News

Wednesday, April 23, 2008

SecurityFocus Microsoft Newsletter #391

SecurityFocus Microsoft Newsletter #391
----------------------------------------

This issue is sponsored by HP

Top 10 security vulnerabilities in .NET configuration files: are your web applications vulnerable?
Even the smallest opening in your web application layer can grant full access to an intruder. A hacker armed with nothing more than a web browser and knowledge of basic programming techniques can steal your most sensitive information by taking advantage of openings that exist in the the web server, application configuration and source code. This free white paper, from HP Software, discusses the 10 most common .NET application configuration mistakes, the devastating effects those mistakes can have as well as best practices for managing configuration files to prevent attacks.
https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadPDF&zn=bto&cp=54_4012_100__&caid=14532&jumpid=ex_r11374_us/en/large/tsg/Top10_Security_Vulnerabilities_WP_Newsletter/3-1A4COJW_3-ULBT8Q/20080429&origin_id=3-1A4COJW


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Just Who's Being Exploited?
2.On the Border
II. MICROSOFT VULNERABILITY SUMMARY
1. Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing Vulnerabilities
2. Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
3. Microsoft 'HeartbeatCtl' ActiveX Control Remote Buffer Overflow Vulnerability
4. SubEdit Player Subtitle File Remote Buffer Overflow Vulnerability
5. IBM DB2 Universal Database ADMIN_SP_C and ADMIN_SP_C2 Prodecures Remote Code Execution Vulnerability
6. IBM DB2 'NNSTAT' Procedure Arbitrary File Overwrite Vulnerability
7. IBM DB2 Universal Database JAR File Processing Multiple Denial of Service Vulnerabilities
8. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability
9. ImageMagick Malformed PCX File Heap Overflow Vulnerability
10. ImageMagick Malformed XCF File Heap Overflow Vulnerability
11. Microsoft Works 7 'WkImgSrv.dll' ActiveX Control Remote Code Execution Vulnerability
12. Apple Safari WebKit JavaScript Regular Expression Repetition Counts Buffer Overflow Vulnerability
13. Apple Safari WebKit URI Handling Cross-Site Scripting Vulnerability
14. Apple Safari File Download Remote Memory Corruption Vulnerability
15. ICQ 'Personal Status Manager' Remote Buffer Overflow Vulnerability
16. ClamAV 'libclamav/pe.c' WWPACK File Heap Based Buffer Overflow Vulnerability
17. RETIRED: ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
18. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
19. XM Easy Personal FTP Server 'PORT and 'XCWD' Multiple Remote Denial of Service Vulnerabilities
20. ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #390
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege of being the exclusive licensor of a heretofore unpublished vulnerability in Apple's Safari web browser to researcher, Charles Miller of Independent Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470

2.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing Vulnerabilities
BugTraq ID: 28891
Remote: Yes
Date Published: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28891
Summary:
Apple Safari is prone to multiple remote vulnerabilities, including:

- A denial-of-service vulnerability caused by a write-access violation.
- A denial-of-service vulnerability caused by a read-access violation.
- A vulnerability that allows attackers to spoof the content contained in the address bar.

An attacker can exploit these issues to crash the affected application or cause the victim to interact with the attacker's malicious site.

This issue affects Apple Safari 3.1.1 for Windows; other versions may also be affected.

2. Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 28890
Remote: Yes
Date Published: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28890
Summary:
Foxit Reader is prone to two remote memory-corruption vulnerabilities because it fails to handle specially crafted PDF files.

Remote attackers may be able to execute code, but this has not been confirmed. Failed exploit attempts will crash the application, denying service to legitimate users.

Foxit Reader 2.2 is vulnerable; other versions may also be affected.

3. Microsoft 'HeartbeatCtl' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 28882
Remote: Yes
Date Published: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28882
Summary:
Microsoft 'HeartbeatCtl' ActiveX control is prone to a remote buffer-overflow vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

4. SubEdit Player Subtitle File Remote Buffer Overflow Vulnerability
BugTraq ID: 28858
Remote: Yes
Date Published: 2008-04-19
Relevant URL: http://www.securityfocus.com/bid/28858
Summary:
SubEdit Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The issue affects SubEdit Player Build 4066; other versions may also be affected.

5. IBM DB2 Universal Database ADMIN_SP_C and ADMIN_SP_C2 Prodecures Remote Code Execution Vulnerability
BugTraq ID: 28843
Remote: Yes
Date Published: 2008-04-18
Relevant URL: http://www.securityfocus.com/bid/28843
Summary:
IBM DB2 is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of the affected service. Successfully exploiting this issue may facilitate in the remote compromise of affected computers. Failed exploit attempts will likely crash the affected application.

6. IBM DB2 'NNSTAT' Procedure Arbitrary File Overwrite Vulnerability
BugTraq ID: 28836
Remote: No
Date Published: 2008-04-18
Relevant URL: http://www.securityfocus.com/bid/28836
Summary:
IBM DB2 is prone to a vulnerability that lets attackers overwrite arbitrary files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Successfully exploiting this issue will compromise the application and possibly the underlying computer.

7. IBM DB2 Universal Database JAR File Processing Multiple Denial of Service Vulnerabilities
BugTraq ID: 28835
Remote: Yes
Date Published: 2008-04-18
Relevant URL: http://www.securityfocus.com/bid/28835
Summary:
IBM DB2 Universal Database is prone to multiple denial-of-service vulnerabilities.

Successfully exploiting these issues allows authenticated attackers to cause server crashes, denying service to legitimate users.

IBM DB2 Universal Database 8, 9, and 9.5 on Microsoft Windows platforms are affected.

8. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability
BugTraq ID: 28833
Remote: No
Date Published: 2008-04-17
Relevant URL: http://www.securityfocus.com/bid/28833
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow authenticated users to elevate their privileges to LocalSystem. This facilitates the complete compromise of affected computers.

The issue affects Microsoft Windows XP Professional SP2 and all versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008.

9. ImageMagick Malformed PCX File Heap Overflow Vulnerability
BugTraq ID: 28822
Remote: Yes
Date Published: 2008-04-17
Relevant URL: http://www.securityfocus.com/bid/28822
Summary:
ImageMagick is prone to an heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. The vulnerability occurs when handling malformed PCX files.

Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition.

ImageMagick 6.2.8-0 and 6.2.4-5 are vulnerable; other versions may also be affected.

10. ImageMagick Malformed XCF File Heap Overflow Vulnerability
BugTraq ID: 28821
Remote: Yes
Date Published: 2008-04-17
Relevant URL: http://www.securityfocus.com/bid/28821
Summary:
ImageMagick is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. The vulnerability occurs when handling malformed XCF files.

Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will result in a denial-of-service condition.

ImageMagick 6.2.8-0 and earlier are vulnerable.

11. Microsoft Works 7 'WkImgSrv.dll' ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 28820
Remote: Yes
Date Published: 2008-04-17
Relevant URL: http://www.securityfocus.com/bid/28820
Summary:
Microsoft Works 7 'WkImgSrv.dll' ActiveX control is prone to a remote code-execution vulnerability because it fails to sufficiently verify user-supplied input.

An attacker can exploit this issue to run arbitrary attacker-supplied code in the context of the currently logged-in user. Failed exploits attempts will trigger denial-of-service conditions.

This issue affects Microsoft Works 7 'WkImgSrv.dll' ActiveX control 7.03.0616; other versions may also be vulnerable.

12. Apple Safari WebKit JavaScript Regular Expression Repetition Counts Buffer Overflow Vulnerability
BugTraq ID: 28815
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28815
Summary:
Apple Safari is prone to a buffer-overflow vulnerability.

Attackers may exploit this issue to execute arbitrary code or to crash the affected application. Other attacks are also possible.

This issue affects versions prior to Apple Safari 3.1.1 running on the following platforms:

Mac OS X v10.4.11
Mac OS X Server v10.4.11
Mac OS X v10.5.2
Mac OS X Server v10.5.2
Windows XP
Windows Vista

13. Apple Safari WebKit URI Handling Cross-Site Scripting Vulnerability
BugTraq ID: 28814
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28814
Summary:
Apple Safari WebKit is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Attackers may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.

This issue affects versions prior to Apple Safari 3.1.1 running on the following platforms:

Mac OS X 10.4.11
Mac OS X 10.5.2
Windows XP
Windows Vista.

14. Apple Safari File Download Remote Memory Corruption Vulnerability
BugTraq ID: 28813
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28813
Summary:
Apple Safari is prone to a remote memory-corruption vulnerability that occurs when downloading malicious files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects versions prior to Apple Safari 3.1.1 running on Microsoft Windows XP and Windows Vista.

NOTE: This vulnerability may be related to the issue described in BID 28404 (Apple Safari File Download Remote Denial of Service Vulnerability).

15. ICQ 'Personal Status Manager' Remote Buffer Overflow Vulnerability
BugTraq ID: 28803
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28803
Summary:
ICQ is prone to a remote buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers.

A remote attacker may execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects ICQ 6 build 6043; other versions may also be vulnerable.

16. ClamAV 'libclamav/pe.c' WWPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28798
Remote: Yes
Date Published: 2008-04-15
Relevant URL: http://www.securityfocus.com/bid/28798
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the vulnerable 'libclamav' library. Failed exploit attempts will likely cause denial-of-service conditions.

ClamAV 0.92.1 is vulnerable to this issue; other versions may also be affected.

17. RETIRED: ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28783
Remote: Yes
Date Published: 2008-04-15
Relevant URL: http://www.securityfocus.com/bid/28783
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the vulnerable 'libclamav' library. Failed exploit attempts will likely cause denial-of-service conditions.

ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be affected.

NOTE: This BID is being retired because it is a duplicate of BID 28756.

18. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
BugTraq ID: 28775
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28775
Summary:
Nero MediaHome is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.

This issue affects Nero MediaHome 3.3.3.0. Other versions may also be affected.

19. XM Easy Personal FTP Server 'PORT and 'XCWD' Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 28759
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28759
Summary:
XM Easy Personal FTP Server is prone to multiple remote denial-of-service vulnerabilities.

These issues allow remote attackers to crash affected FTP servers, denying service to legitimate users. Given the nature of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.

XM Easy Personal FTP Server 5.4.0 is vulnerable; other versions may also be affected.

20. ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28756
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28756
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the vulnerable 'libclamav' library. Failed exploit attempts will likely cause denial-of-service conditions.

ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #390
http://www.securityfocus.com/archive/88/490993

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP

Top 10 security vulnerabilities in .NET configuration files: are your web applications vulnerable?
Even the smallest opening in your web application layer can grant full access to an intruder. A hacker armed with nothing more than a web browser and knowledge of basic programming techniques can steal your most sensitive information by taking advantage of openings that exist in the the web server, application configuration and source code. This free white paper, from HP Software, discusses the 10 most common .NET application configuration mistakes, the devastating effects those mistakes can have as well as best practices for managing configuration files to prevent attacks.
https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadPDF&zn=bto&cp=54_4012_100__&caid=14532&jumpid=ex_r11374_us/en/large/tsg/Top10_Security_Vulnerabilities_WP_Newsletter/3-1A4COJW_3-ULBT8Q/20080429&origin_id=3-1A4COJW

No comments:

Blog Archive