SecurityFocus Microsoft Newsletter #410 ----------------------------------------
This issue is sponsored by Sponsored by Motorola Good technology Mobile Device Security: Securing the Handheld, Securing the Enterprise. Mobile devices represent a tremendous productivity advantage for today's mobile worker. However, IT organizations must give consideration to the deployment of device security policies in order to provide the level of security that enterprises require http://dinclinx.com/Redirect.aspx?36;1267;45;189;0;13;1ea6f133b6f4a2b1 SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Get Off My Cloud 2.An Astonishing Collaboration II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft September 2008 Advance Notification Multiple Vulnerabilities 2. Wireshark 1.0.2 Multiple Vulnerabilities 3. Moodle Multiple Remote File Include Vulnerabilities 4. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities 5. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities 6. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability 7. Retired: Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability 8. PureMessage for Microsoft Exchange RTF Multiple Denial Of Service Vulnerabilities 9. Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability 10. Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability 11. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability 12. JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability 13. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #409 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Get Off My Cloud By Mark Rasch One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple. More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing." http://www.securityfocus.com/columnists/478 2.An Astonishing Collaboration By Dan Kaminsky Wow. It's out. It's finally, finally out. Sweet! http://www.securityfocus.com/columnists/477 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft September 2008 Advance Notification Multiple Vulnerabilities BugTraq ID: 31014 Remote: Yes Date Published: 2008-09-04 Relevant URL: http://www.securityfocus.com/bid/31014 Summary: Microsoft has released advance notification that the vendor will be releasing four security bulletins on September 9, 2008. The highest severity rating for these issues is 'Critical'. Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. Individual records will be created to document the issues when the bulletins are released. 2. Wireshark 1.0.2 Multiple Vulnerabilities BugTraq ID: 31009 Remote: Yes Date Published: 2008-09-03 Relevant URL: http://www.securityfocus.com/bid/31009 Summary: Wireshark is prone to multiple vulnerabilities, including buffer-overflow and denial-of-service issues. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed. These issues affect Wireshark 0.9.7 up to and including 1.0.2. 3. Moodle Multiple Remote File Include Vulnerabilities BugTraq ID: 30995 Remote: Yes Date Published: 2008-09-03 Relevant URL: http://www.securityfocus.com/bid/30995 Summary: Moodle is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible. These issues affect Moodle 1.8.4; other versions may also be affected. 4. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities BugTraq ID: 30993 Remote: Yes Date Published: 2008-09-03 Relevant URL: http://www.securityfocus.com/bid/30993 Summary: Open-FTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed. Open-FTPD 1.2 is vulnerable; other versions may also be affected. 5. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 30992 Remote: Yes Date Published: 2008-09-03 Relevant URL: http://www.securityfocus.com/bid/30992 Summary: @Mail and @Mail WebMail are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. These issues affect the following versions: @Mail WebMail 5.05 running on Microsoft Windows @Mail 5.42 running on CentOS Other versions running on different platforms may also be affected. 6. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability BugTraq ID: 30970 Remote: Yes Date Published: 2008-09-02 Relevant URL: http://www.securityfocus.com/bid/30970 Summary: Softalk Mail Server is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Softalk Mail Server 8.5.1 is vulnerable; other versions may also be affected. 7. Retired: Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability BugTraq ID: 30933 Remote: Yes Date Published: 2008-08-29 Relevant URL: http://www.securityfocus.com/bid/30933 Summary: Microsoft Windows is prone to a heap-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF files. A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer. NOTE: This BID is being retired because further analysis indicates that this vulnerability is the same issue described in BID 28571 (Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability). 8. PureMessage for Microsoft Exchange RTF Multiple Denial Of Service Vulnerabilities BugTraq ID: 30881 Remote: Yes Date Published: 2008-08-28 Relevant URL: http://www.securityfocus.com/bid/30881 Summary: PureMessage for Microsoft Exchange is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly process certain messages. An attacker may exploit these issues to crash the affected application, denying service to legitimate users. PureMessage 3.0 is vulnerable; other versions may also be affected. 9. Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability BugTraq ID: 30863 Remote: Yes Date Published: 2008-08-27 Relevant URL: http://www.securityfocus.com/bid/30863 Summary: Ultra Office Control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input. Successful exploits may allow attackers to compromise affected computers. Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected. 10. Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability BugTraq ID: 30861 Remote: Yes Date Published: 2008-08-27 Relevant URL: http://www.securityfocus.com/bid/30861 Summary: Ultra Office Control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected. 11. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability BugTraq ID: 30832 Remote: Yes Date Published: 2008-08-26 Relevant URL: http://www.securityfocus.com/bid/30832 Summary: LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running an application that uses the affected library. Failed exploit attempts will likely crash applications using the affected library. LibTIFF 3.7.2 and 3.8.2 are vulnerable. 12. JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability BugTraq ID: 30828 Remote: Yes Date Published: 2008-08-26 Relevant URL: http://www.securityfocus.com/bid/30828 Summary: Ichitaro is prone to an unspecified remote code-execution vulnerability. Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition. Ichitaro 2008 is vulnerable; other versions may also be affected. 13. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability BugTraq ID: 30818 Remote: No Date Published: 2008-08-25 Relevant URL: http://www.securityfocus.com/bid/30818 Summary: DriveCrypt is prone to a security vulnerability that may cause a denial-of-service condition or allow attackers to gain access to plain text passwords. Local attackers can exploit this issue to gain access to access to sensitive information or cause the affected computer to reboot. DriveCrypt Plus Pack version 3.9 is vulnerable; other versions may also be affected. Note: This vulnerability is the same issue described in BID 15751 (Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness) therefore this BID is being retired. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #409 http://www.securityfocus.com/archive/88/495853 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Sponsored by Motorola Good technology Mobile Device Security: Securing the Handheld, Securing the Enterprise. Mobile devices represent a tremendous productivity advantage for today's mobile worker. However, IT organizations must give consideration to the deployment of device security policies in order to provide the level of security that enterprises require http://dinclinx.com/Redirect.aspx?36;1267;45;189;0;13;1ea6f133b6f4a2b1
