--- Begin Message ---
SecurityFocus Microsoft Newsletter #211
----------------------------------------
This issue sponsored by: SPI Dynamics
ALERT: "How Hackers Launch Blind SQL Injection Attacks- New White Paper
The newest web app vulnerability? Blind SQL Injection!
Even if your web application does not return error messages, it may still
be open to a Blind SQL Injection Attack. Blind SQL Injection can deliver
total control of your server to a hacker giving them the ability to read,
write and manipulate all data stored in your backend systems! Download this
*FREE* white paper from SPI Dynamics for a complete guide to protection!
http://www.securityfocus.com/sponsor/SPIDynamics_ms-secnews_041020
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Securing Exchange With ISA Server 2004
II. MICROSOFT VULNERABILITY SUMMARY
1. MySQL Multiple Local Vulnerabilities
2. Macromedia ColdFusion MX CreateObject And CFOBJECT Java Exte...
3. Microsoft Windows Kernel Local Denial of Service Vulnerabili...
4. Microsoft Internet Explorer Install Engine ActiveX Control B...
5. Microsoft Internet Explorer Heartbeat ActiveX Control Unspec...
6. OCPortal Content Management System Remote File Include Vulne...
7. Microsoft Windows Kernel Virtual DOS Machine Privilege Escal...
8. IceWarp Web Mail Multiple Unspecified Remote Input Validatio...
9. Microsoft Windows NetDDE Remote Buffer Overflow Vulnerabilit...
10. Microsoft Excel File Handler Buffer Overflow Vulnerability
11. Microsoft SMTP Service and Exchange Routing Engine Buffer Ov...
12. Microsoft Windows WMF/EMF Image Format Rendering Remote Buff...
13. Microsoft CABARC Directory Traversal Vulnerability
14. Microsoft Internet Explorer Double Byte Character Set Handli...
15. Microsoft Window Management API Local Privilege Escalation V...
16. Microsoft NNTP Component Heap Overflow Vulnerability
17. Microsoft RPC Runtime Library Remote Denial Of Service And I...
18. Microsoft Internet Explorer Plug-in Navigations Handling Add...
19. Microsoft Windows Compressed (zipped) Folder Buffer Overflow...
20. Microsoft Internet Explorer Secure Sockets Layer Caching Vul...
21. Microsoft IIS Server WebDAV XML Requests Denial of Service V...
22. Adobe Acrobat Reader Remote Access Validation Vulnerability
23. Microsoft Windows 2003 Services Default SACL Access Right We...
24. Microsoft Internet Explorer Unspecified showHelp Zone Bypass...
25. Research In Motion Blackberry Remote Denial of Service Vulne...
26. SCT Campus Pipeline Render.UserLayoutRootNode.uP Cross-Site ...
27. LibTIFF Multiple Buffer Overflow Vulnerabilities
28. ShixxNOTE 6.net Remote Buffer Overflow Vulnerability
29. Microsoft Windows XP Weak Default Configuration Vulnerabilit...
30. Macromedia JRun Management Console HTML Injection Vulnerabil...
31. Microsoft Frontpage Asycpict.DLL JPEG Handling Remote Denial...
32. Macromedia JRun Session ID Cookie HTTP Response Splitting Vu...
33. Macromedia JRun Management Console Administrative Session Fi...
34. MailEnable Multiple Remote Denial Of Service Vulnerabilities
35. Ideal Science IdealBB Multiple Unspecified Remote Input Vali...
36. CyberStrong eShop ASP Shopping Cart Unspecified Cross-Site S...
37. Express-Web Content Management System Unspecified Cross-Site...
38. DevoyBB Forum Multiple Unspecified Remote Input Validation V...
39. WowBB Forum Multiple Unspecified Remote Input Validation Vul...
40. Yak! Chat Client FTP Server Directory Traversal Vulnerabilit...
III. MICROSOFT FOCUS LIST SUMMARY
1. Remote connections (Thread)
2. Remove domain user from local administrators group (Thread)
3. Can we really block users from installing applicatio... (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Firewall RuleMaker
2. CAT Cellular Authentication Token and eAuthentication Servic...
3. KeyCaptor Keylogger
4. SpyBuster
5. FreezeX
6. NeoExec for Active Directory
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. ByteShelter I 1.0
2. DiskInternals Uneraser 2.01
3. DiskInternals NTFS Reader 1.01
4. Airscanner Mobile Firewall 1.0
5. SiVuS, The VoIP Vulnerability Scanner 1.07
6. XArp 0.1.5
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Securing Exchange With ISA Server 2004
By Jonathan Hassell
This article will highlight the security issues involved with providing
Outlook Web Access or full Outlook client connections over the Internet,
and then discuss how Microsoft's new ISA Server 2004 can be configured to
mitigate these threats.
http://www.securityfocus.com/infocus/1807
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. MySQL Multiple Local Vulnerabilities
BugTraq ID: 11357
Remote: No
Date Published: Oct 11 2004
Relevant URL: http://www.securityfocus.com/bid/11357
Summary:
MySQL is reported prone to multiple local vulnerabilities. These issues may
allow an attacker to bypass security restrictions or cause a denial of service
condition in the application.
It is reported that an attacker can bypass certain security restrictions and
gain access to and corrupt potentially sensitive data due to an error in 'ALTER
TABLE ... RENAME' operations.
A denial of service condition presents itself when multiple threads ALTER MERGE
tables to change the UNION.
Due to a lack of details, further information is not available at the moment.
This BID will be updated as more information becomes available.
2. Macromedia ColdFusion MX CreateObject And CFOBJECT Java Exte...
BugTraq ID: 11364
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11364
Summary:
It is reported that ColdFusion MX contains a weakness that allows all
developers to utilize the CFOBJECT tag and the CreateObject function to execute
potentially malicious code in the context of the affected application server.
This weakness allows malicious developers to execute code that is not
appropriate for a shared server environment, or to perform administrative
actions in the context of the affected application server. Malicious developers
may possibly exploit this weakness to aid them in further application or system
attacks.
Versions 6.0 and 6.1 of Macromedia ColdFusion MX are reported to be affected by
this weakness.
3. Microsoft Windows Kernel Local Denial of Service Vulnerabili...
BugTraq ID: 11365
Remote: No
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11365
Summary:
The Microsoft Windows kernel is prone to a denial of service vulnerability.
This issue can allow a local attacker to cause a vulnerable computer to stop
responding and restart. This can effectively deny service to legitimate users.
This issue does not pose a privilege escalation threat.
4. Microsoft Internet Explorer Install Engine ActiveX Control B...
BugTraq ID: 11366
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11366
Summary:
A remotely exploitable buffer overflow vulnerability exists in the Microsoft
Internet Explorer Install Engine ActiveX control. This vulnerability is caused
by insufficient bounds checking of arguments passed to the control.
The vulnerability may be exploited to execute arbitrary code in the context of
the client user.
** Update: NGSSoftware has released a preliminary advisory for this issue
announcing that technical details will be withheld until January 19th, 2005.
5. Microsoft Internet Explorer Heartbeat ActiveX Control Unspec...
BugTraq ID: 11367
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11367
Summary:
An unspecified vulnerability exists in the Microsoft Internet Explorer
Heartbeat MSN gaming ActiveX control (heartbeat.ocx).
6. OCPortal Content Management System Remote File Include Vulne...
BugTraq ID: 11368
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11368
Summary:
Reportedly ocPortal is affected by a remote file include vulnerability. This
issue is due to a failure of the application to sanitize user supplied URI
input.
An attacker might leverage this issue to run arbitrary server side script code
on a vulnerable computer with the privileges of the web server process. This
may potentially result in a compromise of the vulnerable computer as well as
other attacks.
7. Microsoft Windows Kernel Virtual DOS Machine Privilege Escal...
BugTraq ID: 11369
Remote: No
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11369
Summary:
Microsoft Windows Kernel Virtual DOS Machine is reported prone to a local
privilege escalation vulnerability.
The Microsoft Virtual DOS Machine (VDM) is a protected environment that
emulates MS-DOS on Windows NT-based operating systems. This issue arises due
to an access validation error. A local attacker can exploit this vulnerability
to gain elevated privileges on a vulnerable computer.
8. IceWarp Web Mail Multiple Unspecified Remote Input Validatio...
BugTraq ID: 11371
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11371
Summary:
Multiple unspecified remote input validation vulnerabilities reportedly affect
IceWarp Web Mail. These issues are due to a failure of the application to
validate or filter user-supplied input.
Although the impact of all of these issues is currently unknown, it is known
that an attacker can exploit some of these issues to carry out cross-site
scripting attacks.
9. Microsoft Windows NetDDE Remote Buffer Overflow Vulnerabilit...
BugTraq ID: 11372
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11372
Summary:
Microsoft Windows NetDDE is affected by a remote buffer overflow vulnerability.
This issue is due to a failure of the application to properly verify the
lengths of strings contained within unspecified network messages prior to
copying them into finite buffers.
It should be noted that NetDDE is not activated by default on Windows computers.
An attacker may leverage this issue to execute arbitrary code on an affected
computer with SYSTEM privileges. It is also noted that in some circumstances,
where NetDDE services have been installed but not started, local attackers
might exploit this issue to gain elevated privileges since it may be possible
for an unprivileged user to start the services.
** Update: NGSSoftware has released a preliminary advisory for this issue
announcing that technical details will be withheld until January 19th, 2005.
** Update: Immunity Research has reported that a remote attacker may require
authentication prior to the exploitation of this vulnerability. Further details
of this report can be found in the referenced message "ms04-031 pre-auth ??".
10. Microsoft Excel File Handler Buffer Overflow Vulnerability
BugTraq ID: 11373
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11373
Summary:
Microsoft Excel is reported prone to an buffer overflow vulnerability. The
issue presents itself when the vulnerable software handles a malicious Excel
file.
Ultimately a remote attacker may exploit this vulnerability to execute
arbitrary code. Code execution will occur in the context of a user that is
using a vulnerable version of Excel to view a malicious Excel spreadsheet.
11. Microsoft SMTP Service and Exchange Routing Engine Buffer Ov...
BugTraq ID: 11374
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11374
Summary:
The Microsoft Windows 2003 SMTP Service and Exchange Routing Engine have been
reported prone to a buffer overflow. This occurs during the processing
responses to DNS lookups. Successful exploitation could allow for remote code
execution in the context of the vulnerable service.
12. Microsoft Windows WMF/EMF Image Format Rendering Remote Buff...
BugTraq ID: 11375
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11375
Summary:
Microsoft Windows WMF/EMF image rendering library is affected by a remote
buffer overflow vulnerability. This issue is due to a failure of the affected
library to properly verify the lengths of strings contained within an affected
image file prior to copying them into finite buffers.
Any code execution that occurs will take place with SYSTEM privileges due to
the nature of the affected library. This will also permit local privilege
escalation attacks.
13. Microsoft CABARC Directory Traversal Vulnerability
BugTraq ID: 11376
Remote: No
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11376
Summary:
CABARC is reported prone to a directory traversal vulnerability. This issue
may allow a local attacker to gain access to potentially sensitive files on a
vulnerable computer.
It is reported that an attacker can escape the path by supplying '../'
character sequences.
14. Microsoft Internet Explorer Double Byte Character Set Handli...
BugTraq ID: 11377
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11377
Summary:
It is reported that Microsoft Internet Explorer is prone to a vulnerability
that may allow a malicious Web page to spoof the address bar of the browser.
This vulnerability presents itself due to a malfunction that occurs when
certain double byte characters are encountered. As a result, this vulnerability
will only affect computers that are configured to employ double byte character
sets.
This could be used to lure Web users into a false sense of trust since a
malicious or spoofed site may pose as a site that is trusted by the user.
15. Microsoft Window Management API Local Privilege Escalation V...
BugTraq ID: 11378
Remote: No
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11378
Summary:
Microsoft has reported that several unspecified Window Management API functions
can allow a local attacker to change the attributes of an application with
higher level of privileges. This can allow the attacker to gain elevated
privileges on a vulnerable computer.
This issue represents a fundamental design flaw, as certain messages used to
communicate between windows on a desktop may adversely affect the operation of
a receiving process. By altering various properties of window components
running with higher privileges, an attacker can create circumstances where
attacks such as buffer overflows and potential arbitrary code execution are
possible.
This issue likely affects some native Windows applications but other
third-party applications may also provide an opportunity for exploitation.
16. Microsoft NNTP Component Heap Overflow Vulnerability
BugTraq ID: 11379
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11379
Summary:
The Microsoft Network News Transfer Protocol (NNTP) Component is prone to a
buffer overflow condition. Successful exploitation of this vulnerability could
allow remote code execution in the context of the process accessing the
vulnerable component.
17. Microsoft RPC Runtime Library Remote Denial Of Service And I...
BugTraq ID: 11380
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11380
Summary:
Microsoft RPC Runtime Library is affected by a remote denial of service and
information disclosure vulnerability. This issue is due to a failure of the
library to properly handle exceptional network traffic.
An attacker may leverage this issue to disclose potentially sensitive
information and to cause the affected application to crash, denying service to
legitimate users.
18. Microsoft Internet Explorer Plug-in Navigations Handling Add...
BugTraq ID: 11381
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11381
Summary:
It is reported that Microsoft Internet Explorer is prone to a vulnerability
that may allow a malicious Web page containing embedded flash multimedia to
spoof the address bar of the browser.
This could be used to lure Web users into a false sense of trust since a
malicious or spoofed site may pose as a site that is trusted by the user.
19. Microsoft Windows Compressed (zipped) Folder Buffer Overflow...
BugTraq ID: 11382
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11382
Summary:
Microsoft Windows contains a buffer overflow in the Compressed (zipped) Folders
feature. A maliciously crafted compressed file could overrun an internal
buffer causing arbitrary code to be executed in the security context of the
current user.
20. Microsoft Internet Explorer Secure Sockets Layer Caching Vul...
BugTraq ID: 11383
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11383
Summary:
Microsoft Internet Explorer is reported prone to a Secure Sockets Layer caching
vulnerability.
It is reported that arbitrary content may be cached to the computer that is
viewing a malicious site when this vulnerability is exploited. This cached
content will be rendered in the context of a legitimate site when a legitimate
site is viewed.
21. Microsoft IIS Server WebDAV XML Requests Denial of Service V...
BugTraq ID: 11384
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11384
Summary:
Microsoft IIS Server is prone to a remote denial of service vulnerability when
handling malformed WebDAV requests. The vulnerability exists in the Microsoft
XML Parser component and can be exploited through the WebDAV XML message
handler.
It is reported that this issue requires a remote attacker to create specially
crafted WebDAV requests and send them to a vulnerable server over TCP port 80.
There is a possibility of increased CPU resource and memory consumption as the
IIS server attempts to process these requests. This can eventually lead to a
denial of service condition in the server. A reboot is required to restore
normal functionality.
This vulnerability can also be exploited through other applications that rely
on Microsoft XML Parser to process XML messages.
22. Adobe Acrobat Reader Remote Access Validation Vulnerability
BugTraq ID: 11386
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11386
Summary:
An access validation vulnerability affects Adobe Acrobat Reader. This issue is
due to a design error that allows a malicious file to be embedded inside a
Portable Document Format (PDF) file.
An attacker may leverage this issue to disclose files that are readable by the
unsuspecting user who activates a malicious PDF file. Information disclosed in
this way may facilitate further attacks against the affected computer.
23. Microsoft Windows 2003 Services Default SACL Access Right We...
BugTraq ID: 11387
Remote: No
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11387
Summary:
It is reported that the default SACL access right settings for multiple
Microsoft Windows 2003 services are weak.
Reports indicate that several services have lax permissions that will allow
unprivileged local users to start them.
Because any user can start these services, an administrator may be under a
false sense of security.
24. Microsoft Internet Explorer Unspecified showHelp Zone Bypass...
BugTraq ID: 11388
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11388
Summary:
Microsoft Security Bulletin MS04-038 includes fixes to address an unspecified
vulnerability in Internet Explorer that may permit elevation of zone privileges
by bypassing from the Internet Zone to the Local Zone.
The vendor has stated that additional security verifications have been added to
prevent the showHelp DHTML method from being abused by a malicious Web site to
load HTML Help files in the context of the Local Zone. It is unclear at this
point whether they mean HTML Help files that already exist on the system or
HTML Help files that originate from a remote source.
Although unconfirmed, this could be related to the following unspecified
vulnerability that was addressed in Windows XP SP2/BID 10897 (
Microsoft Windows XP SP2 Released - Multiple Vulnerabilities Fixed):
- HTML Help Update to Limit Functionality When It Is Invoked with the
window.showHelp( ) Method
This is likely similar to earlier issues that have been reported in showHelp,
such as BID 9320. Microsoft has not released further details about this
vulnerability.
25. Research In Motion Blackberry Remote Denial of Service Vulne...
BugTraq ID: 11389
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11389
Summary:
The Research In Motion Blackberry 7230 is affected by a remote denial of
service vulnerability. This issue is due to the device attempting to copy a
long message in to flash memory.
An attacker may leverage this issue to cause the affected device to restart,
causing a loss of all email messages saved on the device.
Update: This issue was originally identified as a buffer overflow
vulnerability. New information suggests that it is only a remote denial of
service condition. This BID is being updated to reflect this information.
26. SCT Campus Pipeline Render.UserLayoutRootNode.uP Cross-Site ...
BugTraq ID: 11392
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11392
Summary:
Campus Pipeline is affected by a cross-site scripting vulnerability. This issue
is due to a failure of the application to properly sanitize user-supplied URI
input.
This issue could permit a remote attacker to create a malicious URI link that
includes hostile HTML and script code. If this link were to be followed, the
hostile code may be rendered in the web browser of the victim user. This would
occur in the security context of the affected web site and may allow for theft
of cookie-based authentication credentials or other attacks.
27. LibTIFF Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 11406
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11406
Summary:
LibTIFF is affected by multiple buffer overflow vulnerabilities. This issue is
due to a failure of the application to properly perform boundary checks prior
to copying user-supplied strings into finite process buffers.
An attacker may leverage these issues to execute arbitrary code on a vulnerable
computer with the privileges of the user running the vulnerable application,
facilitating unauthorized access. These issues may also be leveraged to cause
an affected application to crash.
28. ShixxNOTE 6.net Remote Buffer Overflow Vulnerability
BugTraq ID: 11409
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11409
Summary:
ShixxNOTE 6.net is reported susceptible to a remote buffer overflow
vulnerability. This issue is due to a failure of the application to properly
perform boundary checks prior to copying user-supplied strings into finite
process buffers.
An attacker may leverage this issue to execute arbitrary code on a vulnerable
computer with the privileges of the user running the vulnerable application.
29. Microsoft Windows XP Weak Default Configuration Vulnerabilit...
BugTraq ID: 11410
Remote: No
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11410
Summary:
Microsoft Windows XP Service Pack 2 is reported prone to a weak default
configuration vulnerability. Internet Connection Firewall (ICF) includes
functionality that controls what binaries are permitted to listen for incoming
connections.
It is reported that one of the executables that is permitted to listen for
incoming network connections may provide a conduit to bypass ICF access
controls. Due to a configuration weakness, this executable is accessible for
all users.
A local attacker may exploit this vulnerability to create a listening port to
provide remote access to a vulnerable computer.
30. Macromedia JRun Management Console HTML Injection Vulnerabil...
BugTraq ID: 11411
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11411
Summary:
Macromedia JRun is prone to an HTML injection vulnerability. This issue exists
in the Management Console and may allow hijacking of administrative sessions.
31. Microsoft Frontpage Asycpict.DLL JPEG Handling Remote Denial...
BugTraq ID: 11412
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11412
Summary:
Microsoft Frontpage is reported prone to multiple remote denial of service
vulnerabilities when handling malformed JPEG files. These issues exist due to
insufficient verification performed by the 'asycpict.dll' module.
Reportedly, these issues can only cause a denial of service condition, however,
it may be possible to execute arbitrary code on a vulnerable computer as well.
This has not been confirmed at the moment.
It should be noted that in an initial advisory these vulnerabilities were
reported to affect the 'asycpict.dll' library. In the report it is mentioned
that this library is shipped with all versions of Microsoft Windows XP,
however, conflicting reports indicate that this is not accurate. These
conflicting reports indicate that this library is in fact shipped with
Microsoft Front Page 97 and 98. Additionally, one of these reports indicated
that the library was also shipped with Microsoft Internet Explorer version
3.01. This is not confirmed.
Due to a lack of details, further information is not available at the moment.
This BID will be updated as more information becomes available.
32. Macromedia JRun Session ID Cookie HTTP Response Splitting Vu...
BugTraq ID: 11413
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11413
Summary:
An HTTP response splitting vulnerability affects Macromedia JRun due to Session
ID handling. This issue is due to a failure of the application to properly
handle how POST requests are processed.
A remote attacker may exploit this vulnerability to influence or misrepresent
how web content is served, cached or interpreted. This could aid in various
attacks, which try to entice client users into a false sense of trust.
33. Macromedia JRun Management Console Administrative Session Fi...
BugTraq ID: 11414
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11414
Summary:
Macromedia JRun is prone to session fixation vulnerability. This issue exists
in the Management Console.
The application is reported prone to session fixation vulnerability. This
attack can allow an attacker to set a session ID in a user's browser and hijack
the user's session upon authentication to JRun.
This issue can allow remote attackers to bypass authentication checks, and
possibly allow them to gain administrative access to the web application.
This issue was originally reported in BID 11245 (Macromedia JRun Multiple
Remote Vulnerabilities). It is now being separated and assigned a new BID.
34. MailEnable Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 11418
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11418
Summary:
MailEnable is affected by multiple remote denial of service vulnerabilities.
These issues are due to a failure of the application to handle malformed
requests.
An attacker may leverage these issues to cause the IMAP and SNMP services to
crash, denying service to legitimate users.
35. Ideal Science IdealBB Multiple Unspecified Remote Input Vali...
BugTraq ID: 11424
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11424
Summary:
Ideal Science IdealBB is reported prone to multiple unspecified input
validation vulnerabilities. These issues result from insufficient sanitization
of user-supplied data.
It is reported that the application is affected by SQL injection, cross-site
scripting and HTTP response splitting vulnerabilities.
All versions of IdealBB are considered vulnerable at the moment.
36. CyberStrong eShop ASP Shopping Cart Unspecified Cross-Site S...
BugTraq ID: 11425
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11425
Summary:
An unspecified cross-site scripting vulnerability exists in CyberStrong eShop
ASP Shopping Cart. This could potentially be exploited to steal cookie-based
authentication credentials or launch other attacks.
37. Express-Web Content Management System Unspecified Cross-Site...
BugTraq ID: 11426
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11426
Summary:
An unspecified cross-site scripting vulnerability exists in Express-Web Content
Management System. This could potentially be exploited to steal cookie-based
authentication credentials or launch other attacks.
38. DevoyBB Forum Multiple Unspecified Remote Input Validation V...
BugTraq ID: 11428
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11428
Summary:
DevoyBB is reportedly affected by multiple input validation vulnerabilities.
These issues are due to a failure of the application to properly sanitize
user-supplied input prior to including it in dynamic web content and SQL
database queries.
An attacker can leverage these issues to manipulate or reveal database contents
through SQL injection attacks as well as carry out other attacks and steal
cookie-based authentication credentials through cross-site scripting attacks.
39. WowBB Forum Multiple Unspecified Remote Input Validation Vul...
BugTraq ID: 11429
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11429
Summary:
WowBB is reportedly affected by multiple input validation vulnerabilities.
These issues are due to a failure of the application to properly sanitize
user-supplied input prior to including it in dynamic web content and SQL
database queries.
An attacker can leverage these issues to manipulate or reveal database contents
through SQL injection attacks as well as carry out other attacks and steal
cookie-based authentication credentials through cross-site scripting attacks.
40. Yak! Chat Client FTP Server Directory Traversal Vulnerabilit...
BugTraq ID: 11433
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11433
Summary:
Yak! Chat Client FTP server is reported prone to a remote directory traversal
vulnerability. This issue presents itself due to insufficient sanitization of
user-supplied data.
This issue can ultimately allow an attacker to compromise a computer by placing
malicious files on the system and executing these files through other means.
Yak! 2.1.2 and prior versions are reported vulnerable to this issue.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Remote connections (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/378293
2. Remove domain user from local administrators group (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/378282
3. Can we really block users from installing applicatio... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/378246
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control
software product for managers of Cisco PIX and Netscreen firewalls.
2. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX,
Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using
the Cellular. Does not use SMS or communication, manages multiple OTP accounts
- new technology. For any business that want a safer access to its Internet
Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an
Authentication product but would prefer to pay a monthly charge for
authentication services from our our CAT Server.
3. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your
computer! Now you have the power to record emails, websites, documents, chats,
instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes
list and cannot be stopped from running unless you say so!
4. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will
scan your computer for over 4,000 known spyware and adware applications.
SpyBuster protects your computer from data stealing programs that can expose
your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can
resume your work in minutes.
5. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and
spy ware from executing. Powerful and secure, FreezeX ensures that any new
executable, program, or application that is downloaded, introduced via
removable media or the network will never install
6. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the
setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated
privileges to run as the privileges are granted to the application, not the
user.
NeoExec® is the only solution on the market capable of modifying at runtime the
processes' security context -- without requiring a second account as with RunAs
and RunAs-derived products.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. ByteShelter I 1.0
By: MazZoft NDA
Relevant URL: http://www.mazzoft.com/bs1.zip
Platforms: Windows 2000, Windows 95/98
Summary:
This steganography tools lets you conceal data in Outlook e-mail messages and
.doc files.
2. DiskInternals Uneraser 2.01
By: Alexey Babenko
Relevant URL: http://diskinternals.com/download/Uneraser_Setup.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
DiskInternals Uneraser can recover any deleted file, including documents,
photos, mp3 and zip files, or even folders and damaged disks. In addition to
HDD, the program supports any type of storage media (music sticks, cameras,
flash drives, USB drives, etc)! It works with encrypted files and helps you
undelete file lost because of a virus attack or an employee's malicious
behavior. No special skills needed; 100% free to try.
3. DiskInternals NTFS Reader 1.01
By: Alexey Babenko
Relevant URL: http://diskinternals.com/download/NTFS_Reader_Setup.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Provides read access to NTFS disks from Windows 95, 98 and Me. Allows you to
save any files to any disk visible on the system or on the network. Supports
saving compressed or encrypted files.
While saving, it ignores file security policies. It means that it is possible
to access absolutely any file on a NTFS disk from Windows 9x.
4. Airscanner Mobile Firewall 1.0
By: Airscanner Corp
Relevant URL: http://www.airscanner.com/downloads/fw/amfw.exe
Platforms: Windows CE
Summary:
A Full-Strength Personal Firewall for Your Windows Mobile/Pocket PC handheld.
Airscanner Mobile Firewall for Windows Mobile Pocket PC is a low-level,
bi-directional, packet filtering firewall that examines all incoming and
outgoing TCP/IP traffic.
This personal firewall ensures that data is permitted based on access control
lists that you select from a set of predefined filters, or from filters that
you create yourself.
The firewall parses packets as they come in (or go out)
5. SiVuS, The VoIP Vulnerability Scanner 1.07
By: SiVuS
Relevant URL: http://www.vopsecurity.org/html/downloads.html
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
New release of the first free VoIP vulnerability scanner with enhanced
features. Additional vulnerability checks, faster discovery scanner, ability
to save and reload configurations and more. SiVuS can be downloaded from
www.vopsecurity.org
6. XArp 0.1.5
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:
XArp is a graphical tool to monitor the ARP cache. It periodically requests the
local ARP cache and reports changes in the IP to MAC mapping. Thus it can be
used to recognize ARP poisoning which is used to prepare 'man in the middle'
attacks on switched networks.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: SPI Dynamics
ALERT: "How Hackers Launch Blind SQL Injection Attacks- New White Paper
The newest web app vulnerability? Blind SQL Injection!
Even if your web application does not return error messages, it may still
be open to a Blind SQL Injection Attack. Blind SQL Injection can deliver
total control of your server to a hacker giving them the ability to read,
write and manipulate all data stored in your backend systems! Download this
*FREE* white paper from SPI Dynamics for a complete guide to protection!
http://www.securityfocus.com/sponsor/SPIDynamics_ms-secnews_041020
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
--- End Message ---
