News

Thursday, April 03, 2008

SecurityFocus Microsoft Newsletter #388

SecurityFocus Microsoft Newsletter #388
----------------------------------------

This issue is sponsored by IBM® Rational® AppScan

Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities.
Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft April 2008 Advance Notification Multiple Vulnerabilities
2. Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability
3. Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service Vulnerability
4. HP OpenView Network Node Manager 'OVAS.EXE' Buffer Overflow Vulnerability
5. IBM DB2 Content Manager Unspecified Security Vulnerability
6. NoticeWare Corporation NoticeWare Email Server Denial Of Service Vulnerability
7. Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure Vulnerability
8. PowerDNS Remote Cache Poisoning Vulnerability
9. SLMail Pro Multiple Remote Denial Of Service and Memory Corruption Vulnerabilities
10. avast! Home/Professional Local Privilege Escalation Vulnerability
11. Microsoft Internet Explorer 7 Popup Window Address Bar URI Spoofing Vulnerability
12. Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
13. Quick Tftp Server Pro 'mode' Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. More along the lines of malware disinfection
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469

2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft April 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 28598
Remote: Yes
Date Published: 2008-04-03
Relevant URL: http://www.securityfocus.com/bid/28598
Summary:
Microsoft has released advance notification that the vendor will be releasing eight security bulletins on April 8, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

2. Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability
BugTraq ID: 28581
Remote: Yes
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28581
Summary:
Microsoft Internet Explorer is prone to a script-injection vulnerability when handling specially crafted requests to 'acr_error.htm' via the 'res://' protocol. The file resides in the 'ieframe.dll' dynamic-link library.

An attacker may leverage this issue to execute arbitrary code in the context of a user's browser. Successful exploits can allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information stored on the victim's computer, and launch other attacks.

Internet Explorer 8 is vulnerable. Internet Explorer 7 is likely vulnerable as well, but this has not been confirmed.

3. Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service Vulnerability
BugTraq ID: 28580
Remote: Yes
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28580
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue will allow attackers to crash the application, denying service to legitimate users.

This issue affects Microsoft Internet Explorer 8 Beta 1.

4. HP OpenView Network Node Manager 'OVAS.EXE' Buffer Overflow Vulnerability
BugTraq ID: 28569
Remote: Yes
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28569
Summary:
HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the Network Node Manager process. This facilitates the remote compromise of affected computers.

Network Node Manager 7.51 running on Microsoft Windows is affected by this issue; other versions and platforms may also be vulnerable.

5. IBM DB2 Content Manager Unspecified Security Vulnerability
BugTraq ID: 28567
Remote: No
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28567
Summary:
IBM DB2 Content Manager is prone to an unspecified security vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

Versions prior to 8.3 Fix Pack 8 are vulnerable.

6. NoticeWare Corporation NoticeWare Email Server Denial Of Service Vulnerability
BugTraq ID: 28559
Remote: Yes
Date Published: 2008-04-01
Relevant URL: http://www.securityfocus.com/bid/28559
Summary:
NoticeWare Email Server is prone to a denial-of-service vulnerability due to an unspecified error.

Remote attackers can exploit this issue to deny service to legitimate users.

The issue affects NoticeWare Email Server 4.6.1.0; other versions may also be vulnerable.

7. Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure Vulnerability
BugTraq ID: 28548
Remote: Yes
Date Published: 2008-04-01
Relevant URL: http://www.securityfocus.com/bid/28548
Summary:
Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically triggered when validating X.509 certificates.

Successful exploits allow attackers to trigger HTTP requests to arbitrary hosts and ports without confirmation or notification to unsuspecting users. Attackers may use this for determining when email and documents are read, for port scanning, or for aiding in other attacks.

The following products are known to exhibit this issue:

Microsoft Outlook 2007
Microsoft Windows Live Mail 2008
Microsoft Office 2007

Other products that use the Crypto API provided by Windows may also be affected.

8. PowerDNS Remote Cache Poisoning Vulnerability
BugTraq ID: 28517
Remote: Yes
Date Published: 2008-03-31
Relevant URL: http://www.securityfocus.com/bid/28517
Summary:
PowerDNS is prone to a remote cache-poisoning vulnerability because of a weakness in the use of random number generators.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions prior to PowerDNS 3.1.5 are vulnerable to this issue.

9. SLMail Pro Multiple Remote Denial Of Service and Memory Corruption Vulnerabilities
BugTraq ID: 28505
Remote: Yes
Date Published: 2008-03-31
Relevant URL: http://www.securityfocus.com/bid/28505
Summary:
SLMail Pro is prone to multiple remote denial-of-service vulnerabilities and memory-corruption vulnerabilities.

Attackers can exploit these issues to crash the application, resulting in denial-of-service conditions. Given the nature of some of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.

SLMail Pro 6.3.1.0 is vulnerable; other versions may also be affected.

10. avast! Home/Professional Local Privilege Escalation Vulnerability
BugTraq ID: 28502
Remote: No
Date Published: 2008-03-30
Relevant URL: http://www.securityfocus.com/bid/28502
Summary:
avast! is prone to a local privilege-escalation vulnerability because it fails adequately sanitize user-supplied data.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.

Versions prior to avast! Home/Professional 4.8.1169 are vulnerable.

11. Microsoft Internet Explorer 7 Popup Window Address Bar URI Spoofing Vulnerability
BugTraq ID: 28498
Remote: Yes
Date Published: 2008-03-28
Relevant URL: http://www.securityfocus.com/bid/28498
Summary:
Internet Explorer 7 is affected by a URI-spoofing vulnerability.

An attacker may leverage this issue by inserting strings to spoof the source URI of a file presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Internet Explorer 7 is affected by this issue.

Reports indicate that unspecified versions of Firefox are also prone to this issue, but this has not been confirmed.

12. Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
BugTraq ID: 28485
Remote: Yes
Date Published: 2008-03-28
Relevant URL: http://www.securityfocus.com/bid/28485
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.99.2 up to and including 0.99.8.

13. Quick Tftp Server Pro 'mode' Remote Buffer Overflow Vulnerability
BugTraq ID: 28459
Remote: Yes
Date Published: 2008-03-26
Relevant URL: http://www.securityfocus.com/bid/28459
Summary:
Quick Tftp Server Pro is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. More along the lines of malware disinfection
http://www.securityfocus.com/archive/88/489751

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by IBM® Rational® AppScan

Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities.
Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r

No comments:

Blog Archive