SecurityFocus Microsoft Newsletter #136

From: John Boletta <jboletta(at)securityfocus.com>
Date: Mon May 12 2003 - 12:38:39 EDT

SecurityFocus Microsoft Newsletter #136

---

This issue is sponsored by: KaVaDo

The only integrated Web Application Security Suite

---

ScanDo - Web Application Scanner
InterDo - Web Application Firewall

KaVaDo Inc., Web Application Security without Compromise Read more at: http://www.securityfocus.com/Kavado-ms-secnews

---

I. FRONT AND CENTER

1. Starting from Scratch: Formatting and Reinstalling after a...
2. The Nowhere Men II. MICROSOFT VULNERABILITY SUMMARY
3. Mirabilis ICQ POP3 Client UIDL Command Format String Vulnerability
4. Mirabilis ICQ POP3 Client Date Field Signed Integer Overflow...
5. Mirabilis ICQ Message Session Window Denial Of Service...
6. Mirabilis ICQ GIF Parsing Denial Of Service Vulnerability
7. Mirabilis ICQ POP3 Client Subject Field Signed Integer...
8. Mirabilis ICQ Features On Demand Remote Command Execution...
9. Mod_Survey SYSBASE Disk Resource Consumption Denial of Service...
10. MySQL Weak Password Encryption Vulnerability
11. Microsoft Internet Explorer DHTML AnchorClick Partial Denial...
12. Floosietek FTGate PRO SMTP RCPT TO Buffer Overflow Vulnerability
13. CommuniGate Pro Webmail Session Hijacking Vulnerability
14. Floosietek FTGate PRO SMTP MAIL FROM Buffer Overflow...
15. MDG Web Server 4D HTTP Command Buffer Overflow Vulnerability
16. Sun ONE Directory Server Unprivileged LDAP Operation Denial Of...
17. Leksbot Multiple Unspecified Vulnerabilities
18. Ethereal Multiple Dissector One Byte Buffer Overflow...
19. Ethereal Mount Dissector Integer Overflow Vulnerability
20. Ethereal PPP Dissector Integer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY
21. (prevent + detect Arp spoofing) + Securing Terminal Services...
22. (prevent + detect Arp spoofing) + Securing Terminal Services...
23. Article Announcement: Starting from Scratch: Formatting and...
24. IPSEC through Ms ISA Server (Thread)
25. p2p and ISA (Thread)
26. Timbuktu, etc. (Thread)
27. SuS update's (Thread)
28. Article Announcement: Madonna's Borderline MP3 Tactics (Thread)
29. Article Announcement: Auditing Web Site Authentication, Part...
30. SecurityFocus Microsoft Newsletter #135 (Thread)
31. Microsoft and Bluetooth (Thread)
32. Outlook Security Settings removed (Thread)
33. AD Question (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
34. Enterprise Manager
35. WebProxy 2.1
36. AuditPro Suite
37. NEW TOOLS FOR MICROSOFT PLATFORMS
38. SSHVnc v0.0.2 Alpha
39. nProbe v2.0
40. Active@ File Recovery VI. SPONSOR INFORMATION
41. FRONT AND CENTER

    ---

42. Starting from Scratch: Formatting and Reinstalling after a Security Incident By Matthew Tanase

This article will examine the process of starting over, and more specifically, reinstalling after a security incident.

http://www.securityfocus.com/infocus/1692

2. The Nowhere Men
By George Smith

Unemployed virus writers take heart: the recording industry is hiring cyber miscreants to attack its own customers. And we thought you'd never amount to anything.

http://www.securityfocus.com/columnists/160

II. BUGTRAQ SUMMARY

---

1. Mirabilis ICQ POP3 Client UIDL Command Format String Vulnerability BugTraq ID: 7461 Remote: Yes Date Published: May 05 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7461 Summary:

Mirabilis ICQ is an instant messenger client for a number of platforms including Microsoft Windows, MacOS and Palm systems. ICQ provides an integrated POP3 client that is used to communicate via e-mail. The POP3 client is a COM object embedded in the POP3.dll library.

Each message generated by the POP3 client is given a unique identification number (UIDL), which is determined by the server. This id consists of up to 70 bytes of data from a limited character set.

A format string vulnerability has been discovered in the ICQ POP3 client when handling the identification string. It is likely that the problem presents itself due to a programming error in a function used to handle UIDL command server response strings.

By impersonating a valid POP3 server, an attacker may send malicious format string specifiers, embedded in the unique id of an e-mail message destined for the ICQ POP3 Client. When the message header is processed the malicious format string specifiers may be interpreted. As a result, it may be possible for sensitive locations in memory to be corrupted. This may ultimately result in the execution of attacker-supplied code.

2. Mirabilis ICQ POP3 Client Date Field Signed Integer Overflow Vulnerability BugTraq ID: 7463
Remote: Yes
Date Published: May 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7463
Summary:

Mirabilis ICQ is an instant messenger client for a number of platforms including Microsoft Windows, MacOS and Palm systems. ICQ provides an integrated POP3 client that is used to communicate via e-mail. The POP3 client is a COM object embedded in the POP3.dll library.

A vulnerability has been reported for the POP3 client of ICQ that may result in the execution of arbitrary attacker-supplied commands.

The vulnerability exists due to insufficient boundary checks performed by the integrated POP3 mail client when verifying the length of certain e-mail header fields. Specifically, the length of the 'Date' header is stored within a 16 bit signed integer. As a result, by supplying excessive data within the 'Date' field it may be possible to wrap the signed integer, resulting in a negative value.

An attacker can exploit this vulnerability by crafting an e-mail with an overly long 'Date' field, consisting of at least 32000 bytes of data, and sending it to a victim user. This will effectively overflow the sign of an internally stored variable and result in an unexpected miscalculation by the application.

Successful exploitation of this issue may allow an attacker to overwrite sensitive memory with malicious values, which will result in the client throwing an unhandled exception and crashing.

Exploitation of this issue may also result in the execution of attacker-supplied code.

This vulnerability was reported for Mirabilis ICQ 2003a and earlier.

3. Mirabilis ICQ Message Session Window Denial Of Service Vulnerability BugTraq ID: 7465
Remote: Yes
Date Published: May 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7465
Summary:

Mirabilis ICQ is an instant messenger client for a number of platforms including Microsoft Windows, MacOS and Palm systems.

Each ICQ message window (message session) contains an advertisement that the client requests from an ADS server. This advertisement is obtained by making a specially crafted HTTP request to the ADS server for a randomized HTML file. Aside from the randomized file name, the request is made to a static location.

No authentication is performed between the ICQ client and the ADS server during this transaction.

A denial of service vulnerability has been discovered in HTML rendering library used by Mirabilis ICQ to process advertisement code. The problem occurs due to the library failing to handle specific malformed HTML table tag attributes. Specifically, a table tag containing a 'width' attribute with a value of '-1' will trigger a denial of service. The affected client program will freeze the systems CPU utilization will rise to 100%.

An attacker may be capable of exploiting this vulnerability due to the lack of authentication while obtaining the advertisement. By impersonating the ADS server it may be possible for ICQ client requests to be made to an attacker-controlled server. This may result in malicious HTML advertisements being rendered within a message session.

4. Mirabilis ICQ GIF Parsing Denial Of Service Vulnerability BugTraq ID: 7466
Remote: Yes
Date Published: May 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7466
Summary:

ICQ is an instant messenger client for a number of platforms including Microsoft Windows systems.

ICQ is prone to a denial of service condition when parsing GIF89a headers. This condition exists in 'icqateimg32.dll', which is the native ICQ GIF parsing/rendering library.

This issue is due to a flaw in how 'icqateimg32.dll' decodes GIF files. The library expects either an existing GCT (Global Color Table) or an LCT
(Local Color Table) in the header when attempting to decode a GIF file.
If none of these tables exist in the header, the library will fail when attempting to render the GIF file. This will cause ICQ to crash, leading to a denial of service.

An attacker will be able to exploit this issue by passing a GIF with a specially crafted header for processing by the GIF parsing/rendering library.

5. Mirabilis ICQ POP3 Client Subject Field Signed Integer Overflow Vulnerability BugTraq ID: 7462
Remote: Yes
Date Published: May 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7462
Summary:

Mirabilis ICQ is an instant messenger client for a number of platforms including Microsoft Windows, MacOS and Palm systems. ICQ provides an integrated POP3 client that is used to communicate via e-mail. The POP3 client is a COM object embedded in the POP3.dll library.

A vulnerability has been reported for the POP3 client of ICQ that may result in the execution of arbitrary attacker-supplied commands.

The vulnerability exists due to insufficient boundary checks performed by the integrated POP3 mail client when verifying the length of certain e-mail header fields. Specifically, the length of the 'Subject' header is stored within a 16 bit signed integer. As a result, by supplying excessive data within the 'Subject' field it may be possible to wrap the signed integer, resulting in a negative value.

An attacker can exploit this vulnerability by crafting an e-mail with an overly long Subject field, consisting of at least 33000 characters, and sending it to a victim user. This will effectively result in an unexpected miscalculation by the application.

Successful exploitation of this issue may allow an attacker to overwrite sensitive memory with malicious values which will result in the client throwing an unhandled exception and crashing.

Exploitation of this issue may also result in the execution of attacker-supplied code.

This vulnerability was reported for Mirabilis ICQ 2003a and earlier.

6. Mirabilis ICQ Features On Demand Remote Command Execution Vulnerability BugTraq ID: 7464
Remote: Yes
Date Published: May 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7464
Summary:

ICQ is an instant messenger client for a number of platforms including Microsoft Windows.

The ICQ Features on Demand allows users to download and install ICQ add-on client software such as ICQ Phone and ICQ Web Search.

Features on Demand uses a hardcoded URL from which it retrieves add-on installation packages. The DataURL value is found in the 'Packages.ini' file under the heading '[General]'.

When Features on Demand is invoked, it connects to this URL in order to download the appropriate packages, but it does not verify the authenticity of the package in any way. This could allow a malicious user to impersonate the package repository service through some other attack, such as DNS poisoning. Any malicious package supplied to ICQ will be executed with the permissions of the user running ICQ.

Features on Demand was introduced in ICQ 2002a and is available in subsequent versions.

7. Microsoft MN-500 Plaintext Password Disclosure Weakness BugTraq ID: 7496
Remote: Yes
Date Published: May 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7496
Summary:

The MN-500 Wireless Base Station provides a wireless networking solution to home and business networks.

A weakness has been reported for the MN-500 device that may result in the disclosure of administrative credentials to remote attackers. Reportedly, the issue exists due to backup configuration files storing administrative passwords in a plaintext format.

An attacker who is able to obtain the backup configuration file is able to obtain the administrative password.

8. Mod_Survey SYSBASE Disk Resource Consumption Denial of Service Vulnerability BugTraq ID: 7498
Remote: Yes
Date Published: May 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7498
Summary:

Mod_Survey is an Apache module designed to process and display XML-based questionnaires and surveys. It is available for the Linux, Unix, and Microsoft Windows operating systems.

The SYSBASE variable is used by Mod_Survey when accessing requests survey files. The value of SYSBASE is initialized to the location of the survey file and is used to create a subdirectory for the storage of various survey related files including cache files and questionnaire response data. The subdirectory is placed within the central data repository, typically /usr/local/mod_survey/data.

A vulnerability has been discovered in Mod_Survey when handling requests for nonexistent surveys. Before verifying the existence of a requested survey file the SYSBASE variable is initialized, triggering the creation of an unneeded directory. The validity of the requested survey file is subsequently verified.

Exploitation of this vulnerability may allow an attacker to carry out a denial of service attack, designed to consume available hard disk space or inodes. The consumption of resources may cause a target server to crash.

This vulnerability affects Mod_Survey versions prior to 3.0.15.

9. MySQL Weak Password Encryption Vulnerability BugTraq ID: 7500
Remote: No
Date Published: May 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7500
Summary:

MySQL is an open source relational database project. It is available for the Microsoft Windows, Linux, and Unix operating systems.

MySQL has been reported prone to a weak password encryption algorithm. It has been reported that the MySQL function used to encrypt MySQL passwords makes just one pass over the password and employs a weak left shift based cipher. The output of this function results in a password hash of low entropy. Due to the base complexity of the algorithm used to create the MySQL password hash, the hash may be cracked in little time using a bruteforce method to create an identical hash and thereby guess the clear text password.

An attacker may use information recovered in this way to aid in further attacks launched against the underlying system.

1. Microsoft Internet Explorer DHTML AnchorClick Partial Denial Of Service Vulnerability BugTraq ID: 7502 Remote: Yes Date Published: May 05 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7502 Summary:

Microsoft Internet Explorer has been reported prone to a denial of service condition when handling certain DHTML objects.

It has been reported that, while using the DHTML 'A' 'AnchorClick' object, an attacker may specify a folder instead of a HREF style URL link. While the latter is within normal specifications of the DHTML language, if the attacker leaves this field blank and supplies the link to an unsuspecting user, upon following the malicious link, Internet Explorer will fail. This issue is believed to be as a result of an illegal exception thrown while attempting to access a null pointer.

This issue will only affect the active Internet Explorer window, inactive Internet Explorer windows are not affected.

It should be noted that, although this vulnerability has been reported to affect Internet Explorer version 6.0 SP1, previous versions might also be affected.

1. Floosietek FTGate PRO SMTP RCPT TO Buffer Overflow Vulnerability BugTraq ID: 7508 Remote: Yes Date Published: May 06 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7508 Summary:

Floosietek FTGate PRO is a mail server for the Microsoft Windows operating system.

A buffer overflow vulnerability has been reported for FTGate PRO mail server. The vulnerability exists when the mail server attempts to process overly long SMTP 'Rcpt To' arguments. Specifically, when the mail server processes a malicious 'Rcpt To' e-mail address consisting of more than 2017 characters, the mail server will crash. This is reportedly due to the exception handler being corrupted. Although unconfirmed, due to the nature of this vulnerability the condition may be exploited to execute attacker-supplied arbitrary code with the privileges of the SYSTEM user.

This vulnerability was reported for FTGate PRO 1.22 Hotfix(1328). It is likely that previous versions are also affected.

1. CommuniGate Pro Webmail Session Hijacking Vulnerability BugTraq ID: 7501 Remote: Yes Date Published: May 05 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7501 Summary:

CommuniGate Pro is an internet messaging server. CommuniGate Pro includes a webmail service to allow access to mailboxes via HTTP. It is available for a number of platforms including Unix and Linux variants and Microsoft Windows operating systems.

CommuniGate Pro Webmail has been reported prone to a session hijacking vulnerability. The vulnerability presents itself when the victim views an image or similar resource embedded in a HTML web-mail. Specifically the current session ID used in CommuniGate Pro Webmail is sent, as the 'referrer' field, in the HTTP header of a request made for an image embedded in a malicious e-mail.

The attacker may intercept the HTTP header and extract the URL data contained in the 'referrer' field. The attacker may then follow the URL to hijack the current user session.

1. Floosietek FTGate PRO SMTP MAIL FROM Buffer Overflow Vulnerability BugTraq ID: 7506 Remote: Yes Date Published: May 06 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7506 Summary:

Floosietek FTGate PRO is a mail server for the Microsoft Windows operating system.

A buffer overflow vulnerability has been reported for FTGate PRO mail server. The vulnerability exists when the mail server attempts to process overly long SMTP 'Mail From' arguments. Specifically, when the mail server processes a malicious 'Mail From' e-mail address consisting of more than 2017 characters, the mail server will crash. This is reportedly due to the exception handler being corrupted. Although unconfirmed, due to the nature of this vulnerability the condition may be exploited to execute attacker-supplied arbitrary code with the privileges of the SYSTEM user.

This vulnerability was reported for FTGate PRO 1.22 Hotfix(1328). It is likely that previous versions are also affected.

1. MDG Web Server 4D HTTP Command Buffer Overflow Vulnerability BugTraq ID: 7479 Remote: Yes Date Published: May 01 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7479 Summary:

MDG Web Server 4D is a HTTP Server implemented on top of the 4th Dimension relational database. It runs on Microsoft Windows and Apple MacOS operating systems.

A buffer overflow vulnerability has been reported for MDG Web Server. The vulnerability exists when the web server attempts to process overly long HTTP requests. Specifically, when the web server processes a malformed HTTP request consisting of "<" or ">" characters, the web server will crash. This will result in a denial of service condition.

Although unconfirmed, this vulnerability may be exploited to execute attacker-supplied code with the privileges of the vulnerable web server.

The affected service must be restarted to restore normal functionality.

This vulnerability was reported for MDG Web Server 4D 3.60. It is likely that other versions are also affected.

1. Sun ONE Directory Server Unprivileged LDAP Operation Denial Of Service Vulnerabliity BugTraq ID: 7478 Remote: Yes Date Published: May 01 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7478 Summary:

Sun ONE Directory Server is a LDAP directory server available for a variety of platforms including Sun Solaris, AIX, Microsoft Windows and Linux and Unix variant systems.

A denial of service vulnerability has been reported for Sun ONE Directory Server. The vulnerability has been reported to occur when certain LDAP operations are made.

This vulnerability can be exploited by remote attackers to cause the ns-slapd service to crash.

Precise technical details of this vulnerability are currently unknown. This BID will be updated as further information becomes available.

1. Leksbot Multiple Unspecified Vulnerabilities BugTraq ID: 7505 Remote: No Date Published: May 06 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7505 Summary:

Leksbot is a freely available dictionary of botanical terms. It is available for a variety of platforms including Microsoft Windows and Linux systems.

Multiple vulnerabilities have been reported for Leksbot. The precise nature of these vulnerabilities are currently unknown however, exploitation of this issue may result in an attacker obtaining elevated privileges.

Reportedly, in some installations of Leksbot, the /usr/bin/KATAXWR is unnecessarily configured to be a setuid root binary. Systems configured in this manner may be prone to a security risk, as an attacker may be capable of gaining root privileges.

These vulnerabilities have been confirmed to affect Debian installations of Leksbot. Although unconfirmed, Leksbot installations on other systems may also be prone to this issue.

This BID will be updated as further information is available.

1. Ethereal Multiple Dissector One Byte Buffer Overflow Vulnerabilities BugTraq ID: 7493 Remote: Yes Date Published: May 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7493 Summary:

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project and is available for most Unix and Linux variants as well as Microsoft Windows operating systems.

Several dissectors included with Ethereal are vulnerable to buffer overflow conditions. Specifically, the dissectors were using the tvb_get_nstringz() and tvb_get_nstringz0() functions in an unsafe manner. Exploitation of this issue will allow an attacker to overflow memory buffers by one byte. The AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors are vulnerable to this issue.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

An attacker may be able to exploit this vulnerability by crafting a specially formed packet and sending it to a system using the vulnerable dissectors or by convincing a victim user to use Ethereal to read a malformed packet trace file.

Due to the nature of this vulnerability, it may be possible for an attacker to create a situation in which sensitive memory could be overwritten. If successful this may allow for the execution of arbitrary code with the privileges of the Ethereal process.

This vulnerability affects Ethereal 0.9.11 and earlier.

1. Ethereal Mount Dissector Integer Overflow Vulnerability BugTraq ID: 7494 Remote: Yes Date Published: May 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7494 Summary:

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project and is available for most Unix and Linux variants as well as Microsoft Windows operating systems.

The Mount dissector of Ethereal is prone to an integer overflow vulnerability.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

An attacker may be able to exploit this vulnerability by crafting a specially formed packet and sending it to a system using the Mount dissector or by convincing a victim user to use Ethereal to read a malformed packet trace file.

Due to the nature of this vulnerability it may be possible for an attacker to create a situation in which sensitive memory could be corrupted. If successful, this may cause Ethereal to behave in an unpredictable manner.

This vulnerability affects Ethereal 0.9.11 and earlier.

1. Ethereal PPP Dissector Integer Overflow Vulnerability BugTraq ID: 7495 Remote: Yes Date Published: May 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7495 Summary:

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project and is available for most Unix and Linux variants as well as Microsoft Windows operating systems.

The PPP dissector of Ethereal is prone to an integer overflow vulnerability.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

An attacker may be able to exploit this vulnerability by crafting a specially formed packet and sending it to a system using the PPP dissector or by convincing a victim user to use Ethereal to read a malformed packet trace file.

Due to the nature of this vulnerability it may be possible for an attacker to create a situation in which sensitive memory could be corrupted. If successful, this may cause Ethereal to behave in an unpredictable manner.

This vulnerability affects Ethereal 0.9.11 and earlier.

20. FlashFXP User Password Encryption Weakness BugTraq ID: 7499
Remote: No
Date Published: May 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7499
Summary:

FlashFXP is a FTP implementation that allows client-server file transfers in addition to site-to-site file transfers. It is available for Microsoft Windows.

FlashFXP uses a trivially reversible algorithm to encode FTP user credentials. FTP user passwords are encrypted using XOR with a weak key. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credentials for remote sites.

If credentials are used for multiple services or sites, it may permit attackers to gain unauthorized access to those services as well.

III. MICROSOFT FOCUS LIST SUMMARY

---

1. (prevent + detect Arp spoofing) + Securing Terminal Services (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/320932

2. (prevent + detect Arp spoofing) + Securing Terminal Services (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/320915

3. Article Announcement: Starting from Scratch: Formatting and Reinstalling after a Security Incident (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/320904

4. IPSEC through Ms ISA Server (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/320903

5. p2p and ISA (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/320902

6. Timbuktu, etc. (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/320901

7. SuS update's (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/320810

8. Article Announcement: Madonna's Borderline MP3 Tactics (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/320540

9. Article Announcement: Auditing Web Site Authentication, Part Two (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/320541

1. SecurityFocus Microsoft Newsletter #135 (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/320491

1. Microsoft and Bluetooth (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/320483

1. Outlook Security Settings removed (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/320481

1. AD Question (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/320327

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

---

1. Enterprise Manager by TNT Software Platforms: Windows 2000, Windows NT, Windows XP Relevant URL: http://www.tntsoftware.com/products/ELM3/EEM31/ Summary:

ELM Enterprise Manager gives IT administrators and managers the power to see the health and status of distributed systems with a single glance by combining the following core functions into a feature-packed, reliable, and scalable application: - Real-Time and Scheduled Monitoring - Rules-Based Management System - Rich Notification and Corrective Action - Data collection, Archiving and Reporting

2. WebProxy 2.1
by @stake
Platforms: Linux, Solaris, Windows 2000, Windows NT, Windows XP Relevant URL:
http://www.ngsec.com/ngproducts/ngsw/
Summary:

WebProxy is a powerful interactive security tool that helps software developers, quality engineers, and security professionals test and enhance the security of Web applications. Release 2.1 of WebProxy replaces all earlier releases, and is available for sale to enterprise customers and independent security consultants. Sitting between the developer's browser and the Web application, WebProxy acts as a 'proxy' to let the developer observe precisely how the Web application responds to staged attacks, such as those that use buffer overflows, SQL injection, cookie manipulation, cross-site scripting or parameter manipulation. By identifying security vulnerabilities while the software is still in development, companies can more cost-effectively improve the overall security of any Web application.

3. AuditPro Suite
by Network Intelligence India Pvt. Ltd.
Platforms: AIX, Linux, Solaris, SunOS, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.atstake.com/webproxy/
Summary:

AuditPro for Windows is our most advanced and fastest-selling auditing product. A product that came about from our own requirement as auditors to automate the process, it now carries out more than 85 Windows specific checks. Its greatest selling feature is not just its comprehensiveness
(although, we are yet to find another equivalent product), but its
detailed and comprehensive reporting capability. It also comes with the Audit Central Console (ACC), a centralized controlling software that allows you to control the audits of any Windows Server in your organization with the click of a button. Once the Auditing Engine is installed locally, you can schedule the Auditing and Control it from the ACC. Continuing in the tradition of tools such as COPS and SARA, we introduce AuditPro for Unix. AuditPro differs from Vulnerability Scanners such as Nessus, in that it does not scan for possible vulnerabilities but mainly for mis-configurations or signs of a system compromise. AuditPro for Oracle audits the Oracle Database Security. It checks for system mis-configurations, insecure parameters, open privileges, roles, users, profiles, etc. It also checks for insecure permissions on system critical tables, and user-defined tables. Additionally, AuditPro for Oracle provides unique features such as the Baseline, which will snapshot your database for comparisons with future audits in order to determine suspicious or unauthorized changes. Microsoft's SQL Server has had some very critical security flaws being discovered and exploited in the past couple of years. Most of these vulnerabilities could have been protected against, had the servers been patched and security measures followed. AuditPro for SQL is designed to help you detect any unpatched servers, weak passwords, and all possible insecure configurations. APSQL automatically discovers all the SQL servers in your network and works with Named Instances as well. Future additions to the AuditPro suite: AuditPro for Sybase

V. NEW TOOLS FOR MICROSOFT PLATFORMS

---

1. SSHVnc v0.0.2 Alpha by Lee David Painter Relevant URL: http://www.sshtools.com Platforms: Os Independent Summary:

SSHVnc is a standalone Java VNC viewer that secures VNC a ccess by integrating the popular TightVNC viewer with the SSH Tools Java SSH API. It features a clean and easy to use interf ace.

2. nProbe v2.0
by Luca Deri
Relevant URL:
http://www.ntop.org/nProbe.html
Platforms: MacOS, POSIX, Windows 2000, Windows 3.x, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:

nProbe is a Netflow V5 probe characterized by portability to Unix and Windows environments, a small memory footprint (less than 2MB of memory regardless of the size of the network), and low CPU usage. It is designed for running in environments with limited resources.

3. Active@ File Recovery v2.0
by Active@ Data Recovery Services
Relevant URL:
http://www.file-recovery.net/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

Active@ File Recovery is a powerful software utility, designed to restore accidentally deleted files and directories. It allows you to recover files that have been deleted from the Recycle Bin, as well as those deleted after avoiding the Recycle Bin (e.g. Shift-Delete).

VI. SPONSOR INFORMATION

---

This issue is sponsored by: KaVaDo

The only integrated Web Application Security Suite

---

ScanDo - Web Application Scanner
InterDo - Web Application Firewall

KaVaDo Inc., Web Application Security without Compromise Read more at: http://www.securityfocus.com/Kavado-ms-secnews

---

Received on Mon May 12 14:34:13 2003