SecurityFocus Microsoft Newsletter #418 ----------------------------------------
This issue is sponsored by HP: Download a FREE trial of HP WebInspect Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities. HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results. https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Secutiy_Focus/3-1QN6MII_3-UTM2ZJ/20081015&origin_id=3-1QN6MII SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Clicking to the Past 2. The Vice of Vice Presidential E-Mail II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Internet Explorer ' ' Address Bar URI Spoofing Vulnerability 2. PumpKIN Mode Field Remote Denial of Service Vulnerability 3. TUGZip ZIP File Remote Buffer Overflow Vulnerability 4. SilverSHielD 'opendir()' Remote Denial of Service Vulnerability 5. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability 6. freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability 7. Multiple EMC NetWorker Products 'nsrexecd.exe' RPC Request Denial of Service Vulnerability 8. Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass Vulnerability 9. IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities 10. Multiple Vendor Web Browser FTP Client Cross Site Scripting Weakness 11. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities 12. Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #417 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Clicking to the Past By Chris Wysopal When the first details trickled out about a new attack, dubbed .clickjacking. by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker.s behalf is one of the oldest attack vectors in the book. http://www.securityfocus.com/columnists/483 2a .The Vice of Vice Presidential E-Mail By Mark Rasch Is it a crime to read someone else's e-mail without their consent? Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business. In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins http://www.securityfocus.com/columnists/482 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft Internet Explorer ' ' Address Bar URI Spoofing Vulnerability BugTraq ID: 31960 Remote: Yes Date Published: 2008-10-27 Relevant URL: http://www.securityfocus.com/bid/31960 Summary: Internet Explorer is affected by a URI-spoofing vulnerability because it fails to adequately handle specific combinations of the non-breaking space character (' '). An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source URI of a trusted site while interacting with the attacker's malicious site. Internet Explorer 6 is affected by this issue. 2. PumpKIN Mode Field Remote Denial of Service Vulnerability BugTraq ID: 31922 Remote: Yes Date Published: 2008-10-25 Relevant URL: http://www.securityfocus.com/bid/31922 Summary: PumpKIN is prone to a remote denial-of-service vulnerability because the server fails to handle exceptional conditions. Successfully exploiting this issue would cause the affected application to become unresponsive, denying service to legitimate users. The issue affects PumpKIN 2.7.2.0; other versions may also be vulnerable. 3. TUGZip ZIP File Remote Buffer Overflow Vulnerability BugTraq ID: 31913 Remote: Yes Date Published: 2008-10-25 Relevant URL: http://www.securityfocus.com/bid/31913 Summary: TUGZip is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. TUGZip 3.00 is vulnerable; other versions may also be affected. 4. SilverSHielD 'opendir()' Remote Denial of Service Vulnerability BugTraq ID: 31884 Remote: Yes Date Published: 2008-10-23 Relevant URL: http://www.securityfocus.com/bid/31884 Summary: SilverSHielD is prone to a denial-of-service vulnerability because the application fails to handle excessive user input. An attacker may exploit this issue to crash the vulnerable application, resulting in a denial-of-service condition. SilverSHielD 1.0.2.34 is vulnerable; other versions may also be affected. 5. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability BugTraq ID: 31874 Remote: Yes Date Published: 2008-10-22 Relevant URL: http://www.securityfocus.com/bid/31874 Summary: Microsoft Windows is prone to a remote-code execution vulnerability that affects RPC (Remote Procedure Call) handling in the Server service. An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of vulnerable computers. This issue may be prone to widespread automated exploits. Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue. This vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. 6. freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability BugTraq ID: 31872 Remote: Yes Date Published: 2008-10-22 Relevant URL: http://www.securityfocus.com/bid/31872 Summary: freeSSHd is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects freeSSHd 1.2.1; other versions may also be affected. 7. Multiple EMC NetWorker Products 'nsrexecd.exe' RPC Request Denial of Service Vulnerability BugTraq ID: 31866 Remote: Yes Date Published: 2008-10-22 Relevant URL: http://www.securityfocus.com/bid/31866 Summary: Multiple EMC NetWorker products are prone to a denial-of-service vulnerability. Attackers can exploit this issue by sending malicious RPC requests, causing affected applications to consume resources until they become unresponsive. Repeated requests can lead to a denial-of-service condition. 8. Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass Vulnerability BugTraq ID: 31864 Remote: Yes Date Published: 2008-10-22 Relevant URL: http://www.securityfocus.com/bid/31864 Summary: Cisco PIX and ASA is prone to an authentication-bypass vulnerability. Remote attackers can exploit this issue to gain unauthorized access to the affected devices. Successfully exploiting this issue will lead to other attacks. This issue is being monitored by Cisco Bug ID CSCsj25896. 9. IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities BugTraq ID: 31856 Remote: Yes Date Published: 2008-10-21 Relevant URL: http://www.securityfocus.com/bid/31856 Summary: IBM DB2 Universal Database is prone to multiple vulnerabilities. Successful exploits may allow attackers to obtain sensitive information or cause a denial-of-service condition. Versions prior to DB2 9.1 Fixpak 6 are affected. 10. Multiple Vendor Web Browser FTP Client Cross Site Scripting Weakness BugTraq ID: 31855 Remote: Yes Date Published: 2008-10-21 Relevant URL: http://www.securityfocus.com/bid/31855 Summary: Multiple vendors' web browsers are prone a cross-site scripting weakness that arises because the software fails to handle specially crafted files served using the FTP protocol. Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an FTP session. This may allow the attacker to perform malicious actions in a user's browser or redirect the user to a malicious site; other attacks are also possible. 11. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities BugTraq ID: 31838 Remote: Yes Date Published: 2008-10-20 Relevant URL: http://www.securityfocus.com/bid/31838 Summary: Wireshark is prone to multiple denial-of-service vulnerabilities. Exploiting these issue may allow attackers to crash the application or cause the application to crash, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed. These issues affect Wireshark 0.10.3 up to and including 1.0.3. 12. Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation Vulnerability BugTraq ID: 31766 Remote: No Date Published: 2008-10-20 Relevant URL: http://www.securityfocus.com/bid/31766 Summary: Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to bypass security settings and gain privileged access. Successfully exploiting this issue will result in the complete compromise of affected computers. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #417 http://www.securityfocus.com/archive/88/497792 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by HP: Download a FREE trial of HP WebInspect Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities. HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results. https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Secutiy_Focus/3-1QN6MII_3-UTM2ZJ/20081015&origin_id=3-1QN6MII
