---------------------------- Mensaje Original ---------------------------- Asunto: SecurityFocus Microsoft Newsletter #249 De: "Marc Fossi" <[EMAIL PROTECTED]> Fecha: Wed, 27 de Julio de 2005, 8:48 am Para: "Focus-MS" <[EMAIL PROTECTED]> --------------------------------------------------------------------------
SecurityFocus Microsoft Newsletter #249 ---------------------------------------- This Issue is Sponsored By: AirDefense FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_ms-secnews_050726 ------------------------------------------------------------------ I. FRONT AND CENTER 1. Identifying P2P users using traffic analysis 2. Interview with Dan Kaminsky on Microsoft's security II. MICROSOFT VULNERABILITY SUMMARY 1. Macromedia JRun Unauthorized Session Access Vulnerability 2. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability 3. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow Vulnerability 4. Hosting Controller Multiple Remote Vulnerabilities 5. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of Service Vulnerability 6. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial Of Service Vulnerability 7. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of Service Vulnerability 8. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing Vulnerability 9. Hosting Controller Multiple Remote Access Control and SQL Injection Vulnerabilities 10. Oracle Reports Server DESName Remote File Overwrite Vulnerability 11. Novell GroupWise WebAccess HTML Injection Vulnerability 12. Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability 13. Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow Vulnerability 14. Mozilla Firefox Weak Authentication Mechanism Vulnerability 15. WhitSoft Development SlimFTPd Multiple Commands Remote Buffer Overflow Vulnerability 16. Alwil Software Avast! Antivirus Multiple Vulnerabilities 17. Veritas NetBackup Access Violation Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. Disabling Microsoft FTP service banner. 2. Administrivia: IIS/AV thread 3. Should servers have anti--virus installed on them? 4. SecurityFocus Microsoft Newsletter #248 5. R: Should webservers, eg. IIS 6 have anti--virus installed on them? 6. R: Should webservers, eg. IIS 6 have anti--virus installed on them? IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Identifying P2P users using traffic analysis By Yiming Gong With the popularity of P2P and the bandwidth it consume, there is a growing need to identify P2P users within the network traffic. http://www.securityfocus.com/infocus/1843 2. Interview with Dan Kaminsky on Microsoft's security By Federico Biancuzzi Could you introduce yourself? http://www.securityfocus.com/columnists/342 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Macromedia JRun Unauthorized Session Access Vulnerability BugTraq ID: 14271 Remote: Yes Date Published: 2005-07-15 Relevant URL: http://www.securityfocus.com/bid/14271 Summary: Macromedia JRun is affected by a vulnerability that may allow a user's session to be shared with another user. Under certain circumstances, two users may share the same session facilitating various attacks including a compromise of the user's account. It should be noted that this issue cannot be triggered by an attacker and occurs rarely. JRun 4.0, ColdFusion MX 7.0 Enterprise Multi-Server Edition, and ColdFusion MX 6.1 Enterprise with JRun are affected by this vulnerability. 2. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability BugTraq ID: 14276 Remote: Yes Date Published: 2005-07-15 Relevant URL: http://www.securityfocus.com/bid/14276 Summary: Winamp is susceptible to a buffer overflow vulnerability in its ID3v2 functionality. This issue is due to a failure of the application to properly bounds check input data prior to copying it into a fixed size memory buffer. This issue will facilitate remote exploitation as an attacker may distribute malicious MP3 files and entice unsuspecting users to process them with the affected application. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other versions are also likely affected. 3. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow Vulnerability BugTraq ID: 14282 Remote: Yes Date Published: 2005-07-15 Relevant URL: http://www.securityfocus.com/bid/14282 Summary: Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the JPEG image rendering library used by the browser. This issue is due to a failure of the application to properly bounds check input data prior to copying it to a fixed size memory buffer. This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed. Successful exploitation may result in execution of arbitrary code in the context of the user executing the affected browser. This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected. 4. Hosting Controller Multiple Remote Vulnerabilities BugTraq ID: 14283 Remote: Yes Date Published: 2005-07-15 Relevant URL: http://www.securityfocus.com/bid/14283 Summary: Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker to carry out SQL injection attacks, gain unauthorized access to scripts, gain elevated privileges and carry out potential denial of service attacks. Hosting Controller version 6.1 hotfix 2.1 is vulnerable to these issues. 5. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of Service Vulnerability BugTraq ID: 14284 Remote: Yes Date Published: 2005-07-15 Relevant URL: http://www.securityfocus.com/bid/14284 Summary: Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser. This issue is reportedly similar to the one described in BID 14282. This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed. Successful exploitation results in crashing the affected Web browser. It may be possible that execution of arbitrary code may also be achieved, but this has not been confirmed. This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected. 6. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial Of Service Vulnerability BugTraq ID: 14285 Remote: Yes Date Published: 2005-07-15 Relevant URL: http://www.securityfocus.com/bid/14285 Summary: Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser. This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed. Successful exploitation results in crashing the affected Web browser by consuming excessive memory. This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected. 7. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of Service Vulnerability BugTraq ID: 14286 Remote: Yes Date Published: 2005-07-15 Relevant URL: http://www.securityfocus.com/bid/14286 Summary: Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser. This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed. Successful exploitation results in crashing the affected Web browser. This vulnerability also reportedly consumes excessive CPU resources. This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected. 8. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing Vulnerability BugTraq ID: 14288 Remote: Yes Date Published: 2005-07-16 Relevant URL: http://www.securityfocus.com/bid/14288 Summary: It has been reported that both Microsoft Internet Explorer and MSN Instant Messenger can be crashed if image data with malformed embedded ICC profile data is processed. The condition is likely due to an integer handling error. The author has stated that the crash observed was due to an access violation on a memory read attempt, possibly due to an out-of-bounds array access. This means that the flaw is not immediately exploitable, though there may yet be a way to write data. 9. Hosting Controller Multiple Remote Access Control and SQL Injection Vulnerabilities BugTraq ID: 14302 Remote: Yes Date Published: 2005-07-18 Relevant URL: http://www.securityfocus.com/bid/14302 Summary: Hosting Controller is prone to multiple vulnerabilities. These issues can allow an attacker to carry out SQL injection attacks and gain unauthorized access to scripts. Hosting Controller version 6.1 hotfix 2.2 is vulnerable to these issues. 10. Oracle Reports Server DESName Remote File Overwrite Vulnerability BugTraq ID: 14309 Remote: Yes Date Published: 2005-07-19 Relevant URL: http://www.securityfocus.com/bid/14309 Summary: Oracle Reports Server is susceptible to an arbitrary file overwrite vulnerability in its Web interface. On the Microsoft Windows platform, attackers may exploit this vulnerability to overwrite arbitrary files with System-level privileges. Attackers may overwrite critical system files, resulting in a system-level failures. On other platforms, attackers may exploit this vulnerability to overwrite arbitrary files with the privileges of the Oracle Applications Server user. Attackers may overwrite critical Oracle files, resulting in an application-level failure. Database failure, data destruction, and possibly other attacks are possible. 11. Novell GroupWise WebAccess HTML Injection Vulnerability BugTraq ID: 14310 Remote: Yes Date Published: 2005-07-15 Relevant URL: http://www.securityfocus.com/bid/14310 Summary: Novell GroupWise WebAccess is prone to an HTML injection vulnerability. This may be used to inject hostile HTML and script code into the Web mail application. When a user opens an email containing the hostile code, it may be rendered in their browser. Successful exploitation could potentially allow theft of cookie-based authentication. Other attacks are also possible. 12. Alt-N MDaemon IMAP Server CREATE Remote Buffer Overflow Vulnerability BugTraq ID: 14315 Remote: Yes Date Published: 2005-07-19 Relevant URL: http://www.securityfocus.com/bid/14315 Summary: Alt-N MDaemon IMAP Server is affected by a remote buffer overflow vulnerability. This issue presents itself when an attacker submits excessive data through the CREATE command subsequent to authentication This vulnerability may be leveraged to execute arbitrary code in the context of the server, facilitating unauthorized access to the affected computer. Alt-N MDaemon 8.03 is reported to be vulnerable. Other versions are likely affected as well. 13. Alt-N MDaemon IMAP Server Authentication Routines Remote Buffer Overflow Vulnerability BugTraq ID: 14317 Remote: Yes Date Published: 2005-07-19 Relevant URL: http://www.securityfocus.com/bid/14317 Summary: Alt-N MDaemon IMAP Server is affected by a remote buffer overflow vulnerability. A specially crafted request can corrupt process memory and lead to an overflow condition. This issue may be leveraged to execute arbitrary code in the context of the server. This may facilitate unauthorized access to the affected computer. Alt-N MDaemon 8.03 is reported to be vulnerable. Other versions are likely affected as well. 14. Mozilla Firefox Weak Authentication Mechanism Vulnerability BugTraq ID: 14325 Remote: Yes Date Published: 2005-07-19 Relevant URL: http://www.securityfocus.com/bid/14325 Summary: Firefox is affected by a vulnerability that may result in sending authentication credentials across the network in plaintext format. By default, the browser chooses basic authentication even if other authentication schemas such as Digest or NTLM are available from the server. Mozilla Firefox 1.0.4 and 1.0.5 running on Windows are confirmed to be vulnerable. Other versions on different platforms may be affected as well. 15. WhitSoft Development SlimFTPd Multiple Commands Remote Buffer Overflow Vulnerability BugTraq ID: 14339 Remote: Yes Date Published: 2005-07-21 Relevant URL: http://www.securityfocus.com/bid/14339 Summary: A remote buffer overflow vulnerability affects WhitSoft Development SlimFTPd. The problem presents itself when an authenticated user issues a command with excessive string values as parameters. An attacker can leverage this issue to execute arbitrary machine code with the privileges of the affected FTP server, facilitating unauthorized access to the vulnerable computer. 16. Alwil Software Avast! Antivirus Multiple Vulnerabilities BugTraq ID: 14342 Remote: Yes Date Published: 2005-07-21 Relevant URL: http://www.securityfocus.com/bid/14342 Summary: Avast! is affected by multiple remote vulnerabilities. These issues can allow an attacker to write files to arbitrary directories and exploit a remote buffer overflow to execute arbitrary code. These issues can lead to a complete compromise of the vulnerable computer. 17. Veritas NetBackup Access Violation Vulnerability BugTraq ID: 14355 Remote: Yes Date Published: 2005-07-22 Relevant URL: http://www.securityfocus.com/bid/14355 Summary: Veritas NetBackup may be prone to an access violation error. It is conjectured that this issue may arise due to NULL pointer dereference, although this is not confirmed. An attacker may disclose potentially sensitive data or crash the application by exploiting this vulnerability. Veritas NetBackup 5.1 running on Microsoft Windows platform is reported to be vulnerable to this issue. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Disabling Microsoft FTP service banner. http://www.securityfocus.com/archive/88/406235 2. Administrivia: IIS/AV thread http://www.securityfocus.com/archive/88/406177 3. Should servers have anti--virus installed on them? http://www.securityfocus.com/archive/88/405896 4. SecurityFocus Microsoft Newsletter #248 http://www.securityfocus.com/archive/88/405798 5. R: Should webservers, eg. IIS 6 have anti--virus installed on them? http://www.securityfocus.com/archive/88/405749 6. R: Should webservers, eg. IIS 6 have anti--virus installed on them? http://www.securityfocus.com/archive/88/405648 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored By: AirDefense FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_ms-secnews_050726 --------------------------------------------------------------------------- --------------------------------------------------------------------------- -- When we have enough free software At our call, hackers, at our call, We'll throw out those dirty licenses Ever more, hackers, ever more.
