QODS ec

Tuesday, June 29, 2004

SEC: SecurityFocus Microsoft Newsletter #195

SecurityFocus Microsoft Newsletter #195
----------------------------------------

This issue sponsored by: FaceTime

Free Webinar! Enterprise IM: How IT Managers Can Survive.
Featured Speaker: Nate Root, Senior Analyst, Forrester Research. IT
directors and security managers will gain new insights to balance
compliance and security risks. Highlights an integrated solution from
FaceTime Communications and MSN Messenger Connect for Enterprises. Ideal
for financial services, healthcare, energy companies and other regulated
organizations.

View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040629

------------------------------------------------------------------------
I. FRONT AND CENTER
1. Packet Crafting for Firewall & IDS Audits (Part 1 of 2)
2. When Spyware Crosses the Line
3. Redmond's Butterfly Effect
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Non-FQDN URI Address Zone Bypass...
2. Multiple Vendor Broadband Router Web-Based Administration De...
3. PHP-Nuke Multiple Vulnerabilities
4. VBulletin Multiple Module HTML Injection Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Consumer Security Web Site (Thread)
2. Article Announcement: Redmond's Butterfly Effect (Thread)
3. [news] Consumer Security Web Site (Thread)
4. Problem with patches after import the Windows 2003 b... (Thread)
5. SecurityFocus Microsoft Newsletter #194 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Softros LAN Messenger
2. Network Time System
3. Anon-Encrypt
4. RSI
5. WiSSH
6. Firewall RuleMaker
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Athena 1.0
2. CryptoHeaven v2.4.0
3. XArp 0.1
4. Honeynet Security Console 1.0
5. LogMonitor 1.0
6. Ettercap v0.7.0 pre2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Packet Crafting for Firewall & IDS Audits (Part 1 of 2)
By Don Parker

This article is the first of a two-part series that will discuss various
methods to test the integrity of your firewall and IDS using low-level
TCP/IP packet crafting tools and techniques.

http://www.securityfocus.com/infocus/1787

2. When Spyware Crosses the Line
By Kelly Martin

"Spyware" isn't harmless software when it starts hijacking your browser,
downloading updates, and displaying adult porn images to small children.

http://www.securityfocus.com/columnists/250

3. Redmond's Butterfly Effect
By Tim Mullen

Criminals are benefiting from an Internet Explorer that's so complex even
Microsoft can't predict its behavior.

http://www.securityfocus.com/columnists/251

II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Internet Explorer Non-FQDN URI Address Zone Bypass...
BugTraq ID: 10579
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10579
Summary:
Microsoft Internet Explorer is prone to a zone bypass vulnerability. A remote attacker may execute code in the Intranet zone. An attacker can exploit this issue by using a non-FQDN URI.

Successful exploitation of this vulnerability could lead to the execution of malicious script or ActiveX controls in the Intranet zone.

Update: It is reported that this issue can also be exploited to bypass to other zones. For example, by using a trusted URI, an attacker can access the Trusted zone.

This issue seems to be related to BID 10517 (Multiple Browser URI Obfuscation Weakness).

2. Multiple Vendor Broadband Router Web-Based Administration De...
BugTraq ID: 10585
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10585
Summary:
Multiple broadband routers from several different vendors, used for home and small office Internet sharing and routing are reported affected by a denial of service vulnerability in their web-based administration interfaces.

The embedded web server is reportedly unable to maintain more than a small number of simultaneous TCP connections. An attacker who maintains a number of connections to port 80 of an affected device will block access to the web administration application for legitimate users.

An attacker could block access to the administration interface as long as they can maintain the TCP connections.

Netgear FVS318, Linksys BEFSR41, and Microsoft MN-500 devices are reported to be susceptible.

3. PHP-Nuke Multiple Vulnerabilities
BugTraq ID: 10595
Remote: Yes
Date Published: Jun 23 2004
Relevant URL: http://www.securityfocus.com/bid/10595
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting, HTML injection, and SQL injection attacks.

Although unconfirmed, all versions of PHP-Nuke are considered to be vulnerable at this point. This BID will be updated as more information becomes available.

4. VBulletin Multiple Module HTML Injection Vulnerability
BugTraq ID: 10602
Remote: Yes
Date Published: Jun 24 2004
Relevant URL: http://www.securityfocus.com/bid/10602
Summary:
VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts.

An attacker may exploit this issue by including hostile HTML and script code in fields that may be viewable by other users, potentially allowing for theft of cookie-based authentication credentials and other attacks.

This issue is reported to affect VBulletin version 3.0.1, however, it is likely that other versions are affected as well.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Consumer Security Web Site (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/367370

2. Article Announcement: Redmond's Butterfly Effect (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/367361

3. [news] Consumer Security Web Site (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/367326

4. Problem with patches after import the Windows 2003 b... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/366904

5. SecurityFocus Microsoft Newsletter #194 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/366852

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Softros LAN Messenger
By: Softros Systems Inc.
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://messenger.softros.com
Summary:

Softros Messenger is a secure network messaging software application for corporate LANs (local area networks). It does not require a server and is very easy to install and use. Softros Messenger comes with a variety of handy features, like message notification alarms, personal or group messaging, and intuitive interface. Softros Messenger offers strong encryption options for all incoming and outgoing messages, guaranteeing no unauthorized person ever reads personal correspondence. The program is very stable when running under any Windows operating system and in any TCP/IP network, regardless of its size. Also Softros Messenger correctly identifies and works under Windows NT/2000/XP limited user accounts (without administrative privileges).

2. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:

Network Time System - Secure, fast and accurate time sync software across entire network.

3. Anon-Encrypt
By: RiserSoft Corporation
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://risersoft.com/anon-encrypt.php
Summary:

Surf the Internet Totally Anonymous, and Fully Encrypted with our Internet Explorer Pluging!

4. RSI
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.digitallabs.net/rsi/
Summary:

Remote System Information audits your network for critical hardware and software information and displays the results in a clear, exportable spreadsheet view.

Remote Registry technology provides the ability to dynamically scan your network without the need to install client software.

5. WiSSH
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.wissh.com
Summary:

WiSSH (Windows over SSH) utilizes SSH tunneling technology to secure Microsoft's RDP protocol. Allows access to multiple hosts behind your network perimeter with only a single host's SSH port open to the Internet

6. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:

Firewall RuleMaker is a Windows-based firewall configuration version control software product for managers of Cisco PIX and Netscreen firewalls.

V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Athena 1.0
By: Steve Lord
Relevant URL: http://www.buyukada.co.uk/projects/athena/
Platforms: Windows 2000, Windows XP
Summary:

Athena is a search engine query tool designed to help find information leakage vulnerabilties using 'googledork' strings. Athena uses an extensible configuration format that supports multiple search engines (Yahoo and Google included). Athena is designed with ease of use in mind and a full illustrated manual is included featuring a full walkthrough.

2. CryptoHeaven v2.4.0
By: Marcin Kurzawa
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.

3. XArp 0.1
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:

XArp is a graphical tool to monitor the ARP cache. It periodically requests the local ARP cache and reports changes in the IP to MAC mapping. Thus it can be used to recognize ARP poisoning which is used to prepare 'man in the middle' attacks on switched networks.

4. Honeynet Security Console 1.0
By: Activeworx, Inc.
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows XP
Summary:

Honeynet Security Console is an analysis tool to view events on your personal honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. It also allows you to correlate events from each of these data types to have a full grasp of the attackers' actions.

5. LogMonitor 1.0
By: Adam Richard/S├ęcurIT Informatique Inc.
Relevant URL: ftp://ftp.digitalvoodoo.org/pub/mirrors/securit/Logmon10free.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:

LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for the GUI which is a complete makeover. Instead of focusing on network location, LogMonitor presents the data in a set of floating windows grouped by application, which may be a more intuitive interface to some people. The analysis is performed by defining the fields of each log we are monitoring, and then by using these fields to define rules as to what is important data or not.

6. Ettercap v0.7.0 pre2
By: ALoR
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:

Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

VII. SPONSOR INFORMATION
-----------------------

This issue sponsored by: FaceTime

Free Webinar! Enterprise IM: How IT Managers Can Survive.
Featured Speaker: Nate Root, Senior Analyst, Forrester Research. IT
directors and security managers will gain new insights to balance
compliance and security risks. Highlights an integrated solution from
FaceTime Communications and MSN Messenger Connect for Enterprises. Ideal
for financial services, healthcare, energy companies and other regulated
organizations.

View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040629

------------------------------------------------------------------------

0 Comments:

Post a Comment

<< Home


Get Firefox!