News

Wednesday, March 14, 2007

SecurityFocus Microsoft Newsletter #333

SecurityFocus Microsoft Newsletter #333
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

Hacking With Ajax- On demand Webcast
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Watch this FREE SPI Dynamics webcast for tips on protecting your applications

https://download.spidynamics.com/1/ad/AJAXw.asp?Campaign_ID=70160000000CjtG


------------------------------------------------------------------
I. FRONT AND CENTER
1. Blanket Discovery for Stolen Laptops
2. Notes On Vista Forensics, Part One
II. MICROSOFT VULNERABILITY SUMMARY
1. Adobe JRun Unspecified Denial Of Service Vulnerability
2. PHProjekt Arbitrary File Upload Vulnerability
3. PHProjekt Multiple SQL Injection Vulnerabilities
4. WarFTP Username Stack-Based Buffer-Overflow Vulnerability
5. NewsBin Pro Long File Name Buffer Overflow Vulnerability
6. Microsoft Windows WinMM.DLL WAV Files Remote Denial of Service Vulnerability
7. News Reactor Long File Name Buffer Overflow Vulnerability
8. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability
9. PHP SNMPGet Function Local Buffer Overflow Vulnerability
10. Snort Inline Fragmentation Denial of Service Vulnerability
11. Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
12. Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability
13. PHP MSSQL_Connect Local Buffer Overflow Vulnerability
14. PHP WDDX_Deserialize Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438

2. Notes On Vista Forensics, Part One
By Jamie Morris
This article, the first in a two-part series, takes a high level look at what we know now about those changes in Windows Vista which seem likely to have the most impact on computer forensic investigations, starting with the built-in encryption, backup, and system protection features.
http://www.securityfocus.com/infocus/1889


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Adobe JRun Unspecified Denial Of Service Vulnerability
BugTraq ID: 22958
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22958
Summary:
Adobe JRun is prone to a denial-of-service vulnerability. This issue occurs because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate to legitimate users.

This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6.

2. PHProjekt Arbitrary File Upload Vulnerability
BugTraq ID: 22956
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22956
Summary:
PHProjekt is prone to an arbitrary file-upload vulnerability.

Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.

Versions prior to 5.2.1 are vulnerable to this issue.

3. PHProjekt Multiple SQL Injection Vulnerabilities
BugTraq ID: 22955
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22955
Summary:
PHProjekt is prone to multiple SQL-injection vulnerabilities because the application failso properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

PHProjekt versions 5.2.0 and prior are vulnerable to these issues.

4. WarFTP Username Stack-Based Buffer-Overflow Vulnerability
BugTraq ID: 22944
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22944
Summary:
WarFTP is prone to a stack-based buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.

Exploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code in the context of the application.

Version 1.65 is vulnerable; other versions may also be affected.

5. NewsBin Pro Long File Name Buffer Overflow Vulnerability
BugTraq ID: 22940
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22940
Summary:
NewsBin Pro is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects version 4.32; other versions may also be affected.

6. Microsoft Windows WinMM.DLL WAV Files Remote Denial of Service Vulnerability
BugTraq ID: 22938
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22938
Summary:
Microsoft Windows is prone to a denial-of-service vulnerability.

A remote attacker may exploit this vulnerability by presenting a malicious WAV file to a victim user.

Successful exploits will result in excessive CPU consumption, effectively denying service.

Specific information regarding affected versions of Microsoft Windows is currently unavailable. This BID will be updated as more information is disclosed.

7. News Reactor Long File Name Buffer Overflow Vulnerability
BugTraq ID: 22936
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22936
Summary:
News Reactor is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects version 20070220; other versions may also be affected.

8. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability
BugTraq ID: 22923
Remote: Yes
Date Published: 2007-03-12
Relevant URL: http://www.securityfocus.com/bid/22923
Summary:
D-Link TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Due to the nature of this issue, the attacker may presumably be able to exploit it for remote code execution.

Version 1.0 is vulnerable; other versions may also be affected.

9. PHP SNMPGet Function Local Buffer Overflow Vulnerability
BugTraq ID: 22893
Remote: No
Date Published: 2007-03-09
Relevant URL: http://www.securityfocus.com/bid/22893
Summary:
PHP is prone to a local buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP for Microsoft Windows versions 4.4.6 is vulnerable; other versions may also be affected.

10. Snort Inline Fragmentation Denial of Service Vulnerability
BugTraq ID: 22872
Remote: Yes
Date Published: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22872
Summary:
Snort is prone to a denial-of-service vulnerability because the network intrusion-detection (NID) system fails to handle specially crafted network packets.

An attacker can exploit this issue to crash the application, allowing malicious network traffic to bypass the NID system.

This issue affects versions 2.6.1.1, 2.6.1.2, and 2.7.0(beta); other versions may also be affected.

NOTE: Reportedly, for this vulnerability to occur, Snort must be running Inline on Linux, with Frag3 enabled and ip_conntrack disabled.

11. Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 22852
Remote: Yes
Date Published: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22852
Summary:
Ipswitch IMail Server/Collaboration Suite is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.

Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Failed exploit attempts likely cause the application to crash.

Ipswitch Collaboration 2006 Suite Premium, IMail, and IMail Plus are vulnerable to these issues.

12. Microsoft Windows OLE32.DLL Word Document Handling Denial Of Service Vulnerability
BugTraq ID: 22847
Remote: Yes
Date Published: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22847
Summary:
The Microsoft 'ole32.dll' library is prone to a denial-of-service vulnerability. The issue occurs when the library handles document ('.doc') files containing large size values. It is conjectured that the execution of arbitrary code may be possible.

Software that is linked to the ole32.dll versions that reside on Microsoft Windows 2000 SP4 FR and XP SP2 FR platforms are vulnerable; other versions might alsso be affected.

13. PHP MSSQL_Connect Local Buffer Overflow Vulnerability
BugTraq ID: 22832
Remote: No
Date Published: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22832
Summary:
PHP is prone to a local buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP for Microsoft Windows versions prior to 4.4.6 are vulnerable; other versions may also be affected.

14. PHP WDDX_Deserialize Buffer Overflow Vulnerability
BugTraq ID: 22804
Remote: Yes
Date Published: 2007-03-04
Relevant URL: http://www.securityfocus.com/bid/22804
Summary:
PHP is prone to a remotely exploitable buffer-overflow vulnerability because it fails to properly check boundaries when processing client-supplied WDDX packets.

An attacker can exploit this issue to execute malicious code.

NOTE: This issue affects only the latest CVS release of PHP. The vulnerable code has not been released as part of an official PHP release at this time.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

Hacking With Ajax- On demand Webcast
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Watch this FREE SPI Dynamics webcast for tips on protecting your applications

https://download.spidynamics.com/1/ad/AJAXw.asp?Campaign_ID=70160000000CjtG

No comments:

Blog Archive