SecurityFocus Microsoft Newsletter #144

SecurityFocus Microsoft Newsletter #144

This Issue is Sponsored by: SpiDynamics

ALERT: "Six steps for testing your applications for SQL Injection Attacks" It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* test guide from SPI Dynamics to check for SQL Injection vulnerabilities.

Visit us at:

http://www.securityfocus.com/SPIDynamics-ms-secnews5

I. FRONT AND CENTER

1. Penetration Testing for Web Applications (Part Two)
2. IDS Correlation of VA Data and IDS Alerts
3. Antivirus Concerns in XP and .NET Environments
4. Promises, Promises
5. The SecurityFocus 4th Anniversary Contest II. MICROSOFT VULNERABILITY SUMMARY
6. Microsoft NetMeeting Directory Traversal Vulnerability
7. Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities...
8. iXmail iXmail_NetAttach.PHP File Deletion Vulnerability
9. Multiple Opera Denial Of Service Vulnerabilities
10. Verity K2 Toolkit Query Builder Search Script Cross-Site...
11. PABox Password Reset Vulnerability
12. PABox Admin Control Panel PHP Code Injection Vulnerability
13. MoreGroupWare Multiple Cross-Site Scripting Vulnerabilities
14. iXmail Arbitrary File Upload Vulnerability
15. VisNetic Website Path Disclosure Vulnerability
16. Marbry Software FTPServer/X Controls Server Response Buffer...
17. MoreGroupWare Arbitrary File Upload Vulnerability
18. iXmail Index.PHP Authentication Bypass SQL Injection...
19. WebBBS Guestbook HTML Injection Vulnerability
20. ImageMagick Temporary File Creation Vulnerability
21. CutePHP CuteNews HTML Injection Vulnerability
22. Abyss Web Server HTTP GET Heap Overrun Vulnerability
23. Microsoft Commerce Server 2002 Weak Registry Key Permissions...
24. Abyss Web Server HTTP Header Injection Vulnerability III. MICROSOFT FOCUS LIST SUMMARY
25. How to block users from installing other apps (Thread)
26. SP4 installation failure (Thread)
27. Q811114 and Q815021 (Thread)
28. Managing Windows Event Logs (Thread)
29. Limiting the creation of new files to specific types. (Thread)
30. SP4 instalation failure (Thread)
31. SecurityFocus Microsoft Newsletter #143 (Thread)
32. SP4 installation (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
33. eTRUST Intrusion Detection
34. InterScan WebProtect
35. PestPatrol
36. NEW TOOLS FOR MICROSOFT PLATFORMS
37. Secure FTP Bean v2.0.8
38. LibTomMath v0.22
39. John the Ripper v1.6.34(dev) VI. SPONSOR INFORMATION
40. FRONT AND CENTER

    ---

41. Penetration Testing for Web Applications (Part Two) By Jody Melbourne and David Jorm

The second installment in this series expands upon issues of input validation - how developers routinely, through a lack of proper input sanity and validity checking, expose their back-end systems to server-side code-injection and SQL-injection attacks. It also explores the manner in which these issues may manifest the client-side as cross-site scripting and other content-manipulation vulnerabilities.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/infocus/1709

2. IDS Correlation of VA Data and IDS Alerts By Neil Desai

This article discusses the correlation of VA data and IDS alerts to helpprioritize events and reduce the time it takes to sift through events.

http://www.securityfocus.com/infocus/1708

3. Antivirus Concerns in XP and .NET Environments by Roger A. Grimes

After Windows NT was released, it took virus writers 5 years to learn how to infect it. Windows NT 3.1 and the Win32 API were released in late 1993, but it wasn't until August 1998 that W32.Cabanas became the first NT virus by capturing coveted kernel mode access. .NET and some of Microsoft's other initiatives have not been as lucky. The purpose of this article is to discuss antivirus (AV) concerns with .NET and Microsoft Windows XP.

http://www.securityfocus.com/infocus/1707

4. Promises, Promises
By Mark Rasch

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Most online businesses promise they'll protect customer data as if it were their own. Now the government is holding them to it.

http://www.securityfocus.com/columnists/171

5. The SecurityFocus 4th Anniversary Contest

Enter before July 16th, 2003 to win two passes to the Black Hat Briefings. Please visit the contest page here:

http://www.securityfocus.com/contest

II. BUGTRAQ SUMMARY

1. Microsoft NetMeeting Directory Traversal Vulnerability BugTraq ID: 7931 Remote: Yes Date Published: Jul 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7931 Summary:

Microsoft NetMeeting is conferencing software that can be used by two or more users to participate in audio or video conferences.

NetMeeting is reported to be prone to a directory traversal vulnerability. This is due to a lack of proper validation of file names in the NetMeeting File Transfer function.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Files transferred during a NetMeeting session are saved in the Program Files\NetMeeting\Received Files directory by default. By prepending the name of the file being transferred with directory traversal character sequences (..\), the file could be saved in an arbitrary directory. Such a directory could include the Windows Startup directory or the NetMeeting installation directory.

It should be noted that an existent file can not be overwritten by exploiting this issue. Also, a notification is sent to alert the user of the malicious file transfer, however a choice is not given whether or not to reject the incoming file.

This vulnerability was reported for NetMeeting 3.01, however, earlier versions may also be vulnerable.

2. Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed BugTraq ID: 8045
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8045
Summary:

Microsoft has announced the release of Windows 2000 SP4. This service pack contains security roll-ups for a number of previously reported and fixed issues. The service pack also contains bugfixes and patches for a number of new security issues.

These new security issues are both local and remote in nature and may allow privilege escalation attacks, denial of services or various degrees of security policy bypass. Symantec is currently undergoing analysis of these issues and will be releasing individual BIDs describing these issues, where it is appropriate.

Windows 2000 administrators are advised to apply SP4 as soon as possible to prevent exploitation of any previously known or new security issues.

3. iXmail iXmail_NetAttach.PHP File Deletion Vulnerability BugTraq ID: 8046
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8046
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

iXmail is a web-based e-mail system implemented in PHP. It is available for a variety of platforms including Microsoft Windows and Linux and Unix variant systems.

A vulnerability has been reported for iXmail that may allow for the deletion of files. The vulnerability occurs due to insufficient sanitization of user-supplied input for certain URI parameters. Specifically, the ixmail_netattach.php script does not sanitize user-supplied values for the 'file' URI parameter.

An authenticated attacker may be able to exploit this vulnerability by specifying a filename as the value to the 'file' URI parameter. This will result in the deletion of the specified file.

Although unconfirmed, it may be possible for an attacker to use '../' directory traversal sequences to delete arbitrary web-server readable files.

4. Multiple Opera Denial Of Service Vulnerabilities BugTraq ID: 8066
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8066
Summary:

Opera has been reported to be prone to five denial of service vulnerabilities. These issues can be triggered when the browser attempts to interpret a document with malformed code. If a user of the web browser visits a web page that contains malformed code designed to trigger one of these conditions, their browser could freeze up or crash outright. It should be noted that exploitation of these issues will generally not cause a prolonged or persistent denial of service as the browser includes features that allow users to gracefully recover from a crash. If the browser freezes, this could cause CPU usage to spike to 100% for that process, which could result in a more serious denial of service condition.

This issue was reported for Opera on Microsoft Windows platforms. It is not known if other releases are affected.

These issues are pending further analysis and will be assigned separate BIDs with more specific details when analysis is completed.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. Verity K2 Toolkit Query Builder Search Script Cross-Site Scripting Vulnerability BugTraq ID: 8074
Remote: Yes
Date Published: Jul 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8074
Summary:

The K2 Toolkit is a web application infrastructure distributed by Verity. It is available for the Unix, Linux, and Microsoft Windows platforms.

It has been reported that the K2 Toolkit does not sufficiently sanitize input by users. Because of this, it may be possible for an attacker to launch an attack that results in the execution of web code in the browsers of users that have loaded a malicious link created by the attacker.

The problem is in the filtering of input from URI parameters of the search script of the query building tool. User-supplied input will be echoed back without being sufficiently sanitized of HTML or script code. By passing malicious HTML or script code to the script, it is possible to render the code in the security context of the site hosting the vulnerable software. This could lead to the theft of authentication credentials such as cookies, or other nefarious activities.

6. PABox Password Reset Vulnerability
BugTraq ID: 8067
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8067
Summary:

paBox is a web-application that is written in PHP. It will run on Unix and Linux variants, as well as Microsoft Windows operating systems.

paBox is prone to an issue that may allow unauthenticated remote users to reset administrative passwords. This issue is due to insufficient access validation prior to allow users to perform certain actions. This could permit unauthorized access to the administrative Control Panel, which may aid the attacker in further attacks against the underlying system.

7. PABox Admin Control Panel PHP Code Injection Vulnerability BugTraq ID: 8068
Remote: Yes
Date Published: Jun 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8068
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

paBox is a web-application that is written in PHP. It will run on Unix and Linux variants, as well as Microsoft Windows operating systems.

Remote users with access to the administrative Control Panel may be able to inject malicious PHP code when adding banned users. Banned user information is stored in the 'bannedusers.php' script. This code could then be executed, allowing for execution of arbitrary commands in the context of the web server hosting the software.

Unauthorized remote users may exploit other latent vulnerabilities in the software to gain access to the administrative console.

8. MoreGroupWare Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 8041
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8041
Summary:

moregroupware is a tool to facilitate office communications. It includes, among other features, webmail, calendering and project management functionality. It is implemented in PHP and is available for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

Several cross-site scripting vulnerabilities have been reported for moregroupware. The vulnerability exists due to insufficient sanitization of user-supplied data.

An attacker could exploit these issues by enticing a web user to a malicious link which contains hostile HTML or script code. The hostile code may be rendered in the user's browser when the user follows the link.

Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for moregroupware 0.6.7. Earlier versions may be affected.

9. iXmail Arbitrary File Upload Vulnerability BugTraq ID: 8048
Remote: Yes
Date Published: Jun 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8048
Summary:

iXmail is a web-based e-mail system implemented in PHP. It is available for a variety of platforms including Microsoft Windows and Linux and Unix variant systems.

When an attacker makes a request to the iXmail ixmail_attach.php script the $attach1 and $attach1_name variables define the location of data and the name of a PHP file respectively. The PHP file is stored within the /tmp directory of the established web root.

iXmail has been reported prone to an arbitrary file upload vulnerability. The problem is said to occur due to insufficient sanitization of the user-supplied $attach1 URI parameter.

An authenticated attacker could exploit this vulnerability by supplying a remote file, containing malicious PHP commands, as the $attach1 parameter. This will result in the PHP commands being stored within the /tmp directory, using the naming convention of the attacker-supplied $attach1_name parameter. By supplying a name with a PHP extension, an attacker could effectively execute arbitrary PHP code on the remote system by making a request for the newly created script file.

1. VisNetic Website Path Disclosure Vulnerability BugTraq ID: 8075 Remote: Yes Date Published: Jul 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8075 Summary:

VisNetic Website is web server that supports multiple domains, and allows TLS/SSL secured domains. It is available for the Microsoft Windows operating system.

VisNetic Website has been reported prone to a path disclosure vulnerability.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that a remote attacker may make a HTTP request for a CGI resource that does not exist and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.

Information gathered in this way could be used to aid in further attacks launched against the affected system.

It should be noted that this vulnerability has been reported to affect VisNetic Website 3.5 Service release 17, prior versions are also likely affected.

1. Marbry Software FTPServer/X Controls Server Response Buffer Overflow Vulnerability BugTraq ID: 8040 Remote: Yes Date Published: Jun 26 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8040 Summary:

Marbry Software FTPServer/X is an ActiveX Control and COM Object, designed to be incorporated into FTP server software for Microsoft Windows platforms.

FTPServer/X control has been reported prone to a buffer overflow vulnerability when processing server responses of excessive length.

The issue presents itself, likely due to a lack of sufficient bounds checking performed by wsprintf() when copying attacker-supplied data into an internal memory buffer. The data contained in this buffer, under normal circumstances, is transmitted to the remote user as a part of an FTP server status response message.

A remote attacker may supply a string of excessive length as a username
(>=1017 bytes) during the authentication process, or may simply supply a
malicious command of excessive length (>=1022 bytes) during an authorized FTP session. When the malicious string is copied into a fixed internal memory buffer, data that exceeds the size of the assigned buffer will overrun its bounds and corrupt adjacent memory. It has been reported that memory adjacent to the affected buffer contains pointers and a saved return address, both of which are crucial to the control of program execution flow. It is therefore likely that an attacker may exploit this condition to seize control of the vulnerable FTP server, and have arbitrary operation codes executed in the context of the user that is running the server. A remote attacker may also exploit this condition to trigger a persistent denial of service condition for legitimate FTP users; the server would require a restart to resume normal functionality.

It should be noted that any software that implements the Marbry Software FTPServer/X control, is likely affected by this vulnerability. It has been confirmed that this control is in use by Mollensoft(Hyperion) FTP Server. This issue is related to BID 7307 and possibly BID 6345.

1. MoreGroupWare Arbitrary File Upload Vulnerability BugTraq ID: 8043 Remote: Yes Date Published: Jun 26 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8043 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

moregroupware is a tool to facilitate office communications. It includes, among other features, webmail, calendering and project management functionality. It is implemented in PHP and is available for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

A vulnerability has been reported for moregroupware that may make it possible for a remote attacker to upload files to a vulnerable system. The vulnerability may be likely due to insufficient permissions on the 'modules/files/store/' folder of the moregroupware installation.

It is not clear where the specific vulnerable component of moregroupware lies. However, because of the problem, it may be possible for an attacker to upload and overwrite files with the privileges of the web server process. This could result in data corruption, or other potentially malicious activities.

This vulnerability was reported to affect moregroupware 0.6.7.

1. iXmail Index.PHP Authentication Bypass SQL Injection Vulnerability BugTraq ID: 8047 Remote: Yes Date Published: Jun 26 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8047 Summary:

iXmail is a web-based e-mail system implemented in PHP. It is available for a variety of platforms including Microsoft Windows and Linux and Unix variant systems.

iXmail Index.PHP script has been reported prone to an SQL Injection Vulnerability.

The issue presents itself, when some criteria are met. If 'magic_quotes_gpc' is set as 'off' in the 'php.ini' configuration file, a remote user may inject arbitrary SQL code via the 'username' URI parameter to bypass the iXmail authentication procedure. It has also been demonstrated that this vulnerability may be exploited to disclose all of the fields of the table 'db_authtable' to a remote attacker.

It may also be possible, depending on the database implementation and other factors, to launch attacks against the underlying database. This could result in disclosure of sensitive information or other consequences.

1. WebBBS Guestbook HTML Injection Vulnerability BugTraq ID: 8052 Remote: Yes Date Published: Jun 27 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8052 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

WebBBS Pro is a web-based BBS system designed to run in Microsoft Windows environments. WebBBS Pro is shipped with a web server component.

A HTML injection vulnerability has been reported for WebBBS. The vulnerability exists as a result of insufficient sanitization of user-supplied data.

An attacker may exploit this issue to inject malicious HTML code into WebBBS guestbook entries. The hostile code may be rendered in the user's browser when the user views the entry.

Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.

1. ImageMagick Temporary File Creation Vulnerability BugTraq ID: 8057 Remote: No Date Published: Jun 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8057 Summary:

ImageMagick is an image manipulation program. It is available for a variety of platforms including Microsoft Windows and Unix and Linux variant operating systems.

ImageMagick has been reported prone to an insecure temporary file creation vulnerability. As a result, it may be possible for local attackers to corrupt files owned by the user who is invoking the ImageMagick application.

An attacker could potentially exploit this issue by creating a symbolic link in place of the temporary file, which is created. Any actions performed by ImageMagick when it is executed will be performed on the linked file.

1. CutePHP CuteNews HTML Injection Vulnerability BugTraq ID: 8060 Remote: Yes Date Published: Jun 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8060 Summary:

CutePHP is a web-based bulletin board system. It is implemented in PHP and is available for a variety of platforms including Microsoft Windows and Unix and Linux variant operating environments.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of malicious HTML code.

An attacker can exploit this vulnerability by adding HTML code within IFRAME tags. The hostile code may be rendered in the user's browser when the user views the entry.

Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.

1. Abyss Web Server HTTP GET Heap Overrun Vulnerability BugTraq ID: 8062 Remote: Yes Date Published: Jun 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8062 Summary:

Abyss Web Server is a freely available personal web server. It is maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux.

Abyss Web Server is prone to a remotely exploitable heap overrun. This is due to insufficient bounds checking of data supplied via client HTTP GET requests which is used in a strcpy() operation. By submitting an HTTP GET request in excess of 2048 bytes, it will be possible to trigger this condition. It should be noted that the ':\' characters must be appended to the end of the request. This will permit remote attackers to corrupt adjacent regions of heap memory with attacker-supplied values.

This condition could be exploited to execute arbitrary code with the privileges of the web server.

This issue is reported to affect Abyss Web Server 1.1.2. Later versions, such as 1.1.4 and 1.1.5 may be similarly affected, though this has not been confirmed.

1. Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness BugTraq ID: 8063 Remote: No Date Published: Jun 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8063 Summary:

Microsoft Commerce Server 2002 is a web server product geared towards building e-commerce websites.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Microsoft Commerce Server 2002 installs a registry key with weak default permissions when configured to authenticate via SQL Server. The following registry key is installed with read privileges for the users group:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce Server

Encoded database authentication credentials are stored under "ADMINDBPS".

Attackers with interactive access to a system hosting the vulnerable software could gain access to encoded database credentials by perusing the registry. Credentials could also be retrieved via Open Commerce Server Manager. This information could be exploited to compromise the database.

This issue is reported to affect Microsoft Commerce Server 2002. It is not known if Microsoft Commerce Server 2000 is similarly affected.

1. Abyss Web Server HTTP Header Injection Vulnerability BugTraq ID: 8064 Remote: Yes Date Published: Jun 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8064 Summary:

Abyss Web Server is a freely available personal web server. It is maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux.

Abyss Web Server is prone to a vulnerability that could permit attackers to inject malicious data into server response headers. HTTP GET requests ending with ':\' characters will cause the server to return a HTTP 302 response to the client, which includes the requested URI in the Location: header field of the server response. User input is not sufficiently sanitized from this header field in the response. An attacker could cause malicious data such as HTML and script code to be included in the server response. It will also be possible be append additional HTTP header fields to the server response.

This could be exploited to launch cross-site scripting attacks. The attacker can also append arbitrary HTTP header information to the server response, which could permit cookie values to be set or spoofed header field data.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue is reported to affect Abyss Web Server 1.1.2. Later versions, such as 1.1.4 and 1.1.5 may be similarly affected, though this has not been confirmed.

IV. MICROSOFT FOCUS LIST SUMMARY

1. How to block users from installing other apps (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/327838

2. SP4 installation failure (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/327805

3. Q811114 and Q815021 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/327788

4. Managing Windows Event Logs (Thread)
Relevant URL:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/88/327532

5. Limiting the creation of new files to specific types. (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/327363

6. SP4 instalation failure (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/327307

7. SecurityFocus Microsoft Newsletter #143 (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/327282

8. SP4 installation (Thread)
Relevant URL:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/88/327203

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. 1. eTRUST Intrusion Detection by Computer Associates International, Inc. Platforms: Windows 2000, Windows 95/98, Windows NT Relevant URL: http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/ Summary:

eTrust Intrusion Detection delivers network protection including protection against the deployment and execution of Distributed Denial of Service attacks — an essential capability at a time when networks are susceptible to an increasingly sophisticated array of attacks. A truly comprehensive solution, eTrust Intrusion Detection includes an integrated anti-virus engine with automatic signature updates. This powerful solution takes the "detect, alert, prevent" approach to safeguarding your network — providing realtime, non-intrusive detection, policy-based alerts, and automatic prevention.

2. InterScan WebProtect
by TrendMicro
Platforms: Windows NT
Relevant URL:
http://www.antivirus.com/products/iswp/index.htm Summary:

The Proxy Server Anti-Virus Solution. Real-Time protection for Microsoft Proxy Server Scans for viruses and malicious code Optionally blocks known malicious code JAVA Applets and ActiveX Objects.

3. PestPatrol
by PestPatrol, Inc
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL:
http://www.safersite.com/pestpatrol/pestpatrol.asp Summary:

PestPatrol detects and removes non-viral malicious code - trojans, remote administration tools, spyware, hacker tools - that can be as damaging to your business as a serious virus attack. PestPatrol complements anti-virus, firewall, and IDS solutions, integrating seamlessly into existing security infrastructures. Whether the threat comes from outside or inside your organization, PestPatrol should be part of your security toolkit.

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. Secure FTP Bean v2.0.8 by glub Relevant URL: http://www.glub.com/products/bean/ Platforms: Os Independent Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The Secure FTP Bean allows FTP connections to be made over SSL, including both implicit and explicit SSL connections, and passive and active data transfers with or without encryption.

2. LibTomMath v0.22
by Tom St Denis tomstdenis@iahu.ca
Relevant URL:
http://math.libtomcrypt.org/
Platforms: Linux, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

LibTomMath provides highly optimized and portable routines for a vast majority of integer-based number theoretic applications (including public key cryptography).

3. John the Ripper v1.6.34(dev)
by Solar Designer
Relevant URL:
http://www.openwall.com/john/
Platforms: BeOS, DOS, MacOS, Windows 2000, Windows 95/98, Windows NT Summary:

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches.

VI. SPONSOR INFORMATION

ALERT: "Six steps for testing your applications for SQL Injection Attacks" It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* test guide from SPI Dynamics to check for SQL Injection vulnerabilities.

Visit us at:
http://www.securityfocus.com/SPIDynamics-ms-secnews5

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek