----------------------------------------
ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - SPI Dynamics White Paper
Web 2.0 applications are just as vulnerable to exploitation by hackers as their predecessors. When Web 2.0 applications push functionality and even code down to the client, it provides hackers with a wealth of information they can use to formulate attacks. Cross-Site Scripting, Web Application Worms and Feed Injection are attacks that have become even more dangerous when enacted against a Web 2.0 application. Learn how to secure your web apps against exploitation, download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000Cwmw
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Security conferences versus practical knowledge
2. Achtung! New German Laws on Cybercrime
II. MICROSOFT VULNERABILITY SUMMARY
1. UltraDefrag FindFiles Function Buffer Overflow Vulnerability
2. Guidance Software EnCase Forensic Unspecified Denial Of Service Vulnerability
3. Guidance Software EnCase Forensic Multiple Denial Of Service Vulnerabilities
4. Drupal Multiple Cross-Site Scripting Vulnerabilities
5. CrystalPlayer Playlist File Buffer Overflow Vulnerability
6. Microsoft Windows ARP Request Denial of Service Vulnerability
7. Sun Java System Application Server JSP Source Code Disclosure Vulnerability
8. Computer Associates Multiple Products Message Queuing Remote Stack Buffer Overflow Vulnerability
9. Kerio MailServer Attachment Filter Unspecified Vulnerability
10. Ipswitch Instant Messaging Remote Denial of Service Vulnerability
11. Zenturi ProgramChecker SASATL.DLL ActiveX Control Scan Method Buffer Overflow Vulnerability
12. Microsoft Internet Explorer SeaMonkey Browser URI Handler Command Injection Vulnerability
13. Microsoft Windows Explorer GIF File Denial of Service Vulnerability
14. Data Dynamics ActiveReports Actrpt2.DLL ActiveX Control Arbitrary File Overwrite Vulnerability
15. ESET NOD32 Antivirus Multiple Remote Vulnerabilities
16. DokuWiki Spell_UTF8Test Function HTML Injection Vulnerability
17. Opera Web Browser Dangling Pointer Remote Code Execution Vulnerability
18. Microsoft DirectX RLE Compressed Targa Image File Heap Overflow Overflow Vulnerability
19. Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities
20. Data Dynamics ActiveBar Actbar3.OCX ActiveX Control Multiple Insecure Methods Vulnerabilities
21. QuickerSite Default.ASP Cross-Site Scripting Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. User Access Control
2. win2k3 active directory - firewall ports
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather well to suit the needs of their clients, the computer conference - specifically the computer security conference - has declined in relevance to the everyday sys-admin and network security practitioners.
http://www.securityfocus.com/columnists/449
2. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap.
http://www.securityfocus.com/columnists/448
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. UltraDefrag FindFiles Function Buffer Overflow Vulnerability
BugTraq ID: 25102
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25102
Summary:
UltraDefrag is prone to a buffer-overflow vulnerability. This issue is due to a failure of the application to perform adequate bounds checks on user-supplied data.
Successfully exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.
UltraDefrag versions prior to 1.0.4 are vulnerable to this issue.
2. Guidance Software EnCase Forensic Unspecified Denial Of Service Vulnerability
BugTraq ID: 25101
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25101
Summary:
Guidance Software EnCase Forensic is prone to an unspecified denial-of-service vulnerability because it fails to handle specially-crafted file systems.
Attackers can exploit this issue to cause denial-of-service conditions. This can delay and complicate forensic investigations.
NOTE: This issue may be related to the issues described in BID: 25100.
EnCase Forensics version 5.0 is vulnerable; other versions may also be affected.
3. Guidance Software EnCase Forensic Multiple Denial Of Service Vulnerabilities
BugTraq ID: 25100
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25100
Summary:
Guidance Software EnCase Forensic is prone to multiple denial-of-service vulnerabilities because it fails to handle specially-crafted and malformed NTFS file systems.
Attackers can exploit this issue to crash the application or cause it to hang. This can delay and complicate forensic investigations.
4. Drupal Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25097
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.securityfocus.com/bid/25097
Summary:
Drupal is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to 4.7.7 and prior to 5.2 are vulnerable to these issues.
5. CrystalPlayer Playlist File Buffer Overflow Vulnerability
BugTraq ID: 25083
Remote: Yes
Date Published: 2007-07-26
Relevant URL: http://www.securityfocus.com/bid/25083
Summary:
CrystalPlayer is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the application. Successfully exploiting this issue will result in a compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects CrystalPlayer 1.98; other versions may also be vulnerable.
6. Microsoft Windows ARP Request Denial of Service Vulnerability
BugTraq ID: 25066
Remote: Yes
Date Published: 2007-07-25
Relevant URL: http://www.securityfocus.com/bid/25066
Summary:
Microsoft Windows is prone to a denial-of-service vulnerability due to its inefficient handling of malicious ARP requests.
Attackers can exploit this issue to consume excessive CPU resources, denying service to legitimate users for the duration of the attack.
Microsoft Windows XP SP2 and Vista are vulnerable to this issue; other Microsoft operating systems and versions may also be affected.
7. Sun Java System Application Server JSP Source Code Disclosure Vulnerability
BugTraq ID: 25058
Remote: Yes
Date Published: 2007-07-25
Relevant URL: http://www.securityfocus.com/bid/25058
Summary:
Sun Java System Application Server on Microsoft Windows is prone to a vulnerability that may allow remote attackers to obtain sensitive JSP source code, which may aid them in further attacks.
8. Computer Associates Multiple Products Message Queuing Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 25051
Remote: Yes
Date Published: 2007-07-24
Relevant URL: http://www.securityfocus.com/bid/25051
Summary:
Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability. This issue affects the Message Queuing (CAM/CAFT) component. The application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges.
This issue affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and NetWare.
9. Kerio MailServer Attachment Filter Unspecified Vulnerability
BugTraq ID: 25038
Remote: Yes
Date Published: 2007-07-24
Relevant URL: http://www.securityfocus.com/bid/25038
Summary:
Kerio MailServer is prone to an unspecified vulnerability due to an error in the attachment filter.
Very few details are currently available regarding this issue. We will update this BID as more information emerges.
Versions prior to Kerio MailServer 6.4.1 are considered vulnerable.
10. Ipswitch Instant Messaging Remote Denial of Service Vulnerability
BugTraq ID: 25031
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.securityfocus.com/bid/25031
Summary:
Ipswitch Instant Messaging Server is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected network data.
Successfully exploiting this issue allows remote attackers to crash the IM service, denying further instant messages for legitimate users.
Ipswitch IM Server 2.0.5.30 is vulnerable; other versions may also be affected.
11. Zenturi ProgramChecker SASATL.DLL ActiveX Control Scan Method Buffer Overflow Vulnerability
BugTraq ID: 25025
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.securityfocus.com/bid/25025
Summary:
The Zenturi ProgramChecker 'sasatl.dll' ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
12. Microsoft Internet Explorer SeaMonkey Browser URI Handler Command Injection Vulnerability
BugTraq ID: 25021
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.securityfocus.com/bid/25021
Summary:
Microsoft Internet Explorer is prone to a vulnerability that lets attackers inject commands through SeaMonkey's 'mailto' protocol handler.
Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through the 'SeaMonkey.exe' process by employing the 'mailto' handler.
An attacker can also employ these issues to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to SeaMonkey's resources.
Exploiting these issues would permit remote attackers to influence command options that can be called through the 'mailto' handles and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access.
13. Microsoft Windows Explorer GIF File Denial of Service Vulnerability
BugTraq ID: 25013
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.securityfocus.com/bid/25013
Summary:
Microsoft Windows Explorer is prone to a denial-of-service vulnerability.
An attacker could exploit this issue to cause Explorer to crash, effectively denying service. Arbitrary code execution may be possible, but this has not been confirmed.
This issue affects Explorer on Microsoft Windows XP SP2; other operating systems and versions may also be affected.
14. Data Dynamics ActiveReports Actrpt2.DLL ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 24994
Remote: Yes
Date Published: 2007-07-21
Relevant URL: http://www.securityfocus.com/bid/24994
Summary:
Data Dynamics ActiveReports ActiveX control is prone to an arbitrary file-overwrite vulnerability due to a design error.
An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions; other consequences are possible.
This issue affect Data Dynamics ActiveReports 2.5 and prior versions.
15. ESET NOD32 Antivirus Multiple Remote Vulnerabilities
BugTraq ID: 24988
Remote: Yes
Date Published: 2007-07-20
Relevant URL: http://www.securityfocus.com/bid/24988
Summary:
ESET NOD32 Antivirus is prone to multiple remote vulnerabilities. These issues include a heap-memory-corruption vulnerability and multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to execute arbitrary code with administrative privileges or cause the affected application to crash.
These issues affect versions prior to ESET NOD32 2.2289.
16. DokuWiki Spell_UTF8Test Function HTML Injection Vulnerability
BugTraq ID: 24973
Remote: Yes
Date Published: 2007-07-19
Relevant URL: http://www.securityfocus.com/bid/24973
Summary:
DokuWiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
DokuWiki 2007-06-26 and prior versions are vulnerable.
17. Opera Web Browser Dangling Pointer Remote Code Execution Vulnerability
BugTraq ID: 24970
Remote: Yes
Date Published: 2007-07-19
Relevant URL: http://www.securityfocus.com/bid/24970
Summary:
The Opera Web Browser is prone to a remote code-execution vulnerability that occurs when parsing a specially crafted BitTorrent header.
Exploiting this issue allows an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects Opera 9.21; prior versions may also be affected.
NOTE: This issue is reported to affect only Opera running on Microsoft Windows; other platforms running Opera may also be affected.
18. Microsoft DirectX RLE Compressed Targa Image File Heap Overflow Overflow Vulnerability
BugTraq ID: 24963
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.securityfocus.com/bid/24963
Summary:
A heap-based buffer-overflow vulnerability occurs in the Microsoft Windows DirectX component. This issue is related to the processing of compressed Targa image files. The specific vulnerability occurs because of the way these files are opened.
A successful exploit will permit attackers to execute arbitrary code in the context of the user who opens a malicious RLE Targa image file.
An attacker can exploit this issue through any means that will allow the attacker to deliver a malicious Targa file to a victim user. In web-based attack scenarios, exploits could occur automatically if the malicious page can cause the file to be loaded automatically by Windows Media Player. Other attack vectors such as email or instant messaging may require the victim user to manually open the malicious Targa file.
19. Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24962
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.securityfocus.com/bid/24962
Summary:
Ipswitch IMail Server is prone to multiple buffer-overflow vulnerabilities because the software fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
Successful attacks allow arbitrary code to run, facilitating the remote compromise of affected computers. Exploit attempts may also cause the application to crash.
Ipswitch IMail Server 2006 is vulnerable to these issues; other versions may also be affected.
20. Data Dynamics ActiveBar Actbar3.OCX ActiveX Control Multiple Insecure Methods Vulnerabilities
BugTraq ID: 24959
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.securityfocus.com/bid/24959
Summary:
Data Dynamics ActiveBar ActiveX control is prone to multiple vulnerabilities caused by insecure methods. The problem stems from a design error in the affected application.
An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in a denial-of-service condition.
These issues affect Data Dynamics ActiveBar 3.1; other versions may also be affected.
21. QuickerSite Default.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 24948
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.securityfocus.com/bid/24948
Summary:
QuickerSite is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. User Access Control
http://www.securityfocus.com/archive/88/474348
2. win2k3 active directory - firewall ports
http://www.securityfocus.com/archive/88/474237
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - SPI Dynamics White Paper
Web 2.0 applications are just as vulnerable to exploitation by hackers as their predecessors. When Web 2.0 applications push functionality and even code down to the client, it provides hackers with a wealth of information they can use to formulate attacks. Cross-Site Scripting, Web Application Worms and Feed Injection are attacks that have become even more dangerous when enacted against a Web 2.0 application. Learn how to secure your web apps against exploitation, download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000Cwmw
No comments:
Post a Comment