SecurityFocus Microsoft Newsletter #386
----------------------------------------
This issue is sponsored by GlobalSCAPE
Learn how GlobalSCAPE's Enhanced File Transfer (EFT) Server helped Aon's Human
Capital division increase productivity and security by streamlining data
transfers and data automation processes while making savings of almost
$300,000. By using EFT Server they ensured the security and integrity of their
file transfers and made it possible not only for Aon to control their own
customizations but also to provide secure automatic data translation in real
time which benefited employees and customers.
Download the AON case study - http://www.globalscape.com/files/case_AON.pdf
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Catch Them if You can
2.Integrating More Intelligence into Your IDS, Part 2
II. MICROSOFT VULNERABILITY SUMMARY
1. Check Point VPN-1 IP Address Collision Denial of Service Vulnerability
2. Microsoft Internet Explorer CreateTextRange.text Denial of Service
Vulnerability
3. Apple Safari Prior to 3.1 Multiple Security Vulnerabilities
4. Home FTP Server Remote Denial of Service Vulnerability
5. Alt-N MDaemon IMAP Server FETCH Command Remote Buffer Overflow
Vulnerability
6. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote
Vulnerabilities
7. RETIRED: Microsoft Internet Explorer FTP Cross-Site Command Injection
Vulnerability
8. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting
Vulnerability
9. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
10. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
11. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation
Vulnerability
12. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of
Service Vulnerabilities
13. Microsoft Excel Conditional Formatting Values Remote Code Execution
Vulnerability
14. Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability
15. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
16. Microsoft Excel Style Record Remote Code Execution Vulnerability
17. MailEnable SMTP EXPN/VRFY Commands Denial of Service Vulnerability
18. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
19. Microsoft Office File Memory Corruption Vulnerability
20. Microsoft Office Web Components ActiveX Control DataSource Remote
Code Execution Vulnerability
21. Microsoft Office Web Components ActiveX Control URL Parsing Remote
Code Execution Vulnerability
22. Microsoft Excel Import Remote Code Execution Vulnerability
23. Microsoft Excel Data Validation Record Heap Memory Corruption
Vulnerability
24. Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. More along the lines of malware disinfection
2. Compromised WinXP box prob
3. SecurityFocus Microsoft Newsletter #385
4. Temp directory is odd
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While
many "breaches" consist of lost data or a stolen laptop, true breaches -- where
a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468
2.Integrating More Intelligence into Your IDS, Part 2
By Don Parker and Ryan Wegner
The more an intrusion detection system (IDS) knows about the network it is trying to protect, the better it will be able to protect the network. This is the fundamental principle behind target-based intrusion detection, where an IDS knows about the hosts on the network.
http://www.securityfocus.com/infocus/1899
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Check Point VPN-1 IP Address Collision Denial of Service Vulnerability
BugTraq ID: 28299
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28299
Summary:
Check Point VPN-1 is prone to a denial-of-service vulnerability that can allow
attackers to obtain sensitive information. The issue occurs because the
application fails to adequately handle IP address collisions.
Attackers can exploit this issue to break site-to-site VPN connectivity between
a VPN-1 gateway and a third party, denying access to legitimate users. If
SecuRemote back-connections are enabled, the attacker can leverage this issue
to re-route site-to-site VPN traffic from the VPN gateway to their SecuRemote
client. Under certain conditions, this will cause data that was destined for
the third party to be sent to the attacker's client instead. This could contain
sensitive information that would aid in further attacks.
2. Microsoft Internet Explorer CreateTextRange.text Denial of Service
Vulnerability
BugTraq ID: 28295
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28295
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability
because the application fails to handle certain JavaScript code.
This issue is triggered when a remote attacker entices a victim to visit a
malicious site.
Attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
3. Apple Safari Prior to 3.1 Multiple Security Vulnerabilities
BugTraq ID: 28290
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28290
Summary:
Apple Safari is prone to 12 security vulnerabilities.
Attackers may exploit these issues to execute arbitrary code, steal
cookie-based authentication credentials, spoof secure websites, obtain
sensitive information, and crash the affected application. Other attacks are
also possible.
These issues affect versions prior to Apple Safari 3.1 running on Apple Mac OS
X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.
4. Home FTP Server Remote Denial of Service Vulnerability
BugTraq ID: 28283
Remote: Yes
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28283
Summary:
Home FTP Server is prone to a remote denial-of-service vulnerability because it
fails to handle user-supplied input.
Successfully exploiting this issue allows remote attackers to crash the
affected application, denying service to legitimate users.
5. Alt-N MDaemon IMAP Server FETCH Command Remote Buffer Overflow Vulnerability
BugTraq ID: 28245
Remote: Yes
Date Published: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/28245
Summary:
Alt-N MDaemon IMAP Server is affected by a remote buffer-overflow vulnerability
because the application fails to perform adequate boundary checks on
user-supplied data before copying it into an insufficiently sized buffer.
Attackers may leverage this issue to execute arbitrary code with SYSTEM-level
privileges. Successful exploits will completely compromise affected computers.
Alt-N MDaemon 9.6.4 is vulnerable; other versions may also be affected.
6. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote
Vulnerabilities
BugTraq ID: 28222
Remote: Yes
Date Published: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28222
Summary:
Cisco User-Changeable Password (UCP) is prone to multiple remote
vulnerabilities, including cross-site scripting and buffer-overflow
vulnerabilities.
Exploiting the cross-site scripting issues may help the attacker steal
cookie-based authentication credentials and launch other attacks. Exploiting
the buffer-overflow vulnerabilities allows attackers to execute code in the
context of the affected application, facilitating the remote compromise of
affected computers.
The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The
cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.
These issues affect versions prior to UCP 4.2 when running on Microsoft Windows.
7. RETIRED: Microsoft Internet Explorer FTP Cross-Site Command Injection
Vulnerability
BugTraq ID: 28208
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28208
Summary:
Microsoft Internet Explorer is prone to a vulnerability that occurs because the
application fails to adequately sanitize user-supplied data in FTP URI requests.
An attacker can leverage this issue by enticing an unsuspecting user to follow
a maliciously crafted URI. Successful exploits will allow attackers to submit
arbitrary commands to arbitrary FTP servers on behalf of unsuspecting users.
This issue affects Internet Explorer 5 and 6; prior versions may also be
affected.
Note that access to some FTP servers may require valid authentication
credentials.
NOTE: This issue is being retired because the issue is already covered in BID
11826 (Microsoft Internet Explorer FTP URI Arbitrary FTP Server Command
Execution Vulnerability).
8. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting
Vulnerability
BugTraq ID: 28191
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28191
Summary:
ManageEngine ServiceDesk Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch
other attacks.
ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Microsoft Windows is
vulnerable; other versions may be affected as well.
9. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
BugTraq ID: 28188
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28188
Summary:
ASG-Sentry is prone to multiple remote vulnerabilities:
- A heap-based buffer-overflow vulnerability
- A stack-based buffer-overflow vulnerability
- A denial-of-service vulnerability
- An arbitrary-file-deletion vulnerability
An attacker can exploit these issues to execute arbitrary code within the context of the affected application, crash the affected application, consume all CPU resources, and delete data contained in arbitrary files. Other attacks are possible.
These issues affect ASG-Sentry 7.0.0; other versions may also be affected.
10. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
BugTraq ID: 28186
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28186
Summary:
Motorola Timbuktu Pro is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues will allow attackers to crash the affected application,
denying further service to legitimate users.
11. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation
Vulnerability
BugTraq ID: 28185
Remote: No
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28185
Summary:
SAP MaxDB is prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to execute arbitrary code with
superuser privileges. This will lead to the complete compromise of an affected
computer.
This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms. Other
UNIX variants are most likely affected. Microsoft Windows versions are not
vulnerable to this issue.
12. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of
Service Vulnerabilities
BugTraq ID: 28182
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28182
Summary:
Acronis Snap Deploy is prone to a directory-traversal vulnerability and a denial-of-service vulnerability.
Exploiting these issues will allow attackers to obtain sensitive information or
crash the affected application, denying further service to legitimate users.
13. Microsoft Excel Conditional Formatting Values Remote Code Execution
Vulnerability
BugTraq ID: 28170
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28170
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
14. Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability
BugTraq ID: 28168
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28168
Summary:
Microsoft Excel is prone to a heap-based buffer-overflow vulnerability. This
issue occurs because the application fails to perform adequate boundary-checks
on user-supplied data.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
15. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
BugTraq ID: 28167
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28167
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
16. Microsoft Excel Style Record Remote Code Execution Vulnerability
BugTraq ID: 28166
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28166
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
17. MailEnable SMTP EXPN/VRFY Commands Denial of Service Vulnerability
BugTraq ID: 28154
Remote: Yes
Date Published: 2008-03-09
Relevant URL: http://www.securityfocus.com/bid/28154
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.
This issue arises in the SMTP server and may result in a crash of the affected service.
This issue affects all versions of MailEnable Standard Edition, Professional
Edition, and Enterprise Edition.
18. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
BugTraq ID: 28147
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28147
Summary:
Microsoft Outlook is prone to a remote code-execution vulnerability because the
application fails to adequately validate user-supplied data.
Successfully exploiting this issue will allow attackers to execute arbitrary
code with the privileges of the currently logged-in user. This will facilitate
the remote compromise of affected computers.
19. Microsoft Office File Memory Corruption Vulnerability
BugTraq ID: 28146
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28146
Summary:
Microsoft Office is prone to a remote memory-corruption vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Office file.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user.
20. Microsoft Office Web Components ActiveX Control DataSource Remote Code
Execution Vulnerability
BugTraq ID: 28136
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28136
Summary:
Microsoft Office Web Components is prone to a remote code-execution
vulnerability.
An attacker may exploit this issue by enticing victims into opening a
maliciously crafted HTML document.
Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the application using the ActiveX control (typically
Internet Explorer). Failed exploit attempts will likely result in
denial-of-service conditions.
21. Microsoft Office Web Components ActiveX Control URL Parsing Remote Code
Execution Vulnerability
BugTraq ID: 28135
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28135
Summary:
Microsoft Office Web Components is prone to a remote code-execution
vulnerability.
An attacker may exploit this issue by enticing victims into opening a
maliciously crafted HTML document.
Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the application using the ActiveX control (typically
Internet Explorer). Failed exploit attempts will likely result in
denial-of-service conditions.
22. Microsoft Excel Import Remote Code Execution Vulnerability
BugTraq ID: 28095
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28095
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
23. Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability
BugTraq ID: 28094
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28094
Summary:
Microsoft Excel is prone to a heap memory-corruption vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
24. Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities
BugTraq ID: 28081
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28081
Summary:
Timbuktu Pro is prone to an arbitrary-file-upload vulnerability and a
vulnerability that allows attackers to disrupt the logging of events.
An attacker can exploit these issues to upload arbitrary files and prevent the
logging of events. This may lead to other attacks.
Timbuktu Pro 8.6.5 for Windows is vulnerable; other versions running on
different platforms may also be affected.
The file-upload vulnerability may be related to BID 25453 (Motorola Timbuktu
Pro Directory Traversal Vulnerability).
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. More along the lines of malware disinfection
http://www.securityfocus.com/archive/88/489751
2. Compromised WinXP box prob
http://www.securityfocus.com/archive/88/489695
3. SecurityFocus Microsoft Newsletter #385
http://www.securityfocus.com/archive/88/489513
4. Temp directory is odd
http://www.securityfocus.com/archive/88/489429
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by GlobalSCAPE
Learn how GlobalSCAPE's Enhanced File Transfer (EFT) Server helped Aon's Human
Capital division increase productivity and security by streamlining data
transfers and data automation processes while making savings of almost
$300,000. By using EFT Server they ensured the security and integrity of their
file transfers and made it possible not only for Aon to control their own
customizations but also to provide secure automatic data translation in real
time which benefited employees and customers.
Download the AON case study - http://www.globalscape.com/files/case_AON.pdf
