.com/bid/23660 Summary: Fresh View is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue by enticing a victim to load a malicious PSP file. If successful, the attacker can execute arbitrary code in the context of the affected application. This issue affects Fresh View 7.15; other versions may also be affected. 8. Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability BugTraq ID: 23656 Remote: Yes Date Published: 2007-04-25 Relevant URL: http://www.securityfocus.com/bid/23656 Summary: ClamAV is prone to a denial-of-service vulnerability. A successful attack may allow an attacker to cause denial-of-service conditions. 9. ABC-View Manager PSP File Buffer Overflow Vulnerability BugTraq ID: 23653 Remote: Yes Date Published: 2007-04-25 Relevant URL: http://www.securityfocus.com/bid/23653 Summary: ABC-View Manager is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue by enticing a victim to load a malicious PSP file. If successful, the attacker can execute arbitrary code in the context of the affected application. This issue affects ABC-View Manager 1.42; other versions may also be affected. 10. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability BugTraq ID: 23640 Remote: Yes Date Published: 2007-04-25 Relevant URL: http://www.securityfocus.com/bid/23640 Summary: Nero MediaHome is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying further service to legitimate users. This issue affects Nero MediaHome 2.5.5.0 and CE 1.3.0.4; other versions may also be affected. 11. Cdelia Software ImageProcessing Malformed BMP File Denial of Service Vulnerability BugTraq ID: 23629 Remote: Yes Date Published: 2007-04-24 Relevant URL: http://www.securityfocus.com/bid/23629 Summary: Cdelia Software ImageProcessing is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. 12. Nullsoft Winamp PLS File Remote Denial of Service Vulnerability BugTraq ID: 23627 Remote: Yes Date Published: 2007-04-24 Relevant URL: http://www.securityfocus.com/bid/23627 Summary: Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed PLS files. Successfully exploiting this issue allows remote attackers to crash affected applications. This issue is reported to affect Winamp 5.33; other versions may also be affected. 13. Sendmail Unspecified Denial Of Service Vulnerability BugTraq ID: 23606 Remote: Yes Date Published: 2007-04-23 Relevant URL: http://www.securityfocus.com/bid/23606 Summary: Sendmail is prone to a denial-of-service vulnerability. No further information is available at the moment. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Insufficient information is currently available to determine whether this is only an HP-specific issue. This BID will be updated as soon as more information emerges. This issue may have already been disclosed in a previous BID, but not enougyh information is available for a proper correlation at this time. This BID may be retired as more information emerges. 14. OpenSSH S/Key Remote Information Disclosure Vulnerability BugTraq ID: 23601 Remote: Yes Date Published: 2007-04-23 Relevant URL: http://www.securityfocus.com/bid/23601 Summary: OpenSSH contains an information-disclosure vulnerability when S/Key authentication is enabled. This issue occurs because the application fails to properly obscure the existence of valid usernames in authentication attempts. Exploiting this vulnerability allows remote users to test for the existence of valid usernames. Knowledge of system users may aid in further attacks. 15. WSFTP Null Pointer Dereference Remote Denial of Service Vulnerability BugTraq ID: 23584 Remote: Yes Date Published: 2007-04-21 Relevant URL: http://www.securityfocus.com/bid/23584 Summary: WSFTP is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Restrict Windows login to certain IPs/hosts for certain domain accounts? http://www.securityfocus.com/archive/88/467049 2. SecurityFocus Microsoft Newsletter #339 http://www.securityfocus.com/archive/88/466877 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: Watchfire As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd
