SecurityFocus Microsoft Newsletter #126

SecurityFocus Microsoft Newsletter #126

This issue is sponsored by: Captus Networks

Instantly identify and automatically stop:

• DDoS Attacks
• Port Scans
• Exploits from Unknown Worms and Viruses

With precise, real-time responses. Hands-on, online demo--launch and mitigate live attacks. Visit us at:
http://www.captusnetworks.com/landing_pages/sfm

I. FRONT AND CENTER

1. Exchange 2000 in the Enterprise: Tips and Tricks Part Three
2. Richard Clarke's Legacy of Miscalculation
3. SecurityFocus DPP Program
4. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL) II. MICROSOFT VULNERABILITY SUMMARY
5. IBM Lotus Domino Web Server iNotes s_ViewName/Foldername...
6. IBM Lotus iNotes ActiveX Control Buffer Overflow Vulnerability
7. Microsoft Riched20.dll Attribute Buffer Overflow Vulnerability
8. PHP CGI SAPI Code Execution Vulnerability
9. IBM Lotus Domino HTTP Redirect Buffer Overflow Vulnerability
10. BitchX Malformed RPL_NAMREPLY Denial Of Service Vulnerability III. MICROSOFT FOCUS LIST SUMMARY
11. Windows2000 QuickLaunch (Thread)
12. MS Software Update Service (Thread)
13. AW: MS Software Update Service (Thread)
14. Restricting CmdExec Rights to Sysadmin (Thread)
15. Windows station permissions, remote control programs,lower...
16. AW: Restricting CmdExec Rights to Sysadmin (Thread)
17. [despammed] Defeating password cracking (Thread)
18. Windows station permissions, remote control programs, lower...
19. Defeating password cracking (Thread)
20. Website inside or outside domain (Thread)
21. Ye Olde OWA Topic (Was Website inside or outside domain)...
22. Unhappy face icon on NT 4 workstation (Thread)
23. SecurityFocus Microsoft Newsletter #125 (Thread)
24. website inside or outside the domain? (Thread)
25. Windows 2000 Static arp not static (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
26. Steganos Online Shield
27. East-Tec DiskSanitizer GOV
28. Disk Amnesia
29. NEW TOOLS FOR MICROSOFT PLATFORMS
30. PlexCrypt v3.1
31. Traffik tool Troll v0.7
32. labrea v2.5b1 VI. SPONSOR INFORMATION
33. FRONT AND CENTER

    ---

34. Exchange 2000 in the Enterprise: Tips and Tricks Part Three By Timothy M. Mullen

This is the second installment in a two-part series on securing Exchange 2000 in the enterprise. The last segment addressed the security ramifications of publishing mail content to the Internet via Outlook Web Access. This installment will discuss configuring IPSec between front-end and back-end OWA Servers as well as headers.

http://online.securityfocus.com/infocus/1668

2. Richard Clarke's Legacy of Miscalculation By George Smith

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The outgoing cybersecurity czar will be remembered for his steadfast belief in the danger of Internet attacks, even while genuine threats developed elsewhere.

http://online.securityfocus.com/columnists/143

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. IBM Lotus Domino Web Server iNotes s_ViewName/Foldername Buffer Overflow Vulnerability BugTraq ID: 6871 Remote: Yes Date Published: Feb 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6871 Summary:

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Microsoft Windows and Unix.

Lotus Domino iNotes Web Server does not perform adequate bounds checking on the s_ViewName/Foldername options of the PresetFields parameter. A buffer overflow condition can occur if excessively long strings are supplied as values for these fields when requesting web based mail services. This could result in sensitive areas of memory being overwritten to allow attacker-supplied code to be executed. This code would be executed in the security context of the account running the Domino Web Services.

2. IBM Lotus iNotes ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 6872
Remote: Yes
Date Published: Feb 17 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6872
Summary:

IBM Lotus iNotes is a web based messaging/collaboration application. Installation of support for iNotes on client systems includes an ActiveX control, "Lotus Domino Session ActiveX Control".

A buffer overflow vulnerability is reportedly present in this control. The condition is in the method "InitializeUsingNotesUserName()" and may be triggered if the method is called with a parameter of excessive length.

Maclious web content may invoke the control and exploit the vulnerability to execute instructions on target client systems. Furthermore, other applications which use the MSIE HTML rendering component may also be vulnerable if ActiveX support is enabled. It should be noted that any code executed would run with the privileges of the user who started MSIE.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Microsoft Riched20.dll Attribute Buffer Overflow Vulnerability BugTraq ID: 6874
Remote: No
Date Published: Feb 17 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6874
Summary:

Rich Text Format (RTF) files are parsed by the riched20.dll library on Windows platforms. This library is included in most versions of Windows and may also be installed by other applications that are required to parse .rtf files.

Reportedly, it is possible to overrun a buffer in riched20.dll, causing the calling application (such as Microsoft Outlook or Word) to fail. This buffer can be overrun by including more than 65536 bytes of data in an attribute label contained in the .rtf file. Arbitrary code execution may be possible.

This vulnerability may be related to BID 807.

• Some reports indicate that this vulnerability could not be reproduced on riched20.dll v.3.0 (5.30.23.1200) running on Windows NT. 4. PHP CGI SAPI Code Execution Vulnerability BugTraq ID: 6875 Remote: Yes Date Published: Feb 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6875 Summary:

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

An unspecified vulnerability has been reported in the CGI SAPI of PHP version 4.3.0.

Direct access to the CGI binary can be prevented by using the configuration option '--enable-force-cgi-redirect' and the php.ini option 'cgi.force_redirect'.

The report states that an unspecified bug could render these options useless, allowing a remote user to directly access the CGI binary. This could allow an attacker to read any file that is readable by the web server user, or to potentially execute arbitrary PHP code. The attacker would have to be able to inject the PHP code into a file accessible by the CGI binary, such as the web server access logs.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. IBM Lotus Domino HTTP Redirect Buffer Overflow Vulnerability BugTraq ID: 6870
Remote: Yes
Date Published: Feb 17 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6870
Summary:

Lotus Domino Server is an application framework for web based collaborative software. It runs on multiple platforms including Microsoft Windows and Unix.

It has been reported that Lotus Domino 6 is affected by a buffer overflow vulnerability. The condition occurs when the server constructs a HTTP redirect response.

According to the report, the client-supplied "HOST" HTTP header field is copied into a local buffer without bounds checking. Consequently, a buffer overflow occurs if the HOST parameter is of excessive length.

Attackers may exploit this vulnerability by identifying and then requesting, with a malicious HOST parameter in the request header, a specific document that causes the server to respond with a redirect.

Successful exploitation of this vulnerability may result in attackers gaining control of affected servers.

6. BitchX Malformed RPL_NAMREPLY Denial Of Service Vulnerability BugTraq ID: 6880
Remote: Yes
Date Published: Feb 18 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6880
Summary:

BitchX is a freely available, open source IRC client. It is available for Unix, Linux, and Microsoft operating systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with BitchX could make it possible for a malicious IRC server to crash a vulnerable client.

It has been reported that BitchX does not properly handle some types of replies contained in the RPL_NAMREPLY numeric. When a malformed reply is received by the client, the client crashes, resulting in a denial of service.

The problem occurs through the handling of the 353 IRC numeric. It is suspected that this vulnerability may also make possible the execution of arbitrary code. In the event that this is possible, code executed through this vulnerability would be in the context of the BitchX user. This could allow a remote attacker access to the system on which the affected client is running with the privileges of the BitchX user.

III. MICROSOFT FOCUS LIST SUMMARY

1. Windows2000 QuickLaunch (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312594

2. MS Software Update Service (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/312595

3. AW: MS Software Update Service (Thread) Relevant URL:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/88/312591

4. Restricting CmdExec Rights to Sysadmin (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312598

5. Windows station permissions, remote control programs,lower priviledge accounts (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312551

6. AW: Restricting CmdExec Rights to Sysadmin (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312547

7. [despammed] Defeating password cracking (Thread) Relevant URL:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/88/312549

8. Windows station permissions, remote control programs, lower priviledge accounts (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312548

9. Defeating password cracking (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/312358

1. Website inside or outside domain (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312264

1. Ye Olde OWA Topic (Was Website inside or outside domain) (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312267

1. Unhappy face icon on NT 4 workstation (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312266

1. SecurityFocus Microsoft Newsletter #125 (Thread) Relevant URL:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/88/312265

1. website inside or outside the domain? (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312248

1. Windows 2000 Static arp not static (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/312241

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. Steganos Online Shield by Steganos Platforms: Windows 2000, Windows 95/98, Windows XP Relevant URL: http://www.steganos.com/en/sos/index.htm Summary:

Features are: - Hackers can delete your data every time you are online. Protect yourself with the new Steganos Online Shield. - In the event of danger, simply cut the Internet connection. With one click. - No program can come in or go out without your permission: You are thus always in control. - Is your computer online while you are not there? No problem: you can be informed of averted attacks via SMS. - If you want, your PC will be "invisible" - thanks to CMP message blocker. Thanks to precise protocols, you always have a full overview of all processes. - Easy to use. - Protect yourself against hacker attacks: Send an omission mail to the provider!

2. East-Tec DiskSanitizer GOV
by EAST Technologies
Platforms: DOS, Linux, UNIX, Windows 2000, Windows 95/98, Windows NT Relevant URL:
http://www.east-tec.com/dsksanit/index.htm Summary:

East-Tec DiskSanitizer is a software product designed to remove all traces of information from a hard disk. East-Tec DiskSanitizer completely eliminates data from the entire hard disk: every sector and every bit of information is overwritten and destroyed beyond recovery. East-Tec DiskSanitizer is based on the East-Tec Advanced Data Removal Technology, a collection of highly secure data removal capabilities designed to provide protection against ALL methods of data recovery.

3. Disk Amnesia
by Professional Help Computer Services
Platforms: N/A
Relevant URL:
http://www.professionalhelp.com/diskamnesia.html Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Disk Amnesia(tm) is a low-level disk clearing and sanitization tool that uses the computer?s BIOS to identify all physical drives attached to the computer including SCSI drives (if the SCSI card has a BIOS installed).

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. PlexCrypt v3.1 by plexobject Relevant URL: http://www.plexobject.com/software/plexcrypt/index.html Platforms: AIX, HP-UX, IRIX, Linux, POSIX, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT Summary:

PlexCrypt is a GUI that allows a set of files or folders to compress using the Zip format. In addition, it encrypts and decrypts a set of files or a set of folders using AES, Blowfish, CAST, DES, ElGamal, IDEA, IES, RC4, RC6, RSA, Rijndael, Serpent Skipjack, Twofish, etc. It allows users to create digital signatures and digest and verify them. It also allows users to create and manage digital certificates for encryption and signatures.

2. Traffik tool Troll v0.7
by Alexander Newald alexander@newald.de
Relevant URL:
http://linux.newald.de/
Platforms: N/A
Summary:

The Traffik Tool Troll is a traffic monitoring and managing skript. Traffic statistics are generated by port, hour, day, month, and year. You can define a special period for your needs. The script is written in Perl and uses iptables and MySQL to get and store the traffic.

3. labrea v2.5b1
by Tom Liston tliston@hackbusters.net
Relevant URL:
http://labrea.sourceforge.net/
Platforms: Os Independent
Summary:

labrea is a program that creates a "sticky honeypot" by taking over unused IP addresses on a network and creating virtual machines that answer to connection attempts. labrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.

VI. SPONSOR INFORMATION

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Instantly identify and automatically stop:

• DDoS Attacks
• Port Scans
• Exploits from Unknown Worms and Viruses

With precise, real-time responses. Hands-on, online demo--launch and mitigate live attacks. Visit us at:
http://www.captusnetworks.com/landing_pages/sfm