News

Loading...

Tuesday, May 01, 2007

SecurityFocus Microsoft Newsletter #340

SecurityFocus Microsoft Newsletter #340
----------------------------------------

This Issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Time for a new certification
2. 0wning Vista from the boot
II. MICROSOFT VULNERABILITY SUMMARY
1. ZoneAlarm VSdatant Driver Denial of Service Vulnerability
2. VMware Multiple Denial Of Service Vulnerabilities
3. Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities
4. Winamp MP4 File Parsing Buffer Overflow Vulnerability
5. IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow Vulnerability
6. Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability
7. Fresh View PSP File Buffer Overflow Vulnerability
8. Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability
9. ABC-View Manager PSP File Buffer Overflow Vulnerability
10. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
11. Cdelia Software ImageProcessing Malformed BMP File Denial of Service Vulnerability
12. Nullsoft Winamp PLS File Remote Denial of Service Vulnerability
13. Sendmail Unspecified Denial Of Service Vulnerability
14. OpenSSH S/Key Remote Information Disclosure Vulnerability
15. WSFTP Null Pointer Dereference Remote Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Restrict Windows login to certain IPs/hosts for certain domain accounts?
2. SecurityFocus Microsoft Newsletter #339
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time for a new certification
By Don Parker
I wrote a column for Securityfocus some time ago that aired my concerns over GIAC dropping the practical portion of their certification process. That column resulted in a lot of feedback, with most agreeing about how GIAC bungled what was up till then, the best certification around.
http://www.securityfocus.com/columnists/443

2. 0wning Vista from the boot
By Federico Biancuzzi
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM.
http://www.securityfocus.com/columnists/442


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. ZoneAlarm VSdatant Driver Denial of Service Vulnerability
BugTraq ID: 23734
Remote: No
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23734
Summary:
ZoneAlarm is prone to a local denial-of-service vulnerability because the application fails to validate its input buffer.

An attacker may exploit this issue to crash affected computers, denying service to legitimate users. Arbitrary code execution may be possible, this has not been confirmed.

ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well.

2. VMware Multiple Denial Of Service Vulnerabilities
BugTraq ID: 23732
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23732
Summary:
VMware is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to cause denial-of-service conditions.

Versions prior to 5.5.4 Build 44386 are vulnerable to these issues.

3. Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities
BugTraq ID: 23730
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23730
Summary:
Trillian is prone to multiple buffer-overflow issues and an information leak in its IRC module. These issues occur because the application fails to properly bounds-check user-supplied data before copying it into fixed-sized memory buffers and fails to respond properly to exceptional conditions.

Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients or to steal the contents of client-server communications.

Trillian 3.1 is affected.

4. Winamp MP4 File Parsing Buffer Overflow Vulnerability
BugTraq ID: 23723
Remote: Yes
Date Published: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23723
Summary:
Winamp is prone to a buffer-overflow vulnerability when it attempts to process certain files. This issue occurs because the application fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Winamp 5.02 through 5.34.

UPDATE: The vendor states that this issue will be addressed in Winamp 5.35.

5. IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23674
Remote: Yes
Date Published: 2007-04-26
Relevant URL: http://www.securityfocus.com/bid/23674
Summary:
IncrediMail is prone to a stack-based buffer-overflow vulnerability because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

Successful exploits will corrupt process memory, allowing attacker-supplied arbitrary code to run in the context of the client application using the affected ActiveX control.

6. Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability
BugTraq ID: 23668
Remote: Yes
Date Published: 2007-04-25
Relevant URL: http://www.securityfocus.com/bid/23668
Summary:
Multiple browsers are prone to an HTTP-response-splitting vulnerability because the software fails to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

This issue affects Microsoft Internet Explorer 7.0.5730.11 and Mozilla Firefox 2.0.0.3; other versions and browsers may also be affected.

7. Fresh View PSP File Buffer Overflow Vulnerability
BugTraq ID: 23660
Remote: Yes
Date Published: 2007-04-25
Relevant URL: http://www.securityfocus.com/bid/23660
Summary:
Fresh View is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to load a malicious PSP file. If successful, the attacker can execute arbitrary code in the context of the affected application.

This issue affects Fresh View 7.15; other versions may also be affected.

8. Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability
BugTraq ID: 23656
Remote: Yes
Date Published: 2007-04-25
Relevant URL: http://www.securityfocus.com/bid/23656
Summary:
ClamAV is prone to a denial-of-service vulnerability.

A successful attack may allow an attacker to cause denial-of-service conditions.

9. ABC-View Manager PSP File Buffer Overflow Vulnerability
BugTraq ID: 23653
Remote: Yes
Date Published: 2007-04-25
Relevant URL: http://www.securityfocus.com/bid/23653
Summary:
ABC-View Manager is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to load a malicious PSP file. If successful, the attacker can execute arbitrary code in the context of the affected application.

This issue affects ABC-View Manager 1.42; other versions may also be affected.

10. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
BugTraq ID: 23640
Remote: Yes
Date Published: 2007-04-25
Relevant URL: http://www.securityfocus.com/bid/23640
Summary:
Nero MediaHome is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.

This issue affects Nero MediaHome 2.5.5.0 and CE 1.3.0.4; other versions may also be affected.

11. Cdelia Software ImageProcessing Malformed BMP File Denial of Service Vulnerability
BugTraq ID: 23629
Remote: Yes
Date Published: 2007-04-24
Relevant URL: http://www.securityfocus.com/bid/23629
Summary:
Cdelia Software ImageProcessing is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

12. Nullsoft Winamp PLS File Remote Denial of Service Vulnerability
BugTraq ID: 23627
Remote: Yes
Date Published: 2007-04-24
Relevant URL: http://www.securityfocus.com/bid/23627
Summary:
Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed PLS files.

Successfully exploiting this issue allows remote attackers to crash affected applications.

This issue is reported to affect Winamp 5.33; other versions may also be affected.

13. Sendmail Unspecified Denial Of Service Vulnerability
BugTraq ID: 23606
Remote: Yes
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23606
Summary:
Sendmail is prone to a denial-of-service vulnerability.

No further information is available at the moment.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Insufficient information is currently available to determine whether this is only an HP-specific issue. This BID will be updated as soon as more information emerges.

This issue may have already been disclosed in a previous BID, but not enougyh information is available for a proper correlation at this time. This BID may be retired as more information emerges.

14. OpenSSH S/Key Remote Information Disclosure Vulnerability
BugTraq ID: 23601
Remote: Yes
Date Published: 2007-04-23
Relevant URL: http://www.securityfocus.com/bid/23601
Summary:
OpenSSH contains an information-disclosure vulnerability when S/Key authentication is enabled. This issue occurs because the application fails to properly obscure the existence of valid usernames in authentication attempts.

Exploiting this vulnerability allows remote users to test for the existence of valid usernames. Knowledge of system users may aid in further attacks.

15. WSFTP Null Pointer Dereference Remote Denial of Service Vulnerability
BugTraq ID: 23584
Remote: Yes
Date Published: 2007-04-21
Relevant URL: http://www.securityfocus.com/bid/23584
Summary:
WSFTP is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Restrict Windows login to certain IPs/hosts for certain domain accounts?
http://www.securityfocus.com/archive/88/467049

2. SecurityFocus Microsoft Newsletter #339
http://www.securityfocus.com/archive/88/466877

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008uPd

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive