News

Tuesday, March 20, 2007

SecurityFocus Microsoft Newsletter #334

SecurityFocus Microsoft Newsletter #334
----------------------------------------

This Issue is Sponsored by: Black Hat

Attend Black Hat Europe, March 27-30 in Amsterdam, Europe's premier technical event for ICT security experts. Featuring 10 hands-on training courses and 20 Briefings presentations with lots of new content - the best of Black Hat! See security solutions from 8 top sponsors including Microsoft and Google, and network with 400 colleagues from 30 nations. To download the preview program visit www.blackhat.com/html/bh-europe-07/marketing/bh-eu-07-preview-LR.pdf.

For general information or to register visit:

http://www.blackhat.com


------------------------------------------------------------------
I. FRONT AND CENTER
1. Blanket Discovery for Stolen Laptops
2. Notes On Vista Forensics, Part One
II. MICROSOFT VULNERABILITY SUMMARY
1. Intervations FileCopa Unspecified Remote Stack Buffer Overflow Vulnerability
2. Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability
3. FTPDMIN List Command Remote Denial of Service Vulnerability
4. Microsoft Windows Ndistapi Local Privilege Escalation Vulnerability
5. F-Secure Anti-Virus Client Security Local Format String Vulnerability
6. Computer Associates BrightStor ARCServe BackUp Tape Engine Multiple Vulnerabilities
7. PHP Interbase Extension Multiple Remote Buffer Overflow Vulnerabilities
8. Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability
9. Adobe JRun Unspecified Denial Of Service Vulnerability
10. PHProjekt Arbitrary File Upload Vulnerability
11. PHProjekt Multiple SQL Injection Vulnerabilities
12. WarFTP Username Stack-Based Buffer-Overflow Vulnerability
13. NewsBin Pro Long File Name Buffer Overflow Vulnerability
14. Microsoft Windows WinMM.DLL WAV Files Remote Denial of Service Vulnerability
15. News Reactor Long File Name Buffer Overflow Vulnerability
16. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #333
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438

2. Notes On Vista Forensics, Part One
By Jamie Morris
This article, the first in a two-part series, takes a high level look at what we know now about those changes in Windows Vista which seem likely to have the most impact on computer forensic investigations, starting with the built-in encryption, backup, and system protection features.
http://www.securityfocus.com/infocus/1889


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Intervations FileCopa Unspecified Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 23056
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23056
Summary:
FileCopa is prone to a buffer-overflow vulnerability because it fails to adequately bounds check user supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Fails attempts may cause denial-of-service conditions.

2. Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability
BugTraq ID: 23050
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23050
Summary:
Mercur IMAP is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Currently there are few technical details regarding this issue. This BID will be updated as further information becomes available.

This issue may be related to BID 7842 (Atrium Software Mercur Mailserver IMAP Remote Buffer Overflow Vulnerability).

An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

3. FTPDMIN List Command Remote Denial of Service Vulnerability
BugTraq ID: 23049
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23049
Summary:
FTPDMIN is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

This issue affects version 0.96; other versions may also be affected.

4. Microsoft Windows Ndistapi Local Privilege Escalation Vulnerability
BugTraq ID: 23025
Remote: No
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23025
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker may exploit this issue to execute arbitrary machine code with Dispatch-level privileges or potentially crash the affected computer.

5. F-Secure Anti-Virus Client Security Local Format String Vulnerability
BugTraq ID: 23023
Remote: No
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23023
Summary:
F-Secure Anti-Virus Client Security is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function.

Successfully exploiting this vulnerability may allow an attacker to access sensitive process memory or to crash the application. Code execution may potentially be possible, but this has not been confirmed.

6. Computer Associates BrightStor ARCServe BackUp Tape Engine Multiple Vulnerabilities
BugTraq ID: 22994
Remote: Yes
Date Published: 2007-03-15
Relevant URL: http://www.securityfocus.com/bid/22994
Summary:
Computer Associates BrightStor ARCServe BackUp Tape Engine service is prone to multiple vulnerabilities.

Exploiting these issues can result in denial-of-service conditions or remote code execution.

7. PHP Interbase Extension Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 22976
Remote: Yes
Date Published: 2007-03-15
Relevant URL: http://www.securityfocus.com/bid/22976
Summary:
The PHP Interbase extension is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit these issues to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

PHP 4.4.6 and prior versions on Microsoft Windows are vulnerable; other versions may also be affected.

8. Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability
BugTraq ID: 22966
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22966
Summary:
Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to steal cookie-based authentication credentials and obtain sensitive information.

9. Adobe JRun Unspecified Denial Of Service Vulnerability
BugTraq ID: 22958
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22958
Summary:
Adobe JRun is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6.

10. PHProjekt Arbitrary File Upload Vulnerability
BugTraq ID: 22956
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22956
Summary:
PHProjekt is prone to an arbitrary file-upload vulnerability.

Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.

Versions prior to 5.2.1 are vulnerable to this issue.

11. PHProjekt Multiple SQL Injection Vulnerabilities
BugTraq ID: 22955
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22955
Summary:
PHProjekt is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

PHProjekt 5.2.0 and prior versions are vulnerable to these issues.

12. WarFTP Username Stack-Based Buffer-Overflow Vulnerability
BugTraq ID: 22944
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22944
Summary:
WarFTP is prone to a stack-based buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.

Exploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code in the context of the application.

Version 1.65 is vulnerable; other versions may also be affected.

13. NewsBin Pro Long File Name Buffer Overflow Vulnerability
BugTraq ID: 22940
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22940
Summary:
NewsBin Pro is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects version 4.32; other versions may also be affected.

14. Microsoft Windows WinMM.DLL WAV Files Remote Denial of Service Vulnerability
BugTraq ID: 22938
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22938
Summary:
Microsoft Windows is prone to a denial-of-service vulnerability.

A remote attacker may exploit this vulnerability by presenting a malicious WAV file to a victim user.

Successful exploits will result in excessive CPU consumption, effectively denying service.

Specific information regarding affected versions of Microsoft Windows is currently unavailable. This BID will be updated as more information is disclosed.

15. News Reactor Long File Name Buffer Overflow Vulnerability
BugTraq ID: 22936
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22936
Summary:
News Reactor is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects version 20070220; other versions may also be affected.

16. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability
BugTraq ID: 22923
Remote: Yes
Date Published: 2007-03-12
Relevant URL: http://www.securityfocus.com/bid/22923
Summary:
D-Link TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Due to the nature of this issue, the attacker may presumably be able to exploit it for remote code execution.

Version 1.0 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #333
http://www.securityfocus.com/archive/88/462847

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Black Hat

Attend Black Hat Europe, March 27-30 in Amsterdam, Europe's premier technical event for ICT security experts. Featuring 10 hands-on training courses and 20 Briefings presentations with lots of new content - the best of Black Hat! See security solutions from 8 top sponsors including Microsoft and Google, and network with 400 colleagues from 30 nations. To download the preview program visit www.blackhat.com/html/bh-europe-07/marketing/bh-eu-07-preview-LR.pdf.

For general information or to register visit:

http://www.blackhat.com

No comments:

Blog Archive