SecurityFocus Microsoft Newsletter #143

From: <jboletta(at)securityfocus.com>
Date: Mon Jun 30 2003 - 12:22:26 EDT

('binary' encoding is not supported, stored as-is)

SecurityFocus Microsoft Newsletter #143

---

This Issue is Sponsored by: Tenable

Tenable Network Security offers a Vulnerability Management Product.
"Lightning 1.1 is a next-generation security software solution that
thoughtfully combines relevant security data from vulnerability scans and intrusion detection devices to help enterprises reduce network exposure. Its design is definitely unique and highly scalable when compared to others in our industry," says Ron Gula, President and CTO of Tenable.

Please visit: http://www.securityfocus.com/TenableSecurity-ms-secnews

---

I. FRONT AND CENTER

1. IDS Correlation of VA Data and IDS Alerts
2. RFID Chips Are Here
3. The SecurityFocus 4th Anniversary Contest II. MICROSOFT VULNERABILITY SUMMARY
4. Tutos File_Select.PHP Cross-Site Scripting Vulnerability
5. Power Server FTP Addon Remote USER/PASS Command Denial of...
6. phpBB Viewtopic.PHP SQL Injection Vulnerability
7. Power Server Remote GET Request Denial of Service Vulnerability
8. Power Server FTP Addon Plaintext Password Storage Weakness
9. Power Server FTP Addon Failure To Authenticate Vulnerability
10. MyServer Remote Denial Of Service Vulnerability
11. Tutos File_New Arbitrary File Upload Vulnerability
12. SurfControl Web Filter File Disclosure Vulnerability
13. Compaq Web-Based Management Agent Remote Stack Overflow Denia...
14. Compaq Web-Based Management Agent Access Violation Denial of...
15. Microsoft Internet Explorer HR Align Buffer Overflow...
16. Zope Invalid Query Information Disclosure Vulnerability
17. WebJeff Filemanager File Disclosure Vulnerability
18. WebJeff Filemanager Plain Text Password Storage Vulnerability
19. Zope Empty Upload Information DisclosureVulnerability
20. Power Server FTP Addon Directory Traversal Vulnerability
21. Zope addItems Script Information Disclosure Vulnerability
22. Armida Databased Web Server Remote GET Request Denial Of...
23. Compaq Web-Based Management Agent Remote File Verification...
24. Zope ExampledbBrowseReport Description Field HMTL Injection...
25. Microsoft Media Player 9 Unauthorized Media Library Access...
26. IndigoSTAR Software PerlEdit Denial Of Service Vulnerability
27. Compaq Web-Based Management Agent Multiple Remote Vulnerabilities
28. Microsoft Windows Media Services NSIISlog.DLL Remote Buffer... III. MICROSOFT FOCUS LIST SUMMARY
29. How to block users from installing other apps (Thread)
30. SP4 instalation failure (Thread)
31. Xp Home (Thread)
32. security auditing under windows 2000 server (Thread)
33. Windows NLB (Thread)
34. AW: Question about windows service (Thread)
35. Question about windows service (Thread)
36. Please read. Post containing BugBear.B (Thread)
37. Search for files and folders fails (Thread)
38. additional Windows 2000 password policy questions (Thread)
39. Windows 2000 password policy (Thread)
40. Managing Windows Event Logs (Thread)
41. Filtering DHCP Assignments by MAC Address (Thread)
42. Microsoft Baseline Security Analyzer (Thread)
43. SecurityFocus Microsoft Newsletter #142 (Thread)
44. adding new service to system services list (Thread)
45. Netreg for Windows (Thread)
46. Windows Event Logs (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
47. AbsoluteShield Internet Eraser Pro
48. Akonix L7 Enterprise
49. Online Recorder 5.3
50. NEW TOOLS FOR MICROSOFT PLATFORMS
51. Securepoint Firewall and VPN Server v3.13 (S3)
52. Enigmail v0.80.0
53. beecrypt v3.0.0 VI. SPONSOR INFORMATION
54. FRONT AND CENTER

    ---

55. IDS Correlation of VA Data and IDS Alerts By Neil Desai

This article discusses the correlation of VA data and IDS alerts to help prioritize events and reduce the time it takes to sift through events.

http://wwwdev.securityfocus.com/infocus/1708

2. RFID Chips Are Here
By Scott Granneman

RFID chips are being embedded in everything from jeans to paper money, and your privacy is at stake.

http://www.securityfocus.com/columnists/169

3. The SecurityFocus 4th Anniversary Contest

Enter to win two passes to the Black Hat Briefings. Please visit the contest page here:

http://www.securityfocus.com/contest

II. BUGTRAQ SUMMARY

---

1. Tutos File_Select.PHP Cross-Site Scripting Vulnerability BugTraq ID: 8011 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8011 Summary:

Tutos is a freely available, open source team organization software package. It is available for the Unix, Linux, and Microsoft Windows platforms.

A problem in the software may make the execution of arbitrary code possible.

It has been reported that Tutos does not properly handle input to the file_select script. Because of this, an attacker may be able to execute code in the browser of another user with the privileges of the vulnerable site.

The problem is in the rendering of arbitrary HTML and script code by Tutos. An attacker may supply code as an argument to the file_select script that, when loaded in the browser of another user, is executed in the security context of the site hosting Tutos. This could permit the theft of cookie authentication credentials, Other attacks may also be possible.

2. Power Server FTP Addon Remote USER/PASS Command Denial of Service Vulnerability
BugTraq ID: 7976
Remote: Yes
Date Published: Jun 19 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7976
Summary:

Power Server is an open source web server available for the Microsoft Windows operating system. Power Server supports various addon programs designed to extend the functionality of the server, such as the FTP Addon.

Power Server FTP Addon is reportedly prone to a remote denial of service when process malformed USER and PASS commands. The problem occurs when processing command parameters containing approximately 50,000 characters.

Exploitation of this vulnerability would result in a target system's CPU usage rising to approximately 88 to 95 percent. This could result in other services becoming unusable or potentially cause the system to behave unpredictably.

Although unconfirmed, the affected server may be required to be manually rebooted to restore expected functionality.

3. phpBB Viewtopic.PHP SQL Injection Vulnerability BugTraq ID: 7979
Remote: Yes
Date Published: Jun 19 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7979
Summary:

phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

A SQL injection vulnerability has been reported for phpBB systems that may result in the disclosure of user password hashes; other attacks may also be possible.

phpBB, in some cases, does not sufficiently sanitize user-supplied input, which is used when constructing SQL queries to execute on the underlying database. As a result, it is possible to manipulate SQL queries. This may allow a remote attacker to modify query logic or potentially corrupt the database.

This vulnerability was reported to exist in the viewtopic.php script file. A remote attacker can exploit this vulnerability by manipulating the $topic_id URI parameter to modify SQL query logic.

SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

4. Power Server Remote GET Request Denial of Service Vulnerability BugTraq ID: 7983
Remote: Yes
Date Published: Jun 19 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7983
Summary:

Power Server is an open source web server available for the Microsoft Windows operating system.

Power Server is reportedly prone to a remote denial of service when process malformed GET requests. The problem occurs when processing requests containing approximately 500,000 forward-slash '/' characters.

Exploitation of this vulnerability would result in a target system's CPU usage rising to approximately 88 to 95 percent. This could result in other services becoming unusable or potentially cause the system to behave unpredictably.

Although unconfirmed, the affected server may be required to be manually rebooted to restore expected functionality.

5. Power Server FTP Addon Plaintext Password Storage Weakness BugTraq ID: 7984
Remote: No
Date Published: Jun 19 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7984
Summary:

Power Server is an open source web server available for the Microsoft Windows operating system. Power Server supports various addon programs designed to extend the functionality of the server, such as the FTP Addon.

Power Server FTP Addon stores usernames and associated passwords using plaintext format, in the 'FTPUsers' directory. As a result, these credentials could be exposed to other local users who have the permissions to access and read that file.

It should be noted that although this issue has been reported to affect Power Server 1.0, other versions are likely to be affected.

6. Power Server FTP Addon Failure To Authenticate Vulnerability BugTraq ID: 7986
Remote: Yes
Date Published: Jun 19 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7986
Summary:

Power Server is an open source web server available for the Microsoft Windows operating system. Power Server supports various addon programs designed to extend the functionality of the server, such as the FTP Addon.

A vulnerability has been reported in Power Server FTP Addon that could allow an attacker to gain unauthorized access. Specifically, Power Server will accept an arbitrary password when a valid username has been supplied. Although unconfirmed, this may be as a result of a design error while carrying out string matching of legitimate passwords.

This will effectively grant an unauthorized attacker access to a target FTP server.

7. MyServer Remote Denial Of Service Vulnerability BugTraq ID: 8010
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8010
Summary:

MyServer is an application and web server for Microsoft Windows and Linux operating systems.

MyServer HTTP server has been reported prone to a remote denial of service attack.

The issue presents itself, likely due to a lack of sufficient bounds checking, performed on arguments that are supplied via malicious HTTP GET requests. It has been reported that a remote attacker may invoke a HTTP GET request containing 100 '/' characters, this action will supposedly trigger a segmentation fault in the server executable and the software will fail. It has been reported that no details of this attack are logged.

Due to the nature of this vulnerability it has been conjectured that this issue may be exploited to execute arbitrary code. This however has not been confirmed.

It should be noted that although this issue has been reported to affect MyServer version 0.4.1 other versions might also be affected.

8. Tutos File_New Arbitrary File Upload Vulnerability BugTraq ID: 8012
Remote: Yes
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8012
Summary:

Tutos is a freely available, open source team organization software package. It is available for the Unix, Linux, and Microsoft Windows platforms.

A problem in the software may make the uploading of arbitrary files possible.

It has been reported that Tutos does not properly handle input to the file_new script. Because of this, an attacker may be able to upload arbitrary files to a vulnerable site.

It is not clear where the specific vulnerable component of Tutos lies. However, because of the problem, it may be possible for an attacker to upload and overwrite files with the privileges of the web server process. This could result in data corruption, or other potentially malicious activities.

9. SurfControl Web Filter File Disclosure Vulnerability BugTraq ID: 7978
Remote: Yes
Date Published: Jun 19 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7978
Summary:

SurfControl is a series of products designed to filter out harmful or questionable Internet content. Web Filter is available as a plugin for Microsoft ISA Server.

A problem with Web Filter may allow attackers to obtain access to sensitive files. The vulnerability occurs due to insufficent sanitization of '.../' directory traversal sequences.

A determined attacker is able to obtain access to files on the host server with the privileges of the web server process.

This vulnerability was reported for Web Filter 4.2.0.1. It is likely that earlier versions are affected.

1. Compaq Web-Based Management Agent Remote Stack Overflow Denial of Service Vulnerability BugTraq ID: 8014 Remote: Yes Date Published: Jun 23 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8014 Summary:

Web-Based Management Agent is the remote system management software package distributed by Compaq. It is available for the Microsoft Windows platform.

Compaq Web-Based Management Agent has been reported prone to a remote denial of service vulnerability. The problem occurs when making malformed requests to the service. Specifically, requests which contain an exclamation mark within angle brackets (<!>), optionally followed by an argument.

The following requests are reported to trigger the exception:

http://www.example.com:2301/survey/
http://www.example.com:2301/
http://www.example.com:2301/
http://www.example.com:2301/survey/
http://www.example.com:2301/
http://www.example.com:2301/

The root of this problem may be due to the agent failing to handle unexpected or unsupported protocol behavior, such as these requests. This however has not been confirmed.

The returned error from such a request reports that a stack overflow occurred, however it has not been confirmed whether this issue is exploitable to corrupt memory. The problem may in fact be the result of a NULL pointer dereference.

It should be noted that this BID was previously part of BID 8009, which addressed multiple issues.

1. Compaq Web-Based Management Agent Access Violation Denial of Service Vulnerability BugTraq ID: 8015 Remote: Yes Date Published: Jun 23 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8015 Summary:

Web-Based Management Agent is the remote system management software package distributed by Compaq. It is available for the Microsoft Windows platform.

Compaq Web-Based Management Agent has been reported prone to a remote denial of service vulnerability. The problem occurs when handling malformed GET requests to the service. Specifically, requests which contain "<!.FunctionContentType=" followed by approximately 250 bytes of data and appended with a ">".

The returned error from such a request reports that an access violation. The problem likely occurs due to the program attempting to write to an invalid memory page, causing the service to crash.

It should be noted that this BID was previously part of BID 8009, which addressed multiple issues.

1. Microsoft Internet Explorer HR Align Buffer Overflow Vulnerability BugTraq ID: 8016 Remote: Yes Date Published: Jun 23 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8016 Summary:

Internet Explorer is reportedly prone to a boundary condition error. This problem exists due to insufficient bounds checking on the 'Align' attribute of the 'HR' (horizontal rule) HTML tag.

If the 'Align' attribute is given an unusually large value, a buffer within the iexplore process will be overrun, causing Internet Explorer to fail. It may also be possible to cause arbitrary code to be executed, though this has not been confirmed. The overflow occurs in 'HTML32.cnv', which is an HTML converter used by Internet Explorer.

This vulnerability was reported for Internet Explorer version 5 and above. Earlier versions may also be vulnerable.

1. Zope Invalid Query Information Disclosure Vulnerability BugTraq ID: 8000 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8000 Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

Reportedly, Zope will disclose path information if a user invokes an invalid query operation using Shopping cart example scripts. An error will be triggered and traceback information containing possible sensitive path information will be returned to the browser of the attacker.

If an attacker can gain information about the details of the filesystem, this information may be useful in further attacks against the host.

1. WebJeff Filemanager File Disclosure Vulnerability BugTraq ID: 7995 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7995 Summary:

WebJeff Filemanager is a file management system implemented in PHP. It is available for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

A vulnerability has been reported for Filemanager that may result in the disclosure of arbitrary files. The vulnerability exists due to insufficient sanitization of user-supplied values for URI parameters. Specifically, the 'ficher' URI parameter of the index.php3 script file is not properly sanitized.

A malicious attacker can specify arbitrary absolute paths as the value of the 'ficher' URI parameter. This will result in the requested file being disclosed to the attacker.

This vulnerability affects Filemanager 1.6.

1. WebJeff Filemanager Plain Text Password Storage Vulnerability BugTraq ID: 7996 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7996 Summary:

WebJeff Filemanager is a file management system implemented in PHP. It is available for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

A vulnerability has been reported for Filemanager that may result in an attacker obtaining authentication credentials. The vulnerability exists due to the way usernames and passwords are stored. Specifically, authentication credentials are stored in plain text format in the 'prive/users.txt' file.

An attacker can exploit this vulnerability by making a request for the desired resource.

Any information obtained in this manner may be used to launch further attacks against a vulnerable system.

This vulnerability was reported for Filemanager 1.6.

1. Zope Empty Upload Information DisclosureVulnerability BugTraq ID: 7998 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7998 Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

Reportedly, Zope will disclose path information if a user invokes an upload operation via the 'addFile' script when a target file does not exist as a URI parameter. An error will be triggered and traceback information containing possible sensitive path information will be returned to the browser of the attacker.

If an attacker can gain information about the details of the filesystem, this information may be useful in further attacks against the host.

1. Power Server FTP Addon Directory Traversal Vulnerability BugTraq ID: 7985 Remote: Yes Date Published: Jun 19 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7985 Summary:

Power Server is an open source web server available for the Microsoft Windows operating system. Power Server supports various addon programs designed to extend the functionality of the server, such as the FTP Addon.

A problem with the server may make it possible to gain unauthorized access to system resources.

It has been reported that Power Server FTP Addon does not properly handle some types of requests. This may make it possible for a remote user to gain access to resources outside of the FTP root directory.

Access to this information could potentially aid an attacker in launching further attacks against the target system or it's users.

1. Zope addItems Script Information Disclosure Vulnerability BugTraq ID: 7999 Remote: Yes Date Published: Jun 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7999 Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

A vulnerability has been discovered in Zope which may result in the disclosure of sensitive information to a remote attacker. The problem occurs when a value greater then 11 is passed as the records URI parameter to the addItems script. When this occurs, an exception will be triggered causing the server to return an error page containing sensitive system information.

Information disclosed may include session identification, the script installation paths, the application installation path, etc.

Access to this information could potentially aid an attacker in launching further attacks against the system.

1. Armida Databased Web Server Remote GET Request Denial Of Service Vulnerability BugTraq ID: 8017 Remote: Yes Date Published: Jun 23 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8017 Summary:

Armida Databased Web Server is a web server available for the Microsoft Windows operating systems.

Armida Databased Web Server is reportedly prone to a remote denial of service when process malicious GET requests. The problem occurs when processing requests containing approximately 5000 bytes of data.

Exploitation of this vulnerability would result in the remote service crashing. Although unconfirmed, due to the nature of this vulnerability it may be possible to supply and execute arbitrary code.

This vulnerability has been reported to affect Armida Web Server version 1.0.

20. Compaq Web-Based Management Agent Remote File Verification Vulnerability
BugTraq ID: 8019
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8019
Summary:

Web-Based Management Agent is the remote system management software package distributed by Compaq. It is available for the Microsoft Windows platform.

Compaq Web-Based Management Agent has been reported vulnerable to a remote file verification vulnerability. This information leak could be exploited by an attacker to verify the existence of sensitive files on a vulnerable system.

The problem is in the handling of input when passed via the following means:

http://www.example.com:2301/<!.DebugSearchPaths>?Url=%2F..%2F..%2F..%2F..% 2Fboot.ini

As can be ascertained from the above URL, passing directory traversal strings in the dot-dot-slash form (../) with encoded slashes can permit the attacker to access a file on the vulnerable system. If the file exists, the Web-Based Management Agent returns a response that validates the existence of the file.

It should be noted that this BID was previously part of BID 8009, which addressed multiple issues.

21. Zope ExampledbBrowseReport Description Field HMTL Injection Vulnerability
BugTraq ID: 8001
Remote: Yes
Date Published: Jun 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8001
Summary:

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems.

It has been reported that Zope ExampledbBrowseReport example script suffers from an HTML injection vulnerability. The problem is said to occur due to insufficient input validation of user-supplied form data.

Specifically, it is possible to embed HTML code within the 'Description' field of the Zope ExampledbBrowseReport example script.

All script code will be interpreted by the browsers of other Zope users, who view the affected page, within the context of the site hosting the affected script.

The successful exploitation of this issue could ultimately result in the attacker obtaining cookie-based authentication credentials or other sensitive information, which, could be used to impersonate the other user.

22. Microsoft Media Player 9 Unauthorized Media Library Access Vulnerability
BugTraq ID: 8034
Remote: Yes
Date Published: Jun 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8034
Summary:

Windows Media Player 9 Series is prone to an issue that may result in an attacker obtaining unauthorized access to a compromised user's media library.

Windows Media Player 9 uses an ActiveX control to control access to a user's Media Library. The ActiveX control is a scriptable component and can be invoked through the use of script code. The vulnerability exists due to insufficent validation of requests made to the ActiveX control to access the Media Library.

An attacker can exploit this vulnerability by enticing a victim user to visit a site that hosts malicious script code to invoke the Media Player ActiveX control. Successful exploitation will result in the attacker obtaining access to a user's Media Library.

Information obtained in this manner may be used by an attacker to launch other attacks against a vulnerable system, such as modifying contents of Media Library entries.

23. IndigoSTAR Software PerlEdit Denial Of Service Vulnerability BugTraq ID: 8006
Remote: Yes
Date Published: Jun 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8006
Summary:

PerlEdit is a IDE (Integrated Development Environment) for developing Perl scripts. It is maintained and distributed by IndigoSTAR Software. It is available for Linux variant and Microsoft Windows operating systems.

A denial of service vulnerability has been reported for PerlEdit. The vulnerability exists when an connection is made to TCP port 1956.

When PerlEdit is executed, it will bind to TCP port 1956. If an attempt is made to connect to that port while PerlEdit is running, it will cause PerlEdit to crash.

An attacker can exploit this vulnerability to connect to a vulnerable host on port 1956. This will cause the vulnerable PerlEdit application to crash.

This vulnerability was reported to affect PerlEdit 1.07.

24. Compaq Web-Based Management Agent Multiple Remote Vulnerabilities BugTraq ID: 8009
Remote: Yes
Date Published: Jun 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8009
Summary:

Web-Based Management Agent is the remote system management software package distributed by Compaq. It is available for the Microsoft Windows platform.

It may be possible for a remote attacker to gain unauthorized access to a host using the vulnerable software.

The Compaq Web-Based Management Agent may permit an attacker to create one of the following scenarios:

Numerous stack overflows are reported to exist in the management agent. By passing one of several combinations of tags to the web server for server-side command interpreting, it is possible for an attacker to crash the agent, resulting in a denial of service. It is not clear whether or not these issues may be exploited to execute code with the privileges of the web server process.

Another reported issue appears to be a boundary condition error that may be exploitable. By supplying a request with a length of at least 250 bytes to the FunctionContentType function, it is possible to cause an
"Access violation," which may be a memory corruption issue.

A final reported issue is the ability of a remote user to validate files on a system. By passing a maliciously crafted request to the DebugSearchPaths function, an attacker may be able to validate the existence of certain files on the system, potentially resulting in information disclosure.

This vulnerability alert is a preliminary analysis. These vulnerabilities will be broken into specific entries as more detailed analysis is performed.

25. Microsoft Windows Media Services NSIISlog.DLL Remote Buffer Overflow Vulnerability
BugTraq ID: 8035
Remote: Yes
Date Published: Jun 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8035
Summary:

Microsoft Media Services provides functionality for providing streaming media content to clients from IIS. It ships with a number of Microsoft Windows 2000 server releases and is also available for download for Windows NT.

Microsoft has reported a buffer overflow vulnerability in Windows Media Services. This is due to a problem with how the logging ISAPI extension (nsiislog.dll) handles incoming client requests. The logging facility may attempt to write excessive data to an undersized buffer when handling a malformed HTTP client request. This could trigger a denial of service or remote arbitrary code execution in IIS, which is exploitable through Media Services. The issue would occur in servers that are configured to provide logging of media requests.

It is possible to exploit this issue by sending an overly long HTTP POST request to the vulnerable component. This may permit a remote attacker to corrupt sensitive stack variables with attacker-supplied values, allowing the attacker to control process execution flow and execute malicious instructions. Any attacker-supplied code will be executed in the security context of the underlying IIS server.

It has been reported that Windows Media Services is not installed by default on Windows 2000.

It should be noted that this vulnerability is similar to the issue described in BID 7727. This issue was reported independently from BID 7727 and was not addressed in the vendor fixes associated with that BID.

III. MICROSOFT FOCUS LIST SUMMARY

---

1. How to block users from installing other apps (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326971

2. SP4 instalation failure (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/326977

3. Xp Home (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/326976

4. security auditing under windows 2000 server (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326899

5. Windows NLB (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/326900

6. AW: Question about windows service (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326898

7. Question about windows service (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326890

8. Please read. Post containing BugBear.B (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326715

9. Search for files and folders fails (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326671

1. additional Windows 2000 password policy questions (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326673

1. Windows 2000 password policy (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326524

1. Managing Windows Event Logs (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326522

1. Filtering DHCP Assignments by MAC Address (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326479

1. Microsoft Baseline Security Analyzer (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326418

1. SecurityFocus Microsoft Newsletter #142 (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326385

1. adding new service to system services list (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326386

1. Netreg for Windows (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326294

1. Windows Event Logs (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/326289

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

---

1. AbsoluteShield Internet Eraser Pro by SysShield Consulting, Inc Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL: http://www.internet-track-eraser.com/ Summary:

AbsoluteShield Internet Eraser protects your privacy by cleaning up all the tracks of your Internet and computer activities. The tool is integrated with IE and it can erase the browser cache, history, cookies, typed URLs, autocomplete list and so on in one click. You can also set the tool to automatically erase those tracks when you quit IE or quit Windows. The tool is also featured to erase the disk free space and has the open plugin support. With the plugin support, AbsoluteShield Internet Eraser now supports to erase the tracks left by any applications. We currently offer more than 20 plugins which supports the most popular programs such as MS Office, WinZip, UltraEdit, RealPlayer, Media Player... Beside the ability to erase the tracks of your Internet and computer activities, the tool also has an integrated, small, configurable and intelligent Ad window and popup blocker.

2. Akonix L7 Enterprise v2.0
by Akonix Systems, Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL:
http://www.akonix.com/products/l7.asp
Summary:

Akonix L7 Enterprise v2.0 allows organizations to secure their networks from the threats of unmanaged Public Instant Messaging, while continuing to gain its benefits. Akonix L7 Enterprise v2.0 addresses critical business drivers such as Security, Control and Management, Compliance and Liability, and Reporting.

3. Online Recorder 5.3
by Spy Software Solutions
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL:
http://www.spysoftware.net/onlinerecorder/ Summary:

Are you worried about what your spouse or children are doing on the Internet? Do they hide windows when you look over their shoulder? If you want to know exactly what they're typing and where they're going, this program is for you. The Online Recorder secretly runs under windows when your computer starts up and extracts text from Internet applications. It also records every keystroke on your computer without slowing it down or changing it's performance. Complete satisfaction is guaranteed.

V. NEW TOOLS FOR MICROSOFT PLATFORMS

---

1. Securepoint Firewall and VPN Server v3.13 (S3) by Lutz Hausmann Relevant URL: http://www.securepoint.cc/ Platforms: Linux, Windows 2000, Windows 95/98, Windows NT Summary:

Securepoint Firewall and VPN Server is a high-performance application designed to offer full protection for network assets. The Security Manager offers a graphical user interface with many features, different configurations, and advanced reporting functions. The Securepoint server is a complete firewall and VPN software system with an operating system based on a secure Linux. VPN operation supports PPTP and IPSec (X.509 certificates, preshared, RSA signature). You can use the firewall on a standard PC with 2 to 16 network cards (including Ethernet, ADSL, ISDN). It is very easy to install and administer. The Securepoint Security Manager is available in English, German, and Spanish, and works in online and offline mode.

2. Enigmail v0.80.0
by Patrick
Relevant URL:
http://enigmail.mozdev.org/thunderbird.html Platforms: Linux, MacOS, POSIX, UNIX, Windows 2000, Windows 3.x, Windows 95/98, Windows CE, Windows NT, Windows XP Summary:

Enigmail is a "plugin" for the mail client of Mozilla and Netscape 7.x which allows users to access the authentication and encryption features provided by the popular GnuPG software. Enigmail can encrypt/sign mail when sending, and can decrypt/authenticate received mail. It can also import/export public keys. Enigmail supports both the inline PGP format and the PGP/MIME format, which can be used to encrypt attachments. Enigmail is cross-platform, although binaries are supplied only for a limited number of platforms. Enigmail uses inter-process communication to execute GPG to carry out encryption/authentication.

3. beecrypt v3.0.0
by Bob Deblier, bob.deblier@pandora.be
Relevant URL:
http://sourceforge.net/projects/beecrypt/ Platforms: Linux, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT Summary:

BeeCrypt is an ongoing project to provide strong and fast cryptography in the form of a toolkit usable by commercial and open source projects. Included in the library are entropy sources, random generators, block ciphers, hash functions, message authentication codes, multiprecision integer routines, and public key primitives.

VI. SPONSOR INFORMATION

---

This Issue is Sponsored by: Tenable

Tenable Network Security offers a Vulnerability Management Product.
"Lightning 1.1 is a next-generation security software solution that
thoughtfully combines relevant security data from vulnerability scans and intrusion detection devices to help enterprises reduce network exposure. Its design is definitely unique and highly scalable when compared to others in our industry," says Ron Gula, President and CTO of Tenable.

Please visit: http://www.securityfocus.com/TenableSecurity-ms-secnews

---

Received on Mon Jun 30 17:29:13 2003