SecurityFocus Microsoft Newsletter #366 ----------------------------------------
This issue is Sponsored by: CSI CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security. It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. www.csiannual.com SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Rebinding attacks unbound 2.Aspect-Oriented Programming and Security II. MICROSOFT VULNERABILITY SUMMARY 1. Mono System.Math BigInteger Buffer Overflow Vulnerability 2. Symantec Altiris Deployment Solution Directory Traversal Vulnerability 3. Symantec Altiris Deployment Solution Aclient Local Privilege Escalation Vulnerability 4. Ipswitch IMail SMTP Server IMail Client Remote Buffer Overflow Vulnerability 5. Sony CONNECT SonicStage Player M3U Playlist Processing Buffer Overflow Vulnerability 6. BitDefender Unspecified Arbitrary Code Execution Vulnerability 7. Trend Micro AntiVirus Engine Tmxpflt.SYS Local Buffer Overflow Vulnerability 8. eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability 9. IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities 10. Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #365 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Rebinding attacks unbound By Federico Biancuzzi DNS rebinding was discovered in 1996 and affected the Java Virtual Machine (VM). Recently a group of researchers at Stanford found out that this vulnerability is still present in browsers and that the common solution, known as DNS pinning, is not effective anymore. http://www.securityfocus.com/columnists/455 2.Aspect-Oriented Programming By Rohit Sethi Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development. http://www.securityfocus.com/infocus/1895 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Mono System.Math BigInteger Buffer Overflow Vulnerability BugTraq ID: 26279 Remote: Yes Date Published: 2007-10-31 Relevant URL: http://www.securityfocus.com/bid/26279 Summary: Mono is prone to a buffer-overflow vulnerability because the application fails to adequately perform boundary checks on user-supplied data. Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will likely result in a denial-of-service condition. 2. Symantec Altiris Deployment Solution Directory Traversal Vulnerability BugTraq ID: 26266 Remote: No Date Published: 2007-10-30 Relevant URL: http://www.securityfocus.com/bid/26266 Summary: Symantec Altiris Deployment Solution is prone to a directory traversal vulnerability. Attackers can exploit this issue to gain access to potentially sensitive information. Information obtained may aid in further attacks. 3. Symantec Altiris Deployment Solution Aclient Local Privilege Escalation Vulnerability BugTraq ID: 26265 Remote: No Date Published: 2007-10-30 Relevant URL: http://www.securityfocus.com/bid/26265 Summary: Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary files with 'System' privileges. Successful exploits will completely compromise affected computers. 4. Ipswitch IMail SMTP Server IMail Client Remote Buffer Overflow Vulnerability BugTraq ID: 26252 Remote: Yes Date Published: 2007-10-30 Relevant URL: http://www.securityfocus.com/bid/26252 Summary: IMail Client, which is included in Ipswitch IMail Server, is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects IMail Client 9.22, which is included with IMail Server 2006.22; other versions may also be affected. 5. Sony CONNECT SonicStage Player M3U Playlist Processing Buffer Overflow Vulnerability BugTraq ID: 26241 Remote: Yes Date Published: 2007-10-29 Relevant URL: http://www.securityfocus.com/bid/26241 Summary: Sony CONNECT SonicStage player is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Remote attackers may crash the application or execute arbitrary machine code in the context of the user running the affected application. This issue affects SonicStage 4.3; other versions may also be vulnerable. 6. BitDefender Unspecified Arbitrary Code Execution Vulnerability BugTraq ID: 26210 Remote: Yes Date Published: 2007-10-25 Relevant URL: http://www.securityfocus.com/bid/26210 Summary: BitDefender is prone to an unspecified vulnerability that lets attackers execute arbitrary code on affected computers. 7. Trend Micro AntiVirus Engine Tmxpflt.SYS Local Buffer Overflow Vulnerability BugTraq ID: 26209 Remote: No Date Published: 2007-10-25 Relevant URL: http://www.securityfocus.com/bid/26209 Summary: Trend Micro AntiVirus engine is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Successful exploits may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges and completely compromise affected computers. Failed exploit attempts could crash the computer, denying service to legitimate users. Applications that incorporate 'Tmxpflt.sys' 8.320.1004 and 8.500.0.1002 from the AntiVirus engine are vulnerable, including Trend Micro PC-cillin Internet Security 2007, ServerProtect, and OfficeScan. 8. eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability BugTraq ID: 26189 Remote: Yes Date Published: 2007-10-24 Relevant URL: http://www.securityfocus.com/bid/26189 Summary: The application is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting this issue allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Enterprise Security Analyzer 2.5; other versions may also be vulnerable. 9. IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities BugTraq ID: 26175 Remote: Yes Date Published: 2007-10-23 Relevant URL: http://www.securityfocus.com/bid/26175 Summary: IBM Lotus Notes is prone to multiple buffer-overflow vulnerabilities. Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application. Lotus Notes 7.0.2 is prone to these issues; other versions may also be vulnerable. NOTE: Reports suggest that Symantec Mail Security for Domino, SMTP, and Exchange are also vulnerable to these issues; Symantec has not confirmed this. We will update this BID pending further investigation. 10. Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability BugTraq ID: 26166 Remote: Yes Date Published: 2007-10-22 Relevant URL: http://www.securityfocus.com/bid/26166 Summary: Mono is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks. This issue affects versions prior to Mono 1.2.5.2 running on Windows platforms. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #365 http://www.securityfocus.com/archive/88/482796 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: CSI CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security. It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. www.csiannual.com
