News

Wednesday, November 28, 2007

SecurityFocus Microsoft Newsletter #370

SecurityFocus Microsoft Newsletter #370
----------------------------------------

This issue is Sponsored by: SPI Dynamics

XPATH Injection Attacks- Web Hackers New Trick: White Paper

One particular form of injection attack, XPath Injection, is rapidly gaining in popularity due to the spread of AJAX applications and their inherent use of XML to store data. XPath Injection can be just as dangerous as SQL Injection, and can be even easier to exploit. Learn how to identify XPath Injection vulnerabilities and which methods of recourse to take to prevent them. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D803


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Aye, Robot, or Can Computers Contract?
2.Don't blame the IDS
II. MICROSOFT VULNERABILITY SUMMARY
1. Tencent QQ LaunchP2PShare Multiple Stack Buffer Overflow Vulnerabilities
2. VanDyke VShell Unspecified Denial Of Service Vulnerability
3. Samhain Labs Samhain Insecure Random Number Generator Information Disclosure Weakness
4. Skype Technologies Skype Voicemail URI Handler Remote Denial of Service Vulnerability
5. Apple QuickTime RTSP Response Header Content-Length Remote Buffer Overflow Vulnerability
6. Apple QuickTime RTSP Response Header Remote Stack Based Buffer Overflow Vulnerability
7. Wireshark 0.99.6 Multiple Remote Vulnerabilities
8. IBM Director CIM Server Remote Denial of Service Vulnerability
9. SMF Private Forum Messages Information Disclosure Vulnerability
10. Microsoft Windows Insecure Random Number Generator Information Disclosure Weakness
III. MICROSOFT FOCUS LIST SUMMARY
1. Windows NT Desktop
2. Security and Implications of Hosted Exchange
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Aye, Robot, or Can Computers Contract?
By Mark Rasch
A contract is usually described as a "meeting of the minds." One person makes an offer for goods or services; another person sees the offer and negotiates terms; the parties enter into an agreement of the offer; and some form of consideration is given in return for the provision of something of value. At least that's what I remember from first year law school contracts class.

http://www.securityfocus.com/columnists/458
2.Don't blame the IDS

By Don Parker
Some years ago, I remember reading a press release from the Gartner Group. It was about intrusion detection systems (IDS) offering little return for the monetary investment in them and furthermore, that this very same security technology would be obsolete by the year 2005. A rather bold statement and an even bolder prediction on their part.
http://www.securityfocus.com/columnists/457


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Tencent QQ LaunchP2PShare Multiple Stack Buffer Overflow Vulnerabilities
BugTraq ID: 26613
Remote: Yes
Date Published: 2007-11-27
Relevant URL: http://www.securityfocus.com/bid/26613
Summary:
Tencent QQ is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

These issues affect Tencent QQ 2006 and prior versions.

2. VanDyke VShell Unspecified Denial Of Service Vulnerability
BugTraq ID: 26602
Remote: Yes
Date Published: 2007-11-27
Relevant URL: http://www.securityfocus.com/bid/26602
Summary:
VanDyke VShell is prone to a denial-of-service vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

An attacker can exploit this issue to deny access to legitimate users.

VShell 3.0.1 is vulnerable; other versions may also be affected.

3. Samhain Labs Samhain Insecure Random Number Generator Information Disclosure Weakness
BugTraq ID: 26597
Remote: Yes
Date Published: 2007-11-26
Relevant URL: http://www.securityfocus.com/bid/26597
Summary:
Samhain Labs Samhain is prone to an information-disclosure weakness because of an error in the use of the random number generator.

An attacker can exploit this issue to weaken encryption and other security-related algorithms, which may aid in further attacks.

The issue affects Samhain 2.4.0 and 2.4.0a. Note that versions prior to 2.4.0 are not vulnerable to this issue.

4. Skype Technologies Skype Voicemail URI Handler Remote Denial of Service Vulnerability
BugTraq ID: 26588
Remote: Yes
Date Published: 2007-11-26
Relevant URL: http://www.securityfocus.com/bid/26588
Summary:
Skype is prone to a remote denial-of-service vulnerability because of a NULL-pointer dereference flaw.

Successfully exploiting this issue allows remote attackers to crash the application, denying service to legitimate users.

Skype 3.6.0.216 for Microsoft Windows is vulnerable to this issue; other versions may also be affected.

5. Apple QuickTime RTSP Response Header Content-Length Remote Buffer Overflow Vulnerability
BugTraq ID: 26560
Remote: Yes
Date Published: 2007-11-24
Relevant URL: http://www.securityfocus.com/bid/26560
Summary:
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer.

This issue occurs when handling specially crafted RTSP Response headers.

Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

QuickTime 7.2 and 7.3 are vulnerable to this issue; other versions may also be affected.

6. Apple QuickTime RTSP Response Header Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 26549
Remote: Yes
Date Published: 2007-11-23
Relevant URL: http://www.securityfocus.com/bid/26549
Summary:
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer.

This issue occurs when handling specially crafted RTSP Response headers.

Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

QuickTime 7.3 is vulnerable to this issue; other versions may also be affected.

7. Wireshark 0.99.6 Multiple Remote Vulnerabilities
BugTraq ID: 26532
Remote: Yes
Date Published: 2007-11-22
Relevant URL: http://www.securityfocus.com/bid/26532
Summary:
Wireshark is prone to multiple denial-of-service and buffer-overflow vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

Versions prior to Wireshark 0.99.7 are affected.

8. IBM Director CIM Server Remote Denial of Service Vulnerability
BugTraq ID: 26509
Remote: Yes
Date Published: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26509
Summary:
The CIM Server from the IBM Director suite is prone to a remote denial-of-service vulnerability because the application fails to properly handle multiple simultaneous network connections.

Successfully exploiting this issue allows remote attackers to consume excessive CPU resources and to trigger crashes, which would deny further service to legitimate users.

IBM Director 5.20.1 and prior versions on Linux and Microsoft Windows platforms are affected.

9. SMF Private Forum Messages Information Disclosure Vulnerability
BugTraq ID: 26508
Remote: Yes
Date Published: 2007-11-20
Relevant URL: http://www.securityfocus.com/bid/26508
Summary:
SMF is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

SMF 1.1.4 is vulnerable; other versions may also be affected.

10. Microsoft Windows Insecure Random Number Generator Information Disclosure Weakness
BugTraq ID: 26495
Remote: No
Date Published: 2007-11-19
Relevant URL: http://www.securityfocus.com/bid/26495
Summary:
Microsoft Windows is prone to an information-disclosure weakness.

An attacker can exploit this issue to weaken encryption and other security-related algorithms, which may aid in further attacks.

This issue affects Microsoft Windows 2000 and Microsoft Windows XP.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Windows NT Desktop
http://www.securityfocus.com/archive/88/484060

2. Security and Implications of Hosted Exchange
http://www.securityfocus.com/archive/88/483800

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

XPATH Injection Attacks- Web Hackers New Trick: White Paper

One particular form of injection attack, XPath Injection, is rapidly gaining in popularity due to the spread of AJAX applications and their inherent use of XML to store data. XPath Injection can be just as dangerous as SQL Injection, and can be even easier to exploit. Learn how to identify XPath Injection vulnerabilities and which methods of recourse to take to prevent them. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D803

No comments:

Blog Archive