News

Friday, April 20, 2007

SecurityFocus Microsoft Newsletter #338

SecurityFocus Microsoft Newsletter #338
----------------------------------------

This Issue is Sponsored by: Kapersky Lab

Try Kaspersky Antivirus 6.0 Software
Download Kaspersky's Award-Winning antivirus & antispyware solution with anti-spam and firewall Free

http://newsletter.industrybrains.com/c?fe;1;5f04b;1000f;345;0;da4


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. The Politics of E-Mail
2. Notes On Vista Forensics, Part Two
II. MICROSOFT VULNERABILITY SUMMARY
1. Foxit Reader Malformed PDF File Denial of Service Vulnerability
2. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie
3. Nullsoft Winamp WMV File Processing Denial of Service Vulnerability
4. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
5. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
6. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability
7. NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities
8. Oracle April 2007 Security Update Multiple Vulnerabilities
9. NetSprint Toolbar ActiveX Denial of Service Vulnerability
10. MiniShare Multiple Request Handling Remote Denial of Service Vulnerability
11. SSH Tectia Server IBM z/OS Local Privilege Escalation Vulnerability
12. FileZilla Multiple Unspecified Format String Vulnerabilities
13. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
14. LanDesk Management Suite Alert Service AOLSRVR.EXE Buffer Overflow Vulnerability
15. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
16. Acubix PicoZip Archive Directory Traversal Vulnerability
17. Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability
18. KarjaSoft Sami HTTP Server Request Remote Denial of Service Vulnerabilities
19. Drupal Database Administration Module Multiple HTML-injection Vulnerabilities
20. IBM Lotus Domino Web Access Active Content Filter HTML Injection Vulnerability
21. MarkAny MaPrintModule ActiveX Denial of Service Vulnerability
22. Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
23. Microsoft Windows UPnP Remote Stack Buffer Overflow Vulnerability
24. Windows VDM Zero Page Race Condition Local Privilege Escalation Vulnerability
25. Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability
26. Microsoft Agent URI Processing Remote Code Execution Vulnerability
27. Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability
28. Microsoft Content Management Server Remote Code Execution Vulnerability
29. Microsoft Content Management Server Cross-Site Scripting Vulnerability
30. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. Shared drives through a firewall
2. Help with Exploit
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. The Politics of E-Mail
By Mark Rasch
It's springtime in Washington, D.C. The cherry blossoms have bloomed, the tourists descended, and on both sides of Pennsylvania Avenue a new "scandal" is erupting.
http://www.securityfocus.com/columnists/440

2. Notes On Vista Forensics, Part Two
By Jamie Morris
In part one of this series we looked at the different editions of Vista available and discussed the various encryption and backup features which might be of interest to forensic examiners. In this article we will look at the user and system features of Vista which may (or may not) present new challenges for investigators and discuss the use of Vista itself as a platform for forensic analysis.
http://www.securityfocus.com/infocus/1890


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Foxit Reader Malformed PDF File Denial of Service Vulnerability
BugTraq ID: 23576
Remote: Yes
Date Published: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23576
Summary:
Foxit Reader is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Foxit Reader 2.0; other versions may also be affected.

2. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie
BugTraq ID: 23570
Remote: Yes
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23570
Summary:
RaidenFTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle user-supplied input.

Exploiting these issues allows remote attackers to crash the application, denying further service to legitimate users.

These issues affect RaidenFTPD 2.4; other versions may also be vulnerable.

3. Nullsoft Winamp WMV File Processing Denial of Service Vulnerability
BugTraq ID: 23568
Remote: Yes
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23568
Summary:
Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed WMV files.

Successfully exploiting this issue allows remote attackers to crash affected applications. Code execution may also be possible, but this has not been confirmed.

This issue is reported to affect Winamp 5.3; other versions may also be affected.

4. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
BugTraq ID: 23566
Remote: No
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23566
Summary:
OpenAFS for Microsoft Windows is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected conditions.

Successfully exploiting this issue allows local attackers to trigger computer crashes. These crashes will occur every time Windows tries to start, creating a prolonged denial-of-service condition.

Versions of OpenAFS prior to 1.5.19 running on Windows are vulnerable.

Note that this issue is present only if MIT Kerberos for Windows is also installed on vulnerable computers.

5. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
BugTraq ID: 23556
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23556
Summary:
Novell Groupwise WebAccess is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

6. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability
BugTraq ID: 23547
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23547
Summary:
Novell SecureLogin is prone to a vulnerability that allows attackers to bypass security restrictions as well as a vulnerability that may allow attackers to gain elevated privileges on the affected computer.

These issues affect Novell Access Management Server 3 IR1.

7. NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities
BugTraq ID: 23535
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23535
Summary:
NetSprint Ask IE Toolbar ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially exploit these issues to execute code, but this has not been confirmed.

NetSprint Ask IE Toolbar 1.1 is vulnerable; other versions may also be affected.

8. Oracle April 2007 Security Update Multiple Vulnerabilities
BugTraq ID: 23532
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23532
Summary:
Oracle has released a Critical Patch Update advisory for April 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.

9. NetSprint Toolbar ActiveX Denial of Service Vulnerability
BugTraq ID: 23530
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23530
Summary:
NetSprint Toolbar ActiveX control is prone to a denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially be able to exploit this issue to execute code, but this has not been confirmed.

NetSprint Toolbar ActiveX Control 1.1 is vulnerable to this issue; other versions may also be vulnerable.

10. MiniShare Multiple Request Handling Remote Denial of Service Vulnerability
BugTraq ID: 23517
Remote: Yes
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23517
Summary:
MiniShare is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the server application, denying further service to legitimate users.

11. SSH Tectia Server IBM z/OS Local Privilege Escalation Vulnerability
BugTraq ID: 23508
Remote: No
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23508
Summary:
SSH Tectia server for IBM z/OS is prone to a local privilege-escalation vulnerability.

A local attacker may exploit this issue to gain certain elevated privileges on a vulnerable computer and launch further attacks. Successful exploits may facilitate a compromise of vulnerable computers.

This issue affects versions prior to 5.4.0.

12. FileZilla Multiple Unspecified Format String Vulnerabilities
BugTraq ID: 23506
Remote: Yes
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23506
Summary:
FileZilla is prone to multiple unspecified format-string vulnerabilities because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application, denying service to legitimate users.

These issues affect versions prior to 2.2.32.

13. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
BugTraq ID: 23494
Remote: No
Date Published: 2007-04-15
Relevant URL: http://www.securityfocus.com/bid/23494
Summary:
ZoneAlarm is prone to a local denial-of-service vulnerability.

This issue occurs when attackers supply invalid argument values to the 'vsdatant.sys' driver.

A local attacker may exploit this issue to crash affected computers, denying service to legitimate users.

ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well.

14. LanDesk Management Suite Alert Service AOLSRVR.EXE Buffer Overflow Vulnerability
BugTraq ID: 23483
Remote: Yes
Date Published: 2007-04-13
Relevant URL: http://www.securityfocus.com/bid/23483
Summary:
LANDesk Management Suite is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue would result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects LANDesk Management Suite 8.7; prior versions may also be affected.

15. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
BugTraq ID: 23473
Remote: Yes
Date Published: 2007-04-13
Relevant URL: http://www.securityfocus.com/bid/23473
Summary:
ClamAV is prone to a file-descriptor leakage vulnerability and a buffer-overflow vulnerability.

A successful attack may allow an attacker to obtain sensitive information, cause denial-of-service conditions, and execute arbitrary code in the context of the user running the affected application.

ClamAV versions prior to 0.90.2 are vulnerable to these issues.

16. Acubix PicoZip Archive Directory Traversal Vulnerability
BugTraq ID: 23471
Remote: Yes
Date Published: 2007-04-13
Relevant URL: http://www.securityfocus.com/bid/23471
Summary:
PicoZip is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to extract files into directories of their choosing and overwrite arbitrary files. Successful exploits may aid in further attacks.

This issue affects PicoZip 4.02; other versions may also be affected.

17. Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability
BugTraq ID: 23470
Remote: Yes
Date Published: 2007-04-13
Relevant URL: http://www.securityfocus.com/bid/23470
Summary:
Microsoft Windows Domain Name System (DNS) Server Service is prone to a stack-based buffer-overflow vulnerability in its Remote Procedure Call (RPC) interface.

A remote attacker may exploit this issue to run arbitrary code in the context of the DNS Server Service. The DNS service runs in the 'SYSTEM' context.

Successfully exploiting this issue allows attackers to execute arbitrary code, facilitating the remote compromise of affected computers.

Windows Server 2000 Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are confirmed vulnerable to this issue.

Microsoft Windows 2000 Professional SP4, Windows XP SP2, and Windows Vista are not affected by this vulnerability.

18. KarjaSoft Sami HTTP Server Request Remote Denial of Service Vulnerabilities
BugTraq ID: 23445
Remote: Yes
Date Published: 2007-04-12
Relevant URL: http://www.securityfocus.com/bid/23445
Summary:
Sami HTTP Server is prone to multiple remote denial-of-service vulnerabilities because the software fails to handle exceptional conditions.

Exploiting these issues allows remote attackers to crash the server application, denying further service to legitimate users.

This issue affects Sami HTTP Server 2.0.1; other versions may also be affected.

19. Drupal Database Administration Module Multiple HTML-injection Vulnerabilities
BugTraq ID: 23440
Remote: Yes
Date Published: 2007-04-12
Relevant URL: http://www.securityfocus.com/bid/23440
Summary:
Drupal Database Administration Module is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content.

To exploit this issue, an attacker must have Site Administrator privileges.

An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Drupal Database Administration versions prior to 4.7.0-1.2 and all versions of the 4.6.0 branch are vulnerable to these issues.

20. IBM Lotus Domino Web Access Active Content Filter HTML Injection Vulnerability
BugTraq ID: 23421
Remote: Yes
Date Published: 2007-04-11
Relevant URL: http://www.securityfocus.com/bid/23421
Summary:
IBM Lotus Domino Web Access is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

21. MarkAny MaPrintModule ActiveX Denial of Service Vulnerability
BugTraq ID: 23420
Remote: Yes
Date Published: 2007-04-11
Relevant URL: http://www.securityfocus.com/bid/23420
Summary:
MarkAny MaPrintModule ActiveX control is prone to a denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer).

MarkAny MaPrintModule ActiveX Control 1.0.0.2 and 2.1.1.0 through 2.1.1.2 are vulnerable to this issue; other versions may also be vulnerable.

NOTE: Newly available technical information indicates that this is not a buffer-overflow issue and may be exploited only to cause denial-of-service conditions. This BID has been updated to reflect this new information.

22. Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23412
Remote: Yes
Date Published: 2007-04-11
Relevant URL: http://www.securityfocus.com/bid/23412
Summary:
Roxio CinePlayer is prone to a stack-based buffer-overflow vulnerability because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue by enticing victims into opening a malicious HTML document.

Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.

Roxio CinePlayer 3.2 is vulnerable to this issue; other versions may also be affected.

23. Microsoft Windows UPnP Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 23371
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23371
Summary:
Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This occurs when handling certain HTTP requests.

To exploit this issue, an attacker must be in the same network segment as the victim.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected service. Failed exploits attempts will likely result in denial-of-service conditions.

24. Windows VDM Zero Page Race Condition Local Privilege Escalation Vulnerability
BugTraq ID: 23367
Remote: No
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23367
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability because of a race condition in the Virtual DOS Machine (VDM).

A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

25. Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability
BugTraq ID: 23338
Remote: No
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23338
Summary:
Microsoft Windows CSRSS (client/server run-time subsystem) is prone to local privilege-escalation vulnerability.

Successful attacks will result in the complete compromise of affected computers.

26. Microsoft Agent URI Processing Remote Code Execution Vulnerability
BugTraq ID: 23337
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23337
Summary:
The Microsoft Agent ActiveX control is prone to remote code execution.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

Note that users who are running Windows Internet Explorer 7 are not affected by this vulnerability.

27. Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability
BugTraq ID: 23324
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23324
Summary:
Microsoft Windows CSRSS (client/server run-time subsystem) MsgBox is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.

Note that this issue can also be exploited locally by an authenticated user to gain elevated privileges.

Under default settings, Windows Vista is not prone to remote attacks that attempt to exploit this issue.

Update: This issue was originally disclosed as part of BID 21688, but has now been assigned its own record.

28. Microsoft Content Management Server Remote Code Execution Vulnerability
BugTraq ID: 22861
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/22861
Summary:
Microsoft Content Management Server (MCMS) is prone to an arbitrary code-execution vulnerability because the software fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to execute arbitrary machine code on affected computers with the privileges of the vulnerable application.

29. Microsoft Content Management Server Cross-Site Scripting Vulnerability
BugTraq ID: 22860
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/22860
Summary:
Microsoft Content Management Server (MCMS) is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials, spoof content, or perform actions on behalf of the victim user; this could aid in further attacks.

30. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Shared drives through a firewall
http://www.securityfocus.com/archive/88/463468

2. Help with Exploit
http://www.securityfocus.com/archive/88/458938

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Kapersky Lab

Try Kaspersky Antivirus 6.0 Software
Download Kaspersky's Award-Winning antivirus & antispyware solution with anti-spam and firewall Free

http://newsletter.industrybrains.com/c?fe;1;5f04b;1000f;345;0;da4

No comments:

Blog Archive