News

Thursday, October 25, 2007

SecurityFocus Microsoft Newsletter #365

SecurityFocus Microsoft Newsletter #365
----------------------------------------

This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!" - White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D5K3


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Rebinding attacks unbound
2.Aspect-Oriented Programming and Security
II. MICROSOFT VULNERABILITY SUMMARY
1. eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability
2. IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities
3. Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability
4. SpeedFan Speedfan.sys Local Privilege Escalation Vulnerability
5. Macrovision SafeDisc SecDRV.SYS Method_Neither Local Privilege Escalation Vulnerability
6. Drupal Prior To 4.7.8 and 5.3 Multiple Remote Vulnerabilities
7. Nortel Networks UNIStim IP Softphone RTCP Port Buffer Overflow Vulnerability
8. Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability
9. WWWISIS IsisScript Local File Disclosure Vulnerability
10. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
11. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #364
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Rebinding attacks unbound
By Federico Biancuzzi
DNS rebinding was discovered in 1996 and affected the Java Virtual Machine (VM). Recently a group of researchers at Stanford found out that this vulnerability is still present in browsers and that the common solution, known as DNS pinning, is not effective anymore.
http://www.securityfocus.com/columnists/455

2.Aspect-Oriented Programming
By Rohit Sethi
Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development.
http://www.securityfocus.com/infocus/1895


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. eIQnetworks Enterprise Security Analyzer SEARCHREPORT Command Remote Buffer Overflow Vulnerability
BugTraq ID: 26189
Remote: Yes
Date Published: 2007-10-24
Relevant URL: http://www.securityfocus.com/bid/26189
Summary:
The application is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Enterprise Security Analyzer 2.5; other versions may also be vulnerable.

2. IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 26175
Remote: Yes
Date Published: 2007-10-23
Relevant URL: http://www.securityfocus.com/bid/26175
Summary:
IBM Lotus Notes is prone to multiple buffer-overflow vulnerabilities.

Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application.

Lotus Notes 7.0.2 is prone to these issues; other versions may also be vulnerable.

3. Mono System.Web StaticFileHandler.CS Source Code Information Disclosure Vulnerability
BugTraq ID: 26166
Remote: Yes
Date Published: 2007-10-22
Relevant URL: http://www.securityfocus.com/bid/26166
Summary:
Mono is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.

This issue affects versions prior to Mono 1.2.5.2 running on Windows platforms.

4. SpeedFan Speedfan.sys Local Privilege Escalation Vulnerability
BugTraq ID: 26123
Remote: No
Date Published: 2007-10-18
Relevant URL: http://www.securityfocus.com/bid/26123
Summary:
SpeedFan is prone to a local privilege-escalation vulnerability.

An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

5. Macrovision SafeDisc SecDRV.SYS Method_Neither Local Privilege Escalation Vulnerability
BugTraq ID: 26121
Remote: No
Date Published: 2007-10-18
Relevant URL: http://www.securityfocus.com/bid/26121
Summary:
Macrovision SafeDisc is prone to a local privilege-escalation vulnerability because it fails to adequately sanitize user-supplied input.

This vulnerability allows local attackers to execute arbitrary malicious code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

6. Drupal Prior To 4.7.8 and 5.3 Multiple Remote Vulnerabilities
BugTraq ID: 26119
Remote: Yes
Date Published: 2007-10-18
Relevant URL: http://www.securityfocus.com/bid/26119
Summary:
Drupal is prone to multiple remote vulnerabilities:

- A cross-site request-forgery vulnerability.
- An HTTP response-splitting vulnerability.
- An HTML-injection vulnerability.
- A vulnerability that may allow an attacker to mail unpublished comments.
- An arbitrary-code-execution vulnerability.

An attacker may exploit these vulnerabilities to:

- Influence or misrepresent how web content is served, cached, or interpreted.
- Execute arbitrary code within the context of the webserver process.
- Steal cookie-based authentication credentials, allowing the attacker to launch other attacks.

7. Nortel Networks UNIStim IP Softphone RTCP Port Buffer Overflow Vulnerability
BugTraq ID: 26118
Remote: Yes
Date Published: 2007-10-18
Relevant URL: http://www.securityfocus.com/bid/26118
Summary:
Nortel Networks UNIStim IP Softphone is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

8. Microsoft Windows Mobile SMS Handler Source Obfuscation Vulnerability
BugTraq ID: 26091
Remote: Yes
Date Published: 2007-10-17
Relevant URL: http://www.securityfocus.com/bid/26091
Summary:
Microsoft Windows Mobile is prone to a vulnerability that can result in the obfuscation of an SMS message source.

Attackers can exploit this issue to anonymously send malicious messages to affected devices.

Microsoft Windows Mobile 5 PocketPC is vulnerable; other versions may also be affected.

9. WWWISIS IsisScript Local File Disclosure Vulnerability
BugTraq ID: 26079
Remote: Yes
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26079
Summary:
WWWISIS is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process.

An attacker may be able to exploit this issue to retrieve potentially sensitive information that may aid in further attacks.

This issue affects WWWISIS 7.1; other versions may also be vulnerable.

10. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
BugTraq ID: 26076
Remote: Yes
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26076
Summary:
Novell SUSE Linux Enterprise Server is prone to a denial-of-service vulnerability becuase it fails to adequately handle certain GSS-TSIG requests that require the 'libgssapi' library.

Attackers can exploit this issue to cause denial-of-service conditions.

Versions prior to 'libgssapi' 0.6-13.17 as found in Enterprise Server 10 SP1 are vulnerable.

11. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability
BugTraq ID: 25976
Remote: No
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25976
Summary:
Microsoft ActiveSync is prone to an information-disclosure vulnerability because it fails to adequately obfuscate sensitive information.

Attackers can exploit this issue to gain PIN or password data for devices docked via USB.

Software that uses ActiveSync 4.1 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #364
http://www.securityfocus.com/archive/88/482537

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step!" - White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D5K3

No comments:

Blog Archive