News

Thursday, September 04, 2008

SecurityFocus Microsoft Newsletter #410

SecurityFocus Microsoft Newsletter #410
----------------------------------------

This issue is sponsored by Sponsored by Motorola Good technology

Mobile Device Security: Securing the Handheld, Securing the Enterprise. Mobile devices represent a tremendous productivity advantage for today's mobile worker. However, IT organizations must give consideration to the deployment of device security policies in order to provide the level of security that enterprises require
http://dinclinx.com/Redirect.aspx?36;1267;45;189;0;13;1ea6f133b6f4a2b1


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft September 2008 Advance Notification Multiple Vulnerabilities
2. Wireshark 1.0.2 Multiple Vulnerabilities
3. Moodle Multiple Remote File Include Vulnerabilities
4. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
5. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
6. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability
7. Retired: Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability
8. PureMessage for Microsoft Exchange RTF Multiple Denial Of Service Vulnerabilities
9. Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability
10. Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability
11. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
12. JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability
13. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #409
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478

2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft September 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 31014
Remote: Yes
Date Published: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31014
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on September 9, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created to document the issues when the bulletins are released.

2. Wireshark 1.0.2 Multiple Vulnerabilities
BugTraq ID: 31009
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/31009
Summary:
Wireshark is prone to multiple vulnerabilities, including buffer-overflow and denial-of-service issues.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.7 up to and including 1.0.2.

3. Moodle Multiple Remote File Include Vulnerabilities
BugTraq ID: 30995
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30995
Summary:
Moodle is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

These issues affect Moodle 1.8.4; other versions may also be affected.

4. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
BugTraq ID: 30993
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30993
Summary:
Open-FTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to crash the affected application, denying service to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.

Open-FTPD 1.2 is vulnerable; other versions may also be affected.

5. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30992
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30992
Summary:
@Mail and @Mail WebMail are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect the following versions:

@Mail WebMail 5.05 running on Microsoft Windows
@Mail 5.42 running on CentOS

Other versions running on different platforms may also be affected.

6. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability
BugTraq ID: 30970
Remote: Yes
Date Published: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30970
Summary:
Softalk Mail Server is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Softalk Mail Server 8.5.1 is vulnerable; other versions may also be affected.

7. Retired: Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability
BugTraq ID: 30933
Remote: Yes
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30933
Summary:
Microsoft Windows is prone to a heap-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF files.

A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer.

NOTE: This BID is being retired because further analysis indicates that this vulnerability is the same issue described in BID 28571 (Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability).

8. PureMessage for Microsoft Exchange RTF Multiple Denial Of Service Vulnerabilities
BugTraq ID: 30881
Remote: Yes
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30881
Summary:
PureMessage for Microsoft Exchange is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly process certain messages.

An attacker may exploit these issues to crash the affected application, denying service to legitimate users.

PureMessage 3.0 is vulnerable; other versions may also be affected.

9. Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability
BugTraq ID: 30863
Remote: Yes
Date Published: 2008-08-27
Relevant URL: http://www.securityfocus.com/bid/30863
Summary:
Ultra Office Control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.

Successful exploits may allow attackers to compromise affected computers.

Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected.

10. Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability
BugTraq ID: 30861
Remote: Yes
Date Published: 2008-08-27
Relevant URL: http://www.securityfocus.com/bid/30861
Summary:
Ultra Office Control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected.

11. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
BugTraq ID: 30832
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30832
Summary:
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running an application that uses the affected library. Failed exploit attempts will likely crash applications using the affected library.

LibTIFF 3.7.2 and 3.8.2 are vulnerable.

12. JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability
BugTraq ID: 30828
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30828
Summary:
Ichitaro is prone to an unspecified remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition.

Ichitaro 2008 is vulnerable; other versions may also be affected.

13. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
BugTraq ID: 30818
Remote: No
Date Published: 2008-08-25
Relevant URL: http://www.securityfocus.com/bid/30818
Summary:
DriveCrypt is prone to a security vulnerability that may cause a denial-of-service condition or allow attackers to gain access to plain text passwords.

Local attackers can exploit this issue to gain access to access to sensitive information or cause the affected computer to reboot.

DriveCrypt Plus Pack version 3.9 is vulnerable; other versions may also be affected.

Note: This vulnerability is the same issue described in BID 15751 (Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness) therefore this BID is being retired.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #409
http://www.securityfocus.com/archive/88/495853

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Motorola Good technology

Mobile Device Security: Securing the Handheld, Securing the Enterprise. Mobile devices represent a tremendous productivity advantage for today's mobile worker. However, IT organizations must give consideration to the deployment of device security policies in order to provide the level of security that enterprises require
http://dinclinx.com/Redirect.aspx?36;1267;45;189;0;13;1ea6f133b6f4a2b1

No comments:

Blog Archive