SecurityFocus Microsoft Newsletter #122

SecurityFocus Microsoft Newsletter #122

This newsletter is sponsored by: Black Hat (http://www.blackhat.com)

Spooked about Windows security? Find solutions instead. Plan now to attend the Black Hat Briefings & Training Windows Security conference, February 25-28 in Seattle, the world's premier technical event for Windows and .Net security experts. This event is fully supported by Microsoft.

The Training on February 25-26 features 7 two-day courses on the hottest subjects. The Briefings on February 27-28 features 30 of the top industry speakers presenting topics in 6 tracks. Visit www.blackhat.com to see why top security experts rave about the Black Hat Briefings.

I. FRONT AND CENTER

1. The Turkey that Bites
2. The Canary in the Data Mine
3. SecurityFocus DPP Program
4. InfoSec World Conference and Expo/2003 (March 10-12,2003,Orlando,FL) II. MICROSOFT VULNERABILITY SUMMARY
5. Blackboard Learning System search.pl SQL Injection Vulnerability
6. Microsoft Windows Locator Service Buffer Overflow Vulnerability
7. Microsoft Outlook 2002 V1 Exchange Server Security Certificate...
8. Nite Server FTPD File Disclosure Vulnerability
9. Sambar Server results.stm Cross Site Scripting Vulnerability
10. Apache Web Server MS-DOS Device Name Denial Of Service...
11. Rediff Bol URL Handling Denial Of Service Vulnerability
12. MyRoom save_item.php Arbitrary File Upload Vulnerability
13. GlobalScape CuteFTP LIST Response Buffer Overflow Vulnerability
14. CVS Directory Request Double Free Heap Corruption Vulnerability
15. Apache Web Server MS-DOS Device Name Arbitrary Code Execution...
16. Apache Web Server Illegal Character HTTP Request File...
17. Apache Web Server Default Script Mapping Bypass Vulnerability
18. Microsoft Content Management Server Cross-Site Scripting...
19. Evolvable Shambala FTP Server CWD Denial Of Service...
20. YABB SE Packages.PHP Remote File Include Vulnerability
21. WinRAR Archive File Extension Buffer Overrun Vulnerability
22. PHPOutsourcing Zorum Remote Include Command Execution...
23. Microsoft Windows MSGINA.DLL Read-Lock Denial Of Service...
24. YaBB SE News.PHP Remote File Include Vulnerability III. MICROSOFT FOCUS LIST SUMMARY
25. Attacking EFS through cached domain logon credentials (Thread)
26. At.exe Service Account - scripted or registry? (Thread)
27. Win2k log management (Thread)
28. AD replication over WAN (Thread)
29. Securing IIS/5 with ASP (Thread)
30. w2k server compromised (Thread)
31. Bypass Traverse Checking? (Thread)
32. Stopping Admin Alert SPAM (Thread)
33. Fw: Bypass Traverse Checking? (Thread)
34. SecurityFocus Microsoft Newsletter #121 (Thread)
35. Has this been exploited in a known virus yet? (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
36. MXtreme Mail Firewall
37. Contactless Smart Card Reader
38. ActivCard Gold
39. NEW TOOLS FOR MICROSOFT PLATFORMS
40. ABC CHAOS v2.1
41. DSCMD - DataSAFE Command Line Encryptor v2.0
42. FileHasher v1.0 VI. SPONSOR INFORMATION
43. FRONT AND CENTER

    ---

44. The Turkey that Bites By Jon Lasser

With last week's RIAA worm hoax, the scallywags at Gobbles raised security advisories to subversive performance art.

http://online.securityfocus.com/columnists/137

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. The Canary in the Data Mine
By Mark Rasch

At the turn of the century just past, mining companies would use a brightly colored bird in the mine shaft to protect the lives of citizens. These canaries were more sensitive to the foul, noxious and deadly but invisible vapors that would otherwise threaten the lives of the mine shaft workers. When the canaries died, the miners would know an invisible threat existed.

http://online.securityfocus.com/columnists/136

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Blackboard Learning System search.pl SQL Injection Vulnerability BugTraq ID: 6655 Remote: Yes Date Published: Jan 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6655 Summary:

Blackboard Learning system is a suite of software products available for Microsoft Windows, Linux and Solaris servers that power an "e-Education Infrastructure" for education providers.

Blackboard Learning System, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This may result in unauthorized operations being performed on the underlying database.

This vulnerability was reported to exist in the search.pl script file (the address book search feature). A remote attacker can exploit this vulnerability to brute-force user accounts. It may also be possible to conduct other attacks, such as executing stored procedures and exploiting vulnerabilities in the database server.

This vulnerability was reported for Blackboard Learning System 5.5.1,level 1 and 2. Previous releases may also be affected.

2. Microsoft Windows Locator Service Buffer Overflow Vulnerability BugTraq ID: 6666
Remote: Yes
Date Published: Jan 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6666
Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that the Microsoft Windows Locator service is affected by a remotely exploitable buffer overflow vulnerability. The condition is due to a memory copy of RPC arguments received from remote clients into a local buffer.

An attacker can exploit this vulnerability by constructing a remote procedure call that invokes Locator service with malformed parameters. When the Locator service receives this request, the malicious arguments will trigger the overflow condition.

This vulnerability may be exploited by remote attackers to execute custom instructions on the target domain controller. It is also possible to crash the service with a malicious request. It should be noted that, to exploit this vulnerability, no authentication is required. Additionally, the Locator service is enabled by default on all Windows 2000 and Windows NT Domain Controllers (DC).

3. Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability BugTraq ID: 6667
Remote: Yes
Date Published: Jan 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6667
Summary:

Microsoft Outlook 2002 is a e-mail, calendaring, and scheduling application for Microsoft Windows.

Microsoft Outlook 2002 supports various types of certificates to facilitate transport of encrypted e-mail via public key cryptography. One type of certificate supported by Microsoft Outlook 2002 is V1 Exchange Server Security certificates, which may be used in combination with a Microsoft Exchange server.

There is a flaw in the Microsoft Outlook 2002 implementation of message encryption using V1 Exchange Server Security certificates. When configured to use this method, Outlook 2002 fails to correctly encrypt messages. As a result, messages are transferred in plaintext, visible to network eavesdroppers. Furthermore, the user may assume that the message was successfully encrypted.

A remote adversary may potentially take advantage of this issue if they are in a position to intercept user mail or eavesdrop on network traffic between the client host sending the mail and hosts receiving or processing the mail.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue is reported to occur when Outlook 2002 is used to send HTML e-mail using the certificate.

It should also be noted that the implementation of digital signatures using V1 Exchange Server Security is not affected.

4. Nite Server FTPD File Disclosure Vulnerability BugTraq ID: 6648
Remote: Yes
Date Published: Jan 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6648
Summary:

Nite Server is a FTP server for Microsoft Windows platforms.

Nite Server is prone to a file disclosure vulnerability. User-supplied input is not sufficiently filtered from FTP commands. As a result, it is possible for remote FTP users to break out of the FTP root directory by issuing a 'cd' (change directory) request containing directory traversal sequences.

Any system files which are readable by the FTP server may potentially be disclosed to a malicious FTP user who exploits this vulnerability. The FTP server will typically run with SYSTEM privileges on Windows.

This issue was reported in Nite Server 1.83. Earlier versions may also be affected.

5. Sambar Server results.stm Cross Site Scripting Vulnerability BugTraq ID: 6643
Remote: Yes
Date Published: Jan 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6643
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Sambar Server is a multi-threaded web server which will run on Microsoft Windows 9x/ME/NT/2000 operating systems.

Sambar Server does not adequately filter some HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user.

An attacker can exploit this vulnerability by manipulating URI parameters in the results.stm page to include malicious HTML code. Any attacker-supplied code will be executed within the context of the website running Sambar Server.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials.

This vulnerability was reported for Sambar Server 5.3 and earlier.

6. Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability BugTraq ID: 6662
Remote: Yes
Date Published: Jan 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6662
Summary:

Apache is a freely available Web server for Unix and Linux variants, as well as Microsoft operating systems.

A vulnerability has been reported in Apache Web server for Microsoft Windows 9x/Me operating environments. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, HTTP requests that involve MS-DOS device names may cause the Apache Web server to crash.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker can exploit this vulnerability by sending a malformed HTTP GET request to the Apache server using a reserved MS-DOS device name such as
'aux'. When the server receives this request it will crash.

This vulnerability exists for Apache versions prior to 2.0.44 for Microsoft Windows 9x/Me operating environments.

7. Rediff Bol URL Handling Denial Of Service Vulnerability BugTraq ID: 6670
Remote: Yes
Date Published: Jan 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6670
Summary:

Bol is a freely available chat client available from Rediff. It is available for Microsoft Windows operating systems.

A problem could make it possible for remote user to deny service to legitimate users of the chat client.

It has been reported that a problem in Rediff Bol may allow remote users to log other users out of the Bol chat client. Due to improper handling of some types of requests, a remote user could send an URL request to the client in the form of a rbol: command that would cause the client log out.

Under ordinary circumstances, the chat client should not react input from untrusted users. This problem could make it possible for a remote user to launch a continuous denial of service against a user of the vulnerable client.

8. MyRoom save_item.php Arbitrary File Upload Vulnerability BugTraq ID: 6644
Remote: Yes
Date Published: Jan 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6644
Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

MyRoom is an online item management system implemented in PHP. It is available for a variety of platforms including Linux variant operating systems and Microsoft Windows.

A problem with MyRoom may make it possible for remote attackers to upload files to a vulnerable system.

Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary files to the system. The room/save_item.php script has been reported to be vulnerable to this issue.

Specifically, the script only checks to see whether the file to be uploaded is an image file. As such, any file that includes the allowed extensions may be uploaded. Any uploaded files will be stored in the
'img/photo' folder.

Given the ability to upload arbitrary files to the host, an attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.

This vulnerability was reported for MyRoom 3.5 GOLD.

9. GlobalScape CuteFTP LIST Response Buffer Overflow Vulnerability BugTraq ID: 6642
Remote: Yes
Date Published: Jan 18 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6642
Summary:

CuteFTP is a commercially available FTP client distributed by GlobalScape. It is available for the Microsoft Windows platform.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A buffer overflow condition has been reported for the CuteFTP application. The vulnerability is due to insufficient bounds checking performed on certain FTP command responses. Specifically, CuteFTP does not adequately check the responses to a LIST command.

An attacker can exploit this vulnerability by enticing a victim user to connect to an attacker-controlled FTP server. When the victim user sends a LIST command, the attacker-controlled server will respond with an overly long response, consisting of greater then 256 characters, to the vulnerable client. This will trigger the buffer overflow condition and will cause CuteFTP to behave unpredictably.

Exploitation may result in the execution of malicious attacker-supplied code with the privileges of the CuteFTP client.

This vulnerability was reported for CuteFTP 5.0 build 50.6.10.2.

1. CVS Directory Request Double Free Heap Corruption Vulnerability BugTraq ID: 6650 Remote: Yes Date Published: Jan 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6650 Summary:

CVS is the concurrent versioning system. CVS is a freely available, open source software development package for the Unix, Linux, and Microsoft Windows platforms.

CVS is prone to a double free vulnerability in Directory requests. Malformed Directory requests may potentially cause dynamically allocated memory to be de-allocated twice, using the free() function.

An attacker may potentially take advantage of this issue to cause heap memory to be corrupted with attacker-supplied values, which may result in execution of arbitrary code in the security context of the CVS server.

1. Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability BugTraq ID: 6659 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6659 Summary:

Apache is a freely available Web server for Unix and Linux variants, as well as Microsoft operating systems.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported in Apache Web server for Microsoft Windows 9x/Me operating environments. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, the issue exists due to the way some CGI input is redirected when the ScriptAlias directive is enabled.

The ScriptAlias directive is used to map between URLs and paths residing outside of the DocumentRoot. This directive also enables the target directory as containing only CGI scripts.

An attacker can exploit this vulnerability by making a malformed HTTP POST request to 'con.xxx' in a directory enabled with ScriptAlias. When this malformed POST data is sent to a CGI, it may result in any malicious code to be executed by the requested CGI.

This vulnerability exists for Apache versions prior to 2.0.44 for Microsoft Windows 9x/Me operating environments.

1. Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability BugTraq ID: 6660 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6660 Summary:

Apache is a freely available Web server for Unix and Linux variants, as well as Microsoft operating systems.

A vulnerability has been reported in Apache Web server for Microsoft Windows operating environments. The vulnerability exists in the way some HTTP requests are handled by the Apache Server. Any HTTP requests that end in some illegal characters will cause the server to disclose the contents of certain files to a remote attacker.

It has been reported that an HTTP request that ends in the '>' character will cause the Apache Web server to serve certain files to the remote attacker. Any information obtained in this manner may be used by the attacker to launch further attacks against a vulnerable system.

This vulnerability exists for Apache versions prior to 2.0.44 for Microsoft Windows operating environments.

1. Apache Web Server Default Script Mapping Bypass Vulnerability BugTraq ID: 6661 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6661 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Apache is a freely available Web server for Unix and Linux variants, as well as Microsoft operating systems.

A vulnerability has been reported in the Apache Web browser that may result in the server bypassing existing default mappings when serving files.

The vulnerability exists when making requests for files in directories with extensions. The vulnerability may cause the Web server to incorrectly parse the requested file.

An attacker may be able to make a request for www.target.com/folder.php/test. The request for the file test should be served as a text file but due to some flaws in the mapping algorithm, the file 'test' will be interpreted as a PHP script.

This may have unintended consequences on users and the system.

This vulnerability was reported to affect Apache versions prior to 2.0.44.

1. Microsoft Content Management Server Cross-Site Scripting Vulnerability BugTraq ID: 6668 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6668 Summary:

Microsoft Content Management Server (MCMS) 2001 is an Enterprise Server product used for developing and managing E-Commerce web sites. MCMS contains pre-defined ASP web pages which are used to update web sites.

A vulnerability has been discovered in one of the pre-defined ASP pages included in MCMS. Due to insufficient sanitization of user-supplied data by the ASP page, MCMS may be prone to cross-site scripting attacks. The issue occurs when constructing a response page which relies on various user-supplied values.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

By constructing a malicious link an attacker may be able to trick an unsuspecting user into triggering this vulnerability. This could be used to steal a user's private information, such as cookie-based authentication credentials. Other attacks are also possible.

• This issue may be the same vulnerability described in BID 5922. If this turns out to be the case, this BID will be retired and the previous BID will be updated accordingly.
  1. Evolvable Shambala FTP Server CWD Denial Of Service Vulnerability BugTraq ID: 6653 Remote: Yes Date Published: Jan 18 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6653 Summary:

Shambala Server is a FTP, Web, and Chat server targeted for the Small Office/Home Office user. It has been designed for use with Microsoft Windows operating sytems.

A denial of service vulnerability has been reported in the Shambala FTP server.

Shambala reportedly crashes when a FTP user executes a 'CWD' (change working directory) command, specifying the root (/) directory. Successful exploitation will result in a denial of service. The service will need to be restarted to regain normal functionality.

This vulnerability was reported to affect Shambala Server version 4.5. Earlier versions may also be affected.

1. YABB SE Packages.PHP Remote File Include Vulnerability BugTraq ID: 6663 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6663 Summary:

YaBB SE is a freely available, open source port of Yet Another Bulletin Board (YaBB). It is available for a number of platforms include Unix, Linux, and Microsoft Windows operating systems.

YaBB SE allows remote users to influence the location of an external script ('Packer.php') that is included by the 'Packages.php'. A remote attacker may exploit this condition to cause an external, attacker-supplied file to be included by YaBB SE. If the attacker includes malicious PHP code, then it may be executed.

This may allow a remote attacker to execute arbitrary commands in the context of the webserver.

1. WinRAR Archive File Extension Buffer Overrun Vulnerability BugTraq ID: 6664 Remote: No Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6664 Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

WinRAR is a compression utility capable of reading and writing files using several different archival formats. It is available for the Microsoft Windows Operating system.

A vulnerability has been discovered in WinRAR. The problem occurs when displaying an archive in the ListView Control window. If a file in the archive contains a file extension of 256 bytes or more, a buffer in WinRAR will be overrun. This may allow an attacker to construct a malicious WinRAR archive designed to overwrite sensitive values in memory.

It has been reported that it is possible for an attacker to exploit this issue to run arbitrary instructions. Commands executed in this manner would be run with the privileges of the vulnerable program.

1. PHPOutsourcing Zorum Remote Include Command Execution Vulnerability BugTraq ID: 6669 Remote: Yes Date Published: Jan 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6669 Summary:

Zorum is a freely available, open source PHP forum. It is available for UNIX, Linux, and Microsoft operating systems.

A problem could make it possible for remote users to execute arbitrary commands.

It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrary PHP script containing commands that may be carried out on the vulnerable host.

This problem could allow a remote attacker to execute arbitrary code with the privileges of the web server process. This could result the attacker gaining local access, and potentially elevated privileges.

1. Microsoft Windows MSGINA.DLL Read-Lock Denial Of Service Vulnerability BugTraq ID: 6672 Remote: No Date Published: Jan 23 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6672 Summary:

It has been reported that Microsoft Windows 2000 Terminal Servers and XP Pro are prone to a denial of service due to a problem with 'MSGINA.DLL'. This condition may be triggered by users who can successfully login to the server via RDP or ICA.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

'MSGINA.dll' is the vendor-supplied Graphical Identification and
Authentication dynamic-link library. 'MSGINA.DLL' is loaded by the WinLogon executable and helps to facilitate graphical client sessions.

If a malicious user causes a read-lock to be placed on
'%SYSTEMROOT%\SYSTEM32\MSGINA.DLL', the next user to log in will be
prompted with a dialog stating that 'MSGINA.DLL' failed to load and will be given the opportunity to restart the system.

An attacker may trigger this condition by opening the dynamic-link library with an external application, such as a hex editor.

20. YaBB SE News.PHP Remote File Include Vulnerability BugTraq ID: 6674
Remote: Yes
Date Published: Jan 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6674
Summary:

YaBB SE is a freely available, open source port of Yet Another Bulletin Board (YaBB). It is available for a number of platforms include Unix, Linux, and Microsoft Windows operating systems.

A vulnerability has been discovered in YaBB SE. Due to insufficient sanitization of some user-supplied variables by the 'News.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL. An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the
'$template' parameter.

If the remote file is a malicious PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. Successful exploitation may provide local access to the attacker.

This vulnerability was reported for YaBB SE 1.5.1 and earlier.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

III. MICROSOFT FOCUS LIST SUMMARY

1. Attacking EFS through cached domain logon credentials (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/308274

2. At.exe Service Account - scripted or registry? (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/308265

3. Win2k log management (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/308271

4. AD replication over WAN (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/308262

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. Securing IIS/5 with ASP (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/308267

6. w2k server compromised (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/308273

7. Bypass Traverse Checking? (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/308260

8. Stopping Admin Alert SPAM (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/308139

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

9. Fw: Bypass Traverse Checking? (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/308127

1. SecurityFocus Microsoft Newsletter #121 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/308129

1. Has this been exploited in a known virus yet? (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/308124

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. MXtreme Mail Firewall by BorderWare Technologies Platforms: N/A Relevant URL: http://www.mxtreme.com/ Summary:

MXtreme is designed to support the highest throughputs. With its integrated hardened OS and optimized mail servers, MXtreme minimizes the latency usually associated with intense security processing. Three models are available: MX-200 - for small enterprises, mini 1U format, Pentium 4 performance and Fast Ethernet. MX-400 -for medium sized enterprises and organizations, 1U format, ATA RAID and GB Ethernet. MX-800 -for high-volume sites, 2U format, RAID 0 + 1, redundant power-supplies, GB Ethernet.

2. Contactless Smart Card Reader
by HID Corporation
Platforms: N/A
Relevant URL:
http://www.hidcorp.com/products/smart/mifare_reader.html Summary:

HID's affordable SmartCard access control readers utilize MIFARE® technology to read 13.56 MHz contactless proximity cards, as well as smart cards.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. ActivCard Gold
by ActivCard
Platforms: , Windows 2000, Windows 95/98, Windows NT Relevant URL:
http://www.activcard.com/activ/products/end_user/activ_card_gold/index.html Summary:

ActivCard Gold is a smart card-based authentication and managed digital identity solution that operates on multi-vendor platforms. ActivCard Gold software works with leading card operating systems, applications, certificate authorities, and network environments-giving organizations the flexibility to make price/performance choices. Cardholders and administrators benefit from the optimal combination of security, usability, and manageability.

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. ABC CHAOS v2.1 by Investment Resources Group Relevant URL: http://www.safechaos.com/abc.htm Platforms: Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP Summary:

Easily encrypt files into your personal data archive. You can be confident that the data is safely secured. The additional special protection completely excludes an opportunity of selection of the password to the encrypted information at use of the generator of the passwords and keys.

2. DSCMD - DataSAFE Command Line Encryptor v2.0 by Regnoc Software
Relevant URL:
http://www.regnoc.com
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

DSCMD allows you to encrypt source files for secure storage, transmission via the Internet, and e-mail attachments. Only someone who knows the eight-character locking combination can recover the contents of the encrypted file. DSCMD is completely command-line driven, and simple to integrate into your programs and scripts on both Windows NT and Linux servers.

3. FileHasher v1.0
by Arne Vidstrom
Relevant URL:
http://www.ntsecurity.nu/toolbox/filehasher/ Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

FileHasher calculates the MD5 or SHA hash for a file.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

VI. SPONSOR INFORMATION

Spooked about Windows security? Find solutions instead. Plan now to attend the Black Hat Briefings & Training Windows Security conference, February 25-28 in Seattle, the world's premier technical event for Windows and .Net security experts. This event is fully supported by Microsoft.

The Training on February 25-26 features 7 two-day courses on the hottest subjects. The Briefings on February 27-28 features 30 of the top industry speakers presenting topics in 6 tracks. Visit www.blackhat.com to see why top security experts rave about the Black Hat Briefings.