News

Loading...

Tuesday, April 24, 2007

SecurityFocus Microsoft Newsletter #339

SecurityFocus Microsoft Newsletter #339
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving
hackers complete access to all your backend systems! Firewalls and IDS will not stop
such attacks because SQL Injections are NOT seen as intruders. Download this *FREE*
white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8O


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Online Impersonations: No Validation Required
2. 0wning Vista from the boot
II. MICROSOFT VULNERABILITY SUMMARY
1. Cdelia Software ImageProcessing Malformed BMP File Denial of Service Vulnerability
2. Nullsoft Winamp PLS File Remote Denial of Service Vulnerability
3. Apple Quicktime Unspecified Java Handling Arbitrary Code Execution Vulnerability
4. Sendmail Unspecified Denial Of Service Vulnerability
5. OpenSSH S/Key Remote Information Disclosure Vulnerability
6. WSFTP Null Pointer Dereference Remote Denial of Service Vulnerability
7. Check Point Zone Alarm Srescan.SYS Multiple Local Privilege Escalation Vulnerabilities
8. Foxit Reader Malformed PDF File Denial of Service Vulnerability
9. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie
10. Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability
11. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
12. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
13. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability
14. NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities
15. Oracle April 2007 Security Update Multiple Vulnerabilities
16. NetSprint Toolbar ActiveX Denial of Service Vulnerability
17. MiniShare Multiple Request Handling Remote Denial of Service Vulnerability
18. SSH Tectia Server IBM z/OS Local Privilege Escalation Vulnerability
19. FileZilla Multiple Unspecified Format String Vulnerabilities
20. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
21. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #338
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Online Impersonations: No Validation Required
By Dr. Neal Krawetz
It is said that imitation is the sincerest form of flattery. Unfortunately, online social networks provide no method for distinguishing an impersonation from the real thing. While your online words and actions may circulate for years, so do those of an impersonator.
http://www.securityfocus.com/columnists/441

2. 0wning Vista from the boot
By Federico Biancuzzi
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM.
http://www.securityfocus.com/columnists/442


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Cdelia Software ImageProcessing Malformed BMP File Denial of Service Vulnerability
BugTraq ID: 23629
Remote: Yes
Date Published: 2007-04-24
Relevant URL: http://www.securityfocus.com/bid/23629
Summary:
Cdelia Software ImageProcessing is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

2. Nullsoft Winamp PLS File Remote Denial of Service Vulnerability
BugTraq ID: 23627
Remote: Yes
Date Published: 2007-04-24
Relevant URL: http://www.securityfocus.com/bid/23627
Summary:
Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed PLS files.

Successfully exploiting this issue allows remote attackers to crash affected applications.

This issue is reported to affect Winamp 5.33; other versions may also be affected.

3. Apple Quicktime Unspecified Java Handling Arbitrary Code Execution Vulnerability
BugTraq ID: 23608
Remote: Yes
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23608
Summary:
QuickTime is prone to a vulnerability that may aid in the remote compromise of a vulnerable computer.

The issue occurs when a Java-enabled browser is used to view a malicious website. QuickTime must also be installed. Few details are currently available regarding this issue. This BID will be updated as more information emerges.

This issue is exploitable through both Safari and Mozilla Firefox running on Mac OS X. Reports indicate that Firefox on Microsoft Windows platforms may also be an exploit vector.

4. Sendmail Unspecified Denial Of Service Vulnerability
BugTraq ID: 23606
Remote: Yes
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23606
Summary:
Sendmail is prone to a denial-of-service vulnerability.

No further information is available at the moment.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Insufficient information is currently available to determine whether this is only an HP-specific issue. This BID will be updated as soon as more information emerges.

This issue may have already been disclosed in a previous BID, but not enougyh information is available for a proper correlation at this time. This BID may be retired as more information emerges.

5. OpenSSH S/Key Remote Information Disclosure Vulnerability
BugTraq ID: 23601
Remote: Yes
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23601
Summary:
OpenSSH contains an information-disclosure vulnerability when S/Key authentication is enabled. This issue occurs because the application fails to properly obscure the existence of valid usernames in authentication attempts.

Exploiting this vulnerability allows remote users to test for the existence of valid usernames. Knowledge of system users may aid in further attacks.

6. WSFTP Null Pointer Dereference Remote Denial of Service Vulnerability
BugTraq ID: 23584
Remote: Yes
Date Published: 2007-04-21
Relevant URL: http://www.securityfocus.com/bid/23584
Summary:
WSFTP is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.

7. Check Point Zone Alarm Srescan.SYS Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 23579
Remote: No
Date Published: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23579
Summary:
Check Point ZoneAlarm is prone to multiple local privilege-escalation vulnerabilities.

On a default installation, only certain restricted accounts can access the vulnerable sections of the application.

An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Check Point ZoneAlarm versions using ZoneAlarm Spyware Removal Engine (SRE) versions prior to 5.0.156.0 are vulnerable to this issue; other products using the vulnerable engine are reported vulnerable.

8. Foxit Reader Malformed PDF File Denial of Service Vulnerability
BugTraq ID: 23576
Remote: Yes
Date Published: 2007-04-20
Relevant URL: http://www.securityfocus.com/bid/23576
Summary:
Foxit Reader is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Foxit Reader 2.0; other versions may also be affected.

9. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie
BugTraq ID: 23570
Remote: Yes
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23570
Summary:
RaidenFTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle user-supplied input.

Exploiting these issues allows remote attackers to crash the application, denying further service to legitimate users.

These issues affect RaidenFTPD 2.4; other versions may also be vulnerable.

10. Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability
BugTraq ID: 23568
Remote: Yes
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23568
Summary:
Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed MIDI files.

Successfully exploiting this issue allows remote attackers to crash affected applications. Code execution may also be possible, but this has not been confirmed.

This issue is reported to affect Winamp 5.3; other versions may also be affected.

11. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
BugTraq ID: 23566
Remote: No
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23566
Summary:
OpenAFS for Microsoft Windows is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected conditions.

Successfully exploiting this issue allows local attackers to trigger computer crashes. These crashes will occur every time Windows tries to start, creating a prolonged denial-of-service condition.

Versions of OpenAFS prior to 1.5.19 running on Windows are vulnerable.

Note that this issue is present only if MIT Kerberos for Windows is also installed on vulnerable computers.

12. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
BugTraq ID: 23556
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23556
Summary:
Novell Groupwise WebAccess is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

13. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability
BugTraq ID: 23547
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23547
Summary:
Novell SecureLogin is prone to a vulnerability that allows attackers to bypass security restrictions as well as a vulnerability that may allow attackers to gain elevated privileges on the affected computer.

These issues affect Novell Access Management Server 3 IR1.

14. NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities
BugTraq ID: 23535
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23535
Summary:
NetSprint Ask IE Toolbar ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially exploit these issues to execute code, but this has not been confirmed.

NetSprint Ask IE Toolbar 1.1 is vulnerable; other versions may also be affected.

15. Oracle April 2007 Security Update Multiple Vulnerabilities
BugTraq ID: 23532
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23532
Summary:
Oracle has released a Critical Patch Update advisory for April 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.

16. NetSprint Toolbar ActiveX Denial of Service Vulnerability
BugTraq ID: 23530
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23530
Summary:
NetSprint Toolbar ActiveX control is prone to a denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially be able to exploit this issue to execute code, but this has not been confirmed.

NetSprint Toolbar ActiveX Control 1.1 is vulnerable to this issue; other versions may also be vulnerable.

17. MiniShare Multiple Request Handling Remote Denial of Service Vulnerability
BugTraq ID: 23517
Remote: Yes
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23517
Summary:
MiniShare is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the server application, denying further service to legitimate users.

18. SSH Tectia Server IBM z/OS Local Privilege Escalation Vulnerability
BugTraq ID: 23508
Remote: No
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23508
Summary:
SSH Tectia server for IBM z/OS is prone to a local privilege-escalation vulnerability.

A local attacker may exploit this issue to gain certain elevated privileges on a vulnerable computer and launch further attacks. Successful exploits may facilitate a compromise of vulnerable computers.

This issue affects versions prior to 5.4.0.

19. FileZilla Multiple Unspecified Format String Vulnerabilities
BugTraq ID: 23506
Remote: Yes
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23506
Summary:
FileZilla is prone to multiple unspecified format-string vulnerabilities because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application, denying service to legitimate users.

These issues affect versions prior to 2.2.32.

20. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
BugTraq ID: 23494
Remote: No
Date Published: 2007-04-15
Relevant URL: http://www.securityfocus.com/bid/23494
Summary:
ZoneAlarm is prone to a local denial-of-service vulnerability.

This issue occurs when attackers supply invalid argument values to the 'vsdatant.sys' driver.

A local attacker may exploit this issue to crash affected computers, denying service to legitimate users.

ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well.

21. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #338
http://www.securityfocus.com/archive/88/466639

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving
hackers complete access to all your backend systems! Firewalls and IDS will not stop
such attacks because SQL Injections are NOT seen as intruders. Download this *FREE*
white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8O

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive