QODS ec

Wednesday, June 23, 2004

SEC: SecurityFocus Microsoft Newsletter #194

SecurityFocus Microsoft Newsletter #194
----------------------------------------

This issue sponsored by: Sana Security

WILL YOUR ENTERPRISE SURVIVE THE NEXT WORM OR HACKER ATTACK?

The limitations of intrusion detection are becoming more obvious with
each worm or hacker attack. Join Sana Security and guest speaker, Eric
Ogren of the Yankee Group for a Webcast:
Wednesday, June 23, 2004 at 11:30 a.m. Pacific Time

http://www.securityfocus.com/sponsor/SanaSecurity_ms-secnews_040622

------------------------------------------------------------------------
I. FRONT AND CENTER
1. Time to Dump Internet Explorer
II. MICROSOFT VULNERABILITY SUMMARY
1. Virtual Programming VP-ASP Shopping Cart Shop$DB.ASP Cross-S...
2. Invision Power Board SSI.PHP Cross-Site Scripting Vulnerabil...
3. Sygate Personal Firewall Pro Local Fail-Close Bypass Vulnera...
4. Sygate Personal Firewall Pro Local Denial Of Service Vulnera...
5. Microsoft Internet Explorer HREF Save As Denial of Service V...
6. Pivot Remote module_db.PHP File Include Vulnerability
7. Microsoft Internet Explorer Wildcard DNS Cross-Site Scriptin...
8. Web Wiz Forums Registration_Rules.ASP Cross-Site Scripting V...
9. Symantec Enterprise Firewall DNSD DNS Cache Poisoning Vulner...
10. Check Point Firewall-1 Internet Key Exchange Information Dis...
11. Invision Power Board Potential IP Address Spoofing Vulnerabi...
12. Snitz Forums Register Script HTML Injection Vulnerability
13. Nmap Potential Insecure File Creation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #193 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. SP I-NET
2. Softros LAN Messenger
3. Network Time System
4. Anon-Encrypt
5. RSI
6. WiSSH
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Athena 1.0
2. CryptoHeaven v2.4.0
3. XArp 0.1
4. Honeynet Security Console 1.0
5. LogMonitor 1.0
6. Ettercap v0.7.0 pre2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Time to Dump Internet Explorer
By Scott Granneman

It's time to tell our users, our clients, our associates, our families,
and our friends to abandon Internet Explorer.

http://www.securityfocus.com/columnists/249

II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Virtual Programming VP-ASP Shopping Cart Shop$DB.ASP Cross-S...
BugTraq ID: 10530
Remote: Yes
Date Published: Jun 12 2004
Relevant URL: http://www.securityfocus.com/bid/10530
Summary:
VP-ASP is prone to a cross-site scripting vulnerability. This issue exists due to insufficient sanitization of user-supplied data. The problem presents itself in a parameter of the 'shop$db.asp' script.

An attacker may be able to steal the site administrator's credentials by exploiting this issue.

2. Invision Power Board SSI.PHP Cross-Site Scripting Vulnerabil...
BugTraq ID: 10539
Remote: Yes
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10539
Summary:
Invision Power Board 'ssi.php' script reported prone to a cross-site scripting vulnerability. The issue presents itself due to a lack of sufficient sanitization performed by functions in the 'ssi.php' script on user-influenced 'f' parameter. This can permit the theft of cookie-based authentication credentials; other attacks may also be possible.

3. Sygate Personal Firewall Pro Local Fail-Close Bypass Vulnera...
BugTraq ID: 10540
Remote: No
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10540
Summary:
A vulnerability is reported to affect the Sygate Personal Firewall fail-closed functionality. It is reported that the kernel-space NDIS driver does not verify the origin of messages that are received through the associated device. As a result of this it is possible for a local user to transmit a message to the kernel-space NDIS driver device in order to disable the firewall fail-closed functionality.

A local attacker may exploit this condition to disable the affected firewall completely.

4. Sygate Personal Firewall Pro Local Denial Of Service Vulnera...
BugTraq ID: 10542
Remote: No
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10542
Summary:
A local denial of service vulnerability is reported to affect the Sygate Personal Firewall. It is reported that the smc.exe service may be crashed using the List-View Control in the Sygate Personal Firewall GUI.

This issue may be exploited in conjunction with the issue described in BID 10540, in order to completely disable the affected firewall as an unprivileged user.

This vulnerability is reported to affect Sygate Personal Firewall PRO version 5.5 Build 2525. Other versions might also be affected.

5. Microsoft Internet Explorer HREF Save As Denial of Service V...
BugTraq ID: 10552
Remote: Yes
Date Published: Jun 15 2004
Relevant URL: http://www.securityfocus.com/bid/10552
Summary:
A vulnerability is reported to exist in Internet Explorer that may allow an attacker to cause the application to crash. The issue presents itself when a user attempts to invoke the "Save As" option on a malicious HREF URI.

When this URI is processed the issue leads to a crash in the running instance of Internet Explorer and all windows spawned from this instance.

6. Pivot Remote module_db.PHP File Include Vulnerability
BugTraq ID: 10553
Remote: Yes
Date Published: Jun 15 2004
Relevant URL: http://www.securityfocus.com/bid/10553
Summary:
It has been reported that Pivot is affected by a remote file include vulnerability contained within the module_db.php script. This issue is due to a failure of the application to properly sanitize user-supplied input before including it as a parameter to a file include function call.

This issue may be exploited to force the affected application to execute attacker supplied PHP script code. This may allow for command execution on the underlying system as well as other attacks.

7. Microsoft Internet Explorer Wildcard DNS Cross-Site Scriptin...
BugTraq ID: 10554
Remote: Yes
Date Published: Jun 15 2004
Relevant URL: http://www.securityfocus.com/bid/10554
Summary:
Microsoft Internet Explorer is reported to contain a cross-site scripting vulnerability for sites that have a wildcard DNS entry.

A web server with a wildcard DNS entry will respond to any hostname requested. An example DNS entry of *.example.com would allow a hostname of whatevertheattackerwanted.example.com to properly resolve.

Internet Explorer improperly interprets text inside of an anchor tag as HTML, rather than plaintext.

To exploit this issue, an attacker must either find a preexisting web site using a wildcard DNS entry or create their own. The web site must also be configured to display the hostname received in the request in the HTML returned to the user. A remote attacker may exploit this issue to potentially execute HTML or script code in the security context of the vulnerable site.

An attacker can exploit this issue to steal cookie authentication credentials, or perform other types of attacks.

8. Web Wiz Forums Registration_Rules.ASP Cross-Site Scripting V...
BugTraq ID: 10555
Remote: Yes
Date Published: Jun 15 2004
Relevant URL: http://www.securityfocus.com/bid/10555
Summary:
A vulnerability exists in the Web Wiz Forums software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data passed to the 'registration_rules.asp' script.

An attacker can exploit this issue to steal cookie authentication credentials, or perform other types of attacks.

9. Symantec Enterprise Firewall DNSD DNS Cache Poisoning Vulner...
BugTraq ID: 10557
Remote: Yes
Date Published: Jun 15 2004
Relevant URL: http://www.securityfocus.com/bid/10557
Summary:
It is reported that dnsd is prone to a cache poisoning vulnerability.

Dnsd does not ensure that the data returned from a remote DNS server contains related information about the requested records.

An attacker could exploit this vulnerability to deny service to legitimate users by redirecting traffic to inappropriate hosts. Man-in-the-middle attacks, impersonation of sites, and other attacks may be possible.

10. Check Point Firewall-1 Internet Key Exchange Information Dis...
BugTraq ID: 10558
Remote: Yes
Date Published: Jun 16 2004
Relevant URL: http://www.securityfocus.com/bid/10558
Summary:
Check Point Firewall-1 is affected by an information disclosure vulnerability during an Internet Key Exchange (IKE) phase. This issue is due to a design error that may present sensitive information to an attacker.

An attacker can leverage this issue to disclose information about the affected firewall product including the version number and various details about the firewall's capabilities. Furthermore this issue would facilitate fingerprinting or identifying a firewall by carrying out active scans.

11. Invision Power Board Potential IP Address Spoofing Vulnerabi...
BugTraq ID: 10559
Remote: Yes
Date Published: Jun 16 2004
Relevant URL: http://www.securityfocus.com/bid/10559
Summary:
It is reported that Invision Power Board is prone to an IP address spoofing vulnerability. If an attacker is using a proxy to access a remote forum, the application logs the attacker's internal IP address on the LAN, instead of the real IP address of the proxy.

This issue is reported to affect Invision Power Board version 1.3, however, it is likely that other versions are affected as well.

12. Snitz Forums Register Script HTML Injection Vulnerability
BugTraq ID: 10564
Remote: Yes
Date Published: Jun 17 2004
Relevant URL: http://www.securityfocus.com/bid/10564
Summary:
Snitz Forums is prone to an HTML injection vulnerability. User-supplied data through the 'Email' field of 'register.asp' script is not properly sanitized. It is reported that an attacker can supply malicious HTML or script code through this field that will be posted on a vulnerable forum.

Snitz Forums versions 3.4.04 and prior are affected by this issue.

13. Nmap Potential Insecure File Creation Vulnerability
BugTraq ID: 10567
Remote: No
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10567
Summary:
Nmap is reportedly prone to a potential insecure file creation vulnerability. A local user may exploit this vulnerability to cause files to be overwritten with the privileges of the user running Nmap. This issue occurs when Nmap is launched with the '-oN' option.

All versions of Nmap are considered to be vulnerable to this issue.

Further analysis has showed that this issue is not a vulnerability. This BID is being retired.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #193 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/366221

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. SP I-NET
By: Unisys
Platforms: Windows 95/98, Windows NT
Relevant URL: http://www.unisys.com/sp-security
Summary:

Designed for business-to-business communications requiring trusted relationships, SP I-NET ensures confidentiality of data, authenticates the identity of the involved parties, and ensures the privacy of their communication.

2. Softros LAN Messenger
By: Softros Systems Inc.
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://messenger.softros.com
Summary:

Softros Messenger is a secure network messaging software application for corporate LANs (local area networks). It does not require a server and is very easy to install and use. Softros Messenger comes with a variety of handy features, like message notification alarms, personal or group messaging, and intuitive interface. Softros Messenger offers strong encryption options for all incoming and outgoing messages, guaranteeing no unauthorized person ever reads personal correspondence. The program is very stable when running under any Windows operating system and in any TCP/IP network, regardless of its size. Also Softros Messenger correctly identifies and works under Windows NT/2000/XP limited user accounts (without administrative privileges).

3. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:

Network Time System - Secure, fast and accurate time sync software across entire network.

4. Anon-Encrypt
By: RiserSoft Corporation
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://risersoft.com/anon-encrypt.php
Summary:

Surf the Internet Totally Anonymous, and Fully Encrypted with our Internet Explorer Pluging!

5. RSI
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.digitallabs.net/rsi/
Summary:

Remote System Information audits your network for critical hardware and software information and displays the results in a clear, exportable spreadsheet view.

Remote Registry technology provides the ability to dynamically scan your network without the need to install client software.

6. WiSSH
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.wissh.com
Summary:

WiSSH (Windows over SSH) utilizes SSH tunneling technology to secure Microsoft's RDP protocol. Allows access to multiple hosts behind your network perimeter with only a single host's SSH port open to the Internet

V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Athena 1.0
By: Steve Lord
Relevant URL: http://www.buyukada.co.uk/projects/athena/
Platforms: Windows 2000, Windows XP
Summary:

Athena is a search engine query tool designed to help find information leakage vulnerabilties using 'googledork' strings. Athena uses an extensible configuration format that supports multiple search engines (Yahoo and Google included). Athena is designed with ease of use in mind and a full illustrated manual is included featuring a full walkthrough.

2. CryptoHeaven v2.4.0
By: Marcin Kurzawa
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.

3. XArp 0.1
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:

XArp is a graphical tool to monitor the ARP cache. It periodically requests the local ARP cache and reports changes in the IP to MAC mapping. Thus it can be used to recognize ARP poisoning which is used to prepare 'man in the middle' attacks on switched networks.

4. Honeynet Security Console 1.0
By: Activeworx, Inc.
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows XP
Summary:

Honeynet Security Console is an analysis tool to view events on your personal honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. It also allows you to correlate events from each of these data types to have a full grasp of the attackers' actions.

5. LogMonitor 1.0
By: Adam Richard/S├ęcurIT Informatique Inc.
Relevant URL: ftp://ftp.digitalvoodoo.org/pub/mirrors/securit/Logmon10free.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:

LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for the GUI which is a complete makeover. Instead of focusing on network location, LogMonitor presents the data in a set of floating windows grouped by application, which may be a more intuitive interface to some people. The analysis is performed by defining the fields of each log we are monitoring, and then by using these fields to define rules as to what is important data or not.

6. Ettercap v0.7.0 pre2
By: ALoR
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:

Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

VII. SPONSOR INFORMATION
-----------------------

This issue sponsored by: Sana Security

WILL YOUR ENTERPRISE SURVIVE THE NEXT WORM OR HACKER ATTACK?

The limitations of intrusion detection are becoming more obvious with
each worm or hacker attack. Join Sana Security and guest speaker, Eric
Ogren of the Yankee Group for a Webcast:
Wednesday, June 23, 2004 at 11:30 a.m. Pacific Time

http://www.securityfocus.com/sponsor/SanaSecurity_ms-secnews_040622

------------------------------------------------------------------------

0 Comments:

Post a Comment

<< Home


Get Firefox!