SecurityFocus Microsoft Newsletter #365 ----------------------------------------
This issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!" - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D5K3 SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Rebinding attacks unbound 2.Aspect-Oriented Programming and Security II. MICROSOFT VULNERABILITY SUMMARY 1. eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability 2. IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities 3. Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability 4. SpeedFan Speedfan.sys Local Privilege Escalation Vulnerability 5. Macrovision SafeDisc SecDRV.SYS Method_Neither Local Privilege Escalation Vulnerability 6. Drupal Prior To 4.7.8 and 5.3 Multiple Remote Vulnerabilities 7. Nortel Networks UNIStim IP Softphone RTCP Port Buffer Overflow Vulnerability 8. Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability 9. WWWISIS IsisScript Local File Disclosure Vulnerability 10. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability 11. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #364 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Rebinding attacks unbound By Federico Biancuzzi DNS rebinding was discovered in 1996 and affected the Java Virtual Machine (VM). Recently a group of researchers at Stanford found out that this vulnerability is still present in browsers and that the common solution, known as DNS pinning, is not effective anymore. http://www.securityfocus.com/columnists/455 2.Aspect-Oriented Programming By Rohit Sethi Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development. http://www.securityfocus.com/infocus/1895 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability BugTraq ID: 26189 Remote: Yes Date Published: 2007-10-24 Relevant URL: http://www.securityfocus.com/bid/26189 Summary: The application is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting this issue allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Enterprise Security Analyzer 2.5; other versions may also be vulnerable. 2. IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities BugTraq ID: 26175 Remote: Yes Date Published: 2007-10-23 Relevant URL: http://www.securityfocus.com/bid/26175 Summary: IBM Lotus Notes is prone to multiple buffer-overflow vulnerabilities. Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application. Lotus Notes 7.0.2 is prone to these issues; other versions may also be vulnerable. 3. Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability BugTraq ID: 26166 Remote: Yes Date Published: 2007-10-22 Relevant URL: http://www.securityfocus.com/bid/26166 Summary: Mono is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks. This issue affects versions prior to Mono 1.2.5.2 running on Windows platforms. 4. SpeedFan Speedfan.sys Local Privilege Escalation Vulnerability BugTraq ID: 26123 Remote: No Date Published: 2007-10-18 Relevant URL: http://www.securityfocus.com/bid/26123 Summary: SpeedFan is prone to a local privilege-escalation vulnerability. An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. 5. Macrovision SafeDisc SecDRV.SYS Method_Neither Local Privilege Escalation Vulnerability BugTraq ID: 26121 Remote: No Date Published: 2007-10-18 Relevant URL: http://www.securityfocus.com/bid/26121 Summary: Macrovision SafeDisc is prone to a local privilege-escalation vulnerability because it fails to adequately sanitize user-supplied input. This vulnerability allows local attackers to execute arbitrary malicious code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. 6. Drupal Prior To 4.7.8 and 5.3 Multiple Remote Vulnerabilities BugTraq ID: 26119 Remote: Yes Date Published: 2007-10-18 Relevant URL: http://www.securityfocus.com/bid/26119 Summary: Drupal is prone to multiple remote vulnerabilities: - A cross-site request-forgery vulnerability. - An HTTP response-splitting vulnerability. - An HTML-injection vulnerability. - A vulnerability that may allow an attacker to mail unpublished comments. - An arbitrary-code-execution vulnerability. An attacker may exploit these vulnerabilities to: - Influence or misrepresent how web content is served, cached, or interpreted. - Execute arbitrary code within the context of the webserver process. - Steal cookie-based authentication credentials, allowing the attacker to launch other attacks. 7. Nortel Networks UNIStim IP Softphone RTCP Port Buffer Overflow Vulnerability BugTraq ID: 26118 Remote: Yes Date Published: 2007-10-18 Relevant URL: http://www.securityfocus.com/bid/26118 Summary: Nortel Networks UNIStim IP Softphone is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 8. Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability BugTraq ID: 26091 Remote: Yes Date Published: 2007-10-17 Relevant URL: http://www.securityfocus.com/bid/26091 Summary: Microsoft Windows Mobile is prone to a vulnerability that can result in the obfuscation of an SMS message source. Attackers can exploit this issue to anonymously send malicious messages to affected devices. Microsoft Windows Mobile 5 PocketPC is vulnerable; other versions may also be affected. 9. WWWISIS IsisScript Local File Disclosure Vulnerability BugTraq ID: 26079 Remote: Yes Date Published: 2007-10-15 Relevant URL: http://www.securityfocus.com/bid/26079 Summary: WWWISIS is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process. An attacker may be able to exploit this issue to retrieve potentially sensitive information that may aid in further attacks. This issue affects WWWISIS 7.1; other versions may also be vulnerable. 10. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability BugTraq ID: 26076 Remote: Yes Date Published: 2007-10-15 Relevant URL: http://www.securityfocus.com/bid/26076 Summary: Novell SUSE Linux Enterprise Server is prone to a denial-of-service vulnerability becuase it fails to adequately handle certain GSS-TSIG requests that require the 'libgssapi' library. Attackers can exploit this issue to cause denial-of-service conditions. Versions prior to 'libgssapi' 0.6-13.17 as found in Enterprise Server 10 SP1 are vulnerable. 11. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability BugTraq ID: 25976 Remote: No Date Published: 2007-10-15 Relevant URL: http://www.securityfocus.com/bid/25976 Summary: Microsoft ActiveSync is prone to an information-disclosure vulnerability because it fails to adequately obfuscate sensitive information. Attackers can exploit this issue to gain PIN or password data for devices docked via USB. Software that uses ActiveSync 4.1 is vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #364 http://www.securityfocus.com/archive/88/482537 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!" - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D5K3
