SecurityFocus Microsoft Newsletter #384
----------------------------------------
This issue is Sponsored by: Black Hat Europe
Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.
www.blackhat.com
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.A Guide to Different Kinds of Honeypots
2.The Laws of Full Disclosure
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Jet Database Engine MDB File Parsing Unspecified Remote
Vulnerability
2. ICQ Toolbar 'toolbaru.dll' ActiveX Control Remote Denial of Service
Vulnerability
3. Borland StarTeam Multiple Remote Vulnerabilities
4. Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
5. activePDF Server Packet Processing Remote Heap Overflow Vulnerability
6. RETIRED: Microsoft Word Unspecified Remote Code Execution Vulnerability
7. Symantec Backup Exec Scheduler ActiveX Control Multiple Arbitrary File
Overwrite Vulnerabilities
8. Symantec Decomposer RAR File Remote Buffer Overflow Vulnerability
9. Symantec Decomposer Resource Consumption Denial of Service
Vulnerability
10. Symantec Backup Exec Scheduler ActiveX Control Multiple Stack Based
Buffer Overflow Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.A Guide to Different Kinds of Honeypots
Honeypots come in many shapes and sizes and are available to mimic lots of different
kinds of applications and protocols. We shall take the definition of a honeypot as
"a security resource whose value lies in being probed, attacked, or
compromised"[Spitzner02]. That is, a honeypot is a system we can monitor to observe
how attackers behave, a system which is designed to lure attackers away from more
valuable systems and/or a system which is designed to provide early warning of an
intrusion to the target network. A honeypot may be used for all three applications at the
same time.
http://www.securityfocus.com/infocus/1897
2.The Laws of Full Disclosure
By Federico Biancuzzi
Full disclosure has a long tradition in the security community worldwide, yet
different European countries have different views on the legality of
vulnerability research. SecurityFocus contributor Federico Biancuzzi
investigates the subject of full disclosure and the law by interviewing lawyers
from twelve EU countries: Belgium, Denmark, Finland, France, Germany,Greece,
Hungary, Ireland, Italy, Poland, Romania, and the UK.
http://www.securityfocus.com/columnists/466
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Jet Database Engine MDB File Parsing Unspecified Remote
Vulnerability
BugTraq ID: 28087
Remote: Yes
Date Published: 2008-03-03
Relevant URL: http://www.securityfocus.com/bid/28087
Summary:
Microsoft Jet Database Engine is prone to an unspecifed security vulnerability.
Remote attackers can exploit this issue to execute arbitrary machine code in
the context of a user running the application. Successful exploits will
compromise the affected application and possibly the underlying computer.
Failed attacks will likely cause denial-of-service conditions.
2. ICQ Toolbar 'toolbaru.dll' ActiveX Control Remote Denial of Service
Vulnerability
BugTraq ID: 28086
Remote: Yes
Date Published: 2008-03-04
Relevant URL: http://www.securityfocus.com/bid/28086
Summary:
ICQ Toolbar 'toolbaru.dll' ActiveX control is prone to a denial-of-service
vulnerability.
An attacker can exploit this issue to trigger denial-of-service conditions in
Internet Explorer or other applications that use the vulnerable ActiveX control.
This issue affects ICQ Toolbar 2.3 Beta; other versions may also be affected.
3. Borland StarTeam Multiple Remote Vulnerabilities
BugTraq ID: 28080
Remote: Yes
Date Published: 2008-03-03
Relevant URL: http://www.securityfocus.com/bid/28080
Summary:
Borland StarTeam is prone to multiple issues, including multiple
integer-overflow vulnerabilities, a heap-overflow vulnerability, and a
denial-of-service vulnerability.
Successfully exploiting these issues allows remote attackers to execute
arbitrary machine code in the context of vulnerable server processes. These
issues may facilitate the remote compromise of affected computers. Attackers
may also trigger denial-of-service conditions.
NOTE: The StarTeam MPX vulnerabilities may actually be related to a TIBCO
SmartSocket DLL, but this has not been confirmed. We may update this BID as
more information emerges.
Borland StarTeam Server 2008 and MPX products are vulnerable to these issues;
other versions may also be affected.
4. Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
BugTraq ID: 28025
Remote: Yes
Date Published: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28025
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to cause crashes and deny service
to legitimate users of the application. Attackers may be able to leverage some
of these vulnerabilities to execute arbitrary code, but this has not been
confirmed.
Wireshark 0.6.0 to 0.99.7 are affected.
5. activePDF Server Packet Processing Remote Heap Overflow Vulnerability
BugTraq ID: 28013
Remote: Yes
Date Published: 2008-02-27
Relevant URL: http://www.securityfocus.com/bid/28013
Summary:
activePDF Server is prone to a remote heap-overflow vulnerability because it
fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of
the affected application. Failed attacks will likely cause denial-of-service
conditions.
This issue affects activePDF Server 3.8.4 and 3.8.5.14; other versions may be
affected as well.
6. RETIRED: Microsoft Word Unspecified Remote Code Execution Vulnerability
BugTraq ID: 28011
Remote: Yes
Date Published: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/28011
Summary:
Microsoft Word is prone to an unspecified remote code-execution vulnerability.
Very few details are available regarding this issue. We will update this BID as
more information emerges.
It is unknown at this time which specific versions of the application are
affected.
NOTE: This BID is being retired because the vulnerability is already covered in
BID 23804 (Microsoft Word Array Remote Code Execution Vulnerability).
7. Symantec Backup Exec Scheduler ActiveX Control Multiple Arbitrary File
Overwrite Vulnerabilities
BugTraq ID: 28008
Remote: Yes
Date Published: 2008-02-28
Relevant URL: http://www.securityfocus.com/bid/28008
Summary:
Symantec Backup Exec is prone to multiple vulnerabilities that allow attackers
overwrite arbitrary files.
An attacker can exploit these issues by enticing an unsuspecting victim to view a malicious HTML page.
Successfully exploiting these issues will allow the attacker to corrupt and
overwrite arbitrary files on the victim's computer in the context of the
vulnerable application using the ActiveX control (typically Internet Explorer).
8. Symantec Decomposer RAR File Remote Buffer Overflow Vulnerability
BugTraq ID: 27913
Remote: Yes
Date Published: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27913
Summary:
Symantec Decomposer is prone to a remote buffer-overflow vulnerability because
the application fails to properly bounds-check user-supplied input before
copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary machine code with the
privileges of the user running the affected application. Failed exploit
attempts will result in a denial-of-service condition.
The following products are affected:
- Symantec Scan Engine 5.1.4.24 and prior
- Symantec AntiVirus Scan Engine 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging 4.3.16.39 and prior
- Symantec AntiVirus for Network Attached Storage 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching 4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) prior to
3.2.2
- Symantec Mail Security for Microsoft Exchange 4.6.5.12 and prior as well as
5.0.4.363 and prior
9. Symantec Decomposer Resource Consumption Denial of Service Vulnerability
BugTraq ID: 27911
Remote: Yes
Date Published: 2008-02-26
Relevant URL: http://www.securityfocus.com/bid/27911
Summary:
Symantec Decomposer is prone to a denial-of-service vulnerability because it
fails to adequately parse certain user-supplied input.
Attackers can exploit this issue to exhaust memory resources and cause
denial-of-service conditions.
The following products are affected:
- Symantec Scan Engine 5.1.4.24 and prior
- Symantec AntiVirus Scan Engine 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging 4.3.16.39 and prior
- Symantec AntiVirus for Network Attached Storage 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching 4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) prior to
3.2.2
- Symantec Mail Security for Microsoft Exchange 4.6.5.12 and prior as well as
5.0.4.363 and prior.
10. Symantec Backup Exec Scheduler ActiveX Control Multiple Stack Based Buffer
Overflow Vulnerabilities
BugTraq ID: 26904
Remote: Yes
Date Published: 2008-02-28
Relevant URL: http://www.securityfocus.com/bid/26904
Summary:
An ActiveX control in the scheduler component of Symantec Backup Exec is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting these issues allows remote attackers to execute
arbitrary code in the context of the application using the ActiveX control
(typically Internet Explorer). Failed exploit attempts likely result in
denial-of-service conditions.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe
Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.
www.blackhat.com
