----------------------------------------
This Issue is Sponsored by: eEye
Too Many Security Agents Cluttering Your System?
Replace your Firewall, IPS, Anti-Spyware and more with Blink® Professional for less than what you are currently paying in renewals.
Learn more on how you can experience the simplicity of one. One agent. One console. One Policy. One Solution.
Introducing eEye Digital Security's Blink® Professional, the first all-in-one security agent.
http://www.eeye.com/ctrack.asp?ref=SFBlink20061031
------------------------------------------------------------------
I. FRONT AND CENTER
1. Using Nepenthes Honeypots to Detect Common Malware
II. MICROSOFT VULNERABILITY SUMMARY
1. AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
2. ASP Portal Default1.ASP SQL Injection Vulnerability
3. Microsoft Agent ActiveX Control Remote Code Execution Vulnerability
4. D-Link DWL-G132 ASAGU.SYS Wireless Device Driver Stack Buffer Overflow Vulnerability
5. AVG Anti-Virus Multiple Remote Code Execution Vulnerabilities
6. Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
7. Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
8. Novell BorderManager ISAKMP Predictable Cookie Vulnerability
9. Marshal MailMarshal UNARJ Extraction Remote Directory Traversal Vulnerability
10. Microsoft November Advance Notification Multiple Vulnerabilities
11. Citrix Presentation Server IMA Service Multiple Remote Vulnerabilities
12. Microsoft Windows Workstation Service NetpManageIPCConnect Remote Code Execution Vulnerability
13. Microsoft Client Service for Netware Denial of Service Vulnerability
14. War FTP Daemon CWD Command Remote Denial Of Service Vulnerability
15. IBM Lotus Notes User.ID File Key Information Disclosure Vulnerability
16. WarFTPD Multiple Format String Vulnerabilities
17. Microsoft Windows GDI Kernel Local Privilege Escalation Vulnerability
18. America Online ICQ ActiveX Control Remote Code Execution Vulnerability
19. Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. outlook sending email messages to mapped drives randomly
2. DNS recursive
3. SecurityFocus Microsoft Newsletter #316
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Using Nepenthes Honeypots to Detect Common Malware
By Jamie Riden
This article describes the use of Nepenthes, a low-interaction honeypot, as an additional layer of network defense. Nepenthes can be used to capture malware, alert an administrator about a network compromise, and assist in containing and removing the infection.
http://www.securityfocus.com/infocus/1880
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
BugTraq ID: 21058
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/21058
Summary:
The ALTOOLS ALFTP server is prone to authentication bypass and information disclosure vulnerabilities. These issues occur when specific commands are submitted by a user.
These issues could allow an attacker to gain sensitive directory information or to create directories in unauthorized locations. This could aid in further attacks.
Version 4.1 BETA1 is vulnerable; other version may also be affected.
2. ASP Portal Default1.ASP SQL Injection Vulnerability
BugTraq ID: 21039
Remote: Yes
Date Published: 2006-11-13
Relevant URL: http://www.securityfocus.com/bid/21039
Summary:
ASP Portal is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
ASP Portal versions 4.0.0 and prior are vulnerable.
3. Microsoft Agent ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 21034
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/21034
Summary:
The Microsoft Agent ActiveX control is prone to remote code execution.
An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
4. D-Link DWL-G132 ASAGU.SYS Wireless Device Driver Stack Buffer Overflow Vulnerability
BugTraq ID: 21032
Remote: Yes
Date Published: 2006-11-13
Relevant URL: http://www.securityfocus.com/bid/21032
Summary:
The D-Link Wireless Device Driver for DWL-G132 devices is prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.
The ASAGU.SYS driver is primarily used on the Microsoft Window operating system. It should be noted, however, that Linux and BSD machines using the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver.
It should also be noted that this vulnerability can only be exploited when an attacker is within the range of broadcast of 802.11 wireless connections.
Version 1.0.1.41 of the ASAGU.SYS driver is reported vulnerable; other versions may also be affected.
5. AVG Anti-Virus Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 21029
Remote: Yes
Date Published: 2006-11-13
Relevant URL: http://www.securityfocus.com/bid/21029
Summary:
AVG Anti-Virus is prone to multiple remote code-execution vulnerabilities. These issues are due to flaws in the file-parsing engine of the software.
Successfully exploiting these issues allows for remote code-execution with elevated privileges, facilitating the complete compromise of affected computers.
AVG Anti-Virus versions prior to 7.1.407 are vulnerable to these issues.
6. Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
BugTraq ID: 21023
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/21023
Summary:
Microsoft Client Service for Netware is prone to a remote code-execution vulnerability.
A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the user running the affected service.
Note that the Client Service for Netware is not installed by default on any affected operating system.
7. Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
BugTraq ID: 21020
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/21020
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
This vulnerability is related to how the browser renders HTML with certain layout combinations. An attacker could exploit this issue to execute arbitrary code in the context of the affected web browser.
This issue affects Internet Explorer on Windows 2000, Windows XP, and Windows Server 2003.
8. Novell BorderManager ISAKMP Predictable Cookie Vulnerability
BugTraq ID: 21014
Remote: Yes
Date Published: 2006-11-10
Relevant URL: http://www.securityfocus.com/bid/21014
Summary:
Novell BorderManager is prone to a vulnerability that results in creating predictable ISAKMP cookies.
This vulnerability may lead to various attacks including denial-of-service condition and replay attacks that allow attackers to gain unauthorized access to sessions. Other attacks may be possible as well.
Novell BorderManager 3.8 Support Pack 4 is reported to be vulnerable. Prior versions may also be affected.
This issue may be related to BID 20428 (Novell BorderManager IPSec/IKE Remote Denial Of Service Vulnerability). If further analysis reveals that these issues are identical, this BID will be retired.
9. Marshal MailMarshal UNARJ Extraction Remote Directory Traversal Vulnerability
BugTraq ID: 20999
Remote: Yes
Date Published: 2006-11-10
Relevant URL: http://www.securityfocus.com/bid/20999
Summary:
Marshal MailMarshal is affected by a remote directory-traversal vulnerability because the application fails to properly sanitize or validate filenames prior to decompression.
Exploiting this issue may allow an attacker to arbitrarily overwrite files with a user's privileges when a malicious compressed file is decompressed with the affected application.
MailMarshal SMTP 5.x, MailMarshal SMTP 6.x, MailMarshal SMTP 2006, and MailMarshal for Exchange 5.x are vulnerable; other versions may also be affected.
10. Microsoft November Advance Notification Multiple Vulnerabilities
BugTraq ID: 20991
Remote: Yes
Date Published: 2006-11-09
Relevant URL: http://www.securityfocus.com/bid/20991
Summary:
Microsoft has released advance notification that the vendor will be releasing six security bulletins for Windows and Microsoft XML Core Services on November 14, 2006. The highest severity rating for these issues is 'Critical'.
Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.
11. Citrix Presentation Server IMA Service Multiple Remote Vulnerabilities
BugTraq ID: 20986
Remote: Yes
Date Published: 2006-11-09
Relevant URL: http://www.securityfocus.com/bid/20986
Summary:
Citrix Presentation Server's IMA service is prone to multiple remote vulnerabilities. These issues include a buffer-overflow vulnerability and a denial-of-service vulnerability.
These issue may allow an attacker to execute arbitrary code on the affected computer or to cause denial-of-service conditions.
12. Microsoft Windows Workstation Service NetpManageIPCConnect Remote Code Execution Vulnerability
BugTraq ID: 20985
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/20985
Summary:
Microsoft Windows Workstation service is prone to a remote code-execution vulnerability.
This issue allows remote, anonymous attackers to execute arbitrary machine-code on affected computers with SYSTEM-level privileges. This facilitates the complete compromise of affected computers.
Attackers require administrative privileges to exploit this issue on Windows XP SP2 computers. Anonymous attackers may exploit this issue on Windows 2000 computers.
13. Microsoft Client Service for Netware Denial of Service Vulnerability
BugTraq ID: 20984
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/20984
Summary:
Microsoft Client Service for Netware is prone to a denial-of-service vulnerability.
Exploiting this issue would cause the affected computer to crash, denying service to legitimate users.
14. War FTP Daemon CWD Command Remote Denial Of Service Vulnerability
BugTraq ID: 20973
Remote: Yes
Date Published: 2006-11-08
Relevant URL: http://www.securityfocus.com/bid/20973
Summary:
War FTP Daemon is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
War FTP Daemon 1.82.00-RC11 is reported vulnerable to this issue; other versions may also be affected.
This issue may be related to the issue described in BID 12384 (War FTP Daemon Remote Denial Of Service Vulnerability).
15. IBM Lotus Notes User.ID File Key Information Disclosure Vulnerability
BugTraq ID: 20960
Remote: Yes
Date Published: 2006-11-08
Relevant URL: http://www.securityfocus.com/bid/20960
Summary:
IBM Lotus Notes is prone to a local information-disclosure vulnerability because it fails to protect sensitive information from unprivileged users.
A local attacker may exploit this issue to obtain encryption key data from an unencrypted file that is used by the application. The attacker may then use this information to retrieve further information or to launch other attacks.
IBM Lotus Notes versions prior to 6.5.5 FP2 and 7.0.2 are vulnerable; other versions may also be affected.
16. WarFTPD Multiple Format String Vulnerabilities
BugTraq ID: 20944
Remote: Yes
Date Published: 2006-11-07
Relevant URL: http://www.securityfocus.com/bid/20944
Summary:
WarFTPd is prone to multiple remote format-string vulnerabilities because the application fails to sanitize user-supplied input before passing it to a formatted-output function.
An attacker can exploit these issues to crash the server and possibly to execute arbitrary code within the context of the server, but this has not been confirmed.
WarFTPd 1.82.00-RC11 is reported vulnerable; prior versions may be vulnerable as well.
17. Microsoft Windows GDI Kernel Local Privilege Escalation Vulnerability
BugTraq ID: 20940
Remote: No
Date Published: 2006-11-06
Relevant URL: http://www.securityfocus.com/bid/20940
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability because data structures mapped by the GDI Kernel can be re-mapped as read-write by other processes.
An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer. Failed attempts could cause denial-of-service conditions.
18. America Online ICQ ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 20930
Remote: Yes
Date Published: 2006-11-06
Relevant URL: http://www.securityfocus.com/bid/20930
Summary:
The America Online ICQ ActiveX Control is prone to a remote code-execution vulnerability.
An attacker could exploit this issue simply by sending a message to a victim ICQ user.
Exploiting this issue could allow an attacker to execute arbitrary code.
The ICQPhone.SipxPhoneManager ActiveX control with a CLSID of 54BDE6EC-F42F-4500-AC46-905177444300 is affected.
19. Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability
BugTraq ID: 20910
Remote: Yes
Date Published: 2006-11-07
Relevant URL: http://www.securityfocus.com/bid/20910
Summary:
Essentia Web Server is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the webserver. Failed exploit attempts will result in a denial-of-service condition.
This issue affects version 2.15; other versions may also be affected.
This issue may be related to the one described in BID 4159 (Essentia Web Server Long URL Buffer Overflow Vulnerability).
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. outlook sending email messages to mapped drives randomly
http://www.securityfocus.com/archive/88/451487
2. DNS recursive
http://www.securityfocus.com/archive/88/451486
3. SecurityFocus Microsoft Newsletter #316
http://www.securityfocus.com/archive/88/450867
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: eEye
Too Many Security Agents Cluttering Your System?
Replace your Firewall, IPS, Anti-Spyware and more with Blink® Professional for less than what you are currently paying in renewals.
Learn more on how you can experience the simplicity of one. One agent. One console. One Policy. One Solution.
Introducing eEye Digital Security's Blink® Professional, the first all-in-one security agent.
No comments:
Post a Comment