SecurityFocus Microsoft Newsletter # 149

1. The Lingering Ghost of Slammer
2. Blogs: Another Tool in the Security Pro's Toolkit (Part Two)
3. Demonstrating ROI for Penetration Testing (Part Two)

II. MICROSOFT VULNERABILITY SUMMARY

1. Counterpane Password Safe Clipboard Data Recovery Vulnerabil...
2. Invision Board Overlapping IBF Formatting Tag HTML Injection...
3. ZoneAlarm Local Device Driver IO Control Code Execution Vuln...
4. EveryBuddy Long Message Denial Of Service Vulnerability
5. TightVNC Win32 Server QueryAllowNoPass Access Control Bypass...
6. JSCI SSO URI Pattern Matching Access Validation Vulnerabilit...
7. 121 Software 121 WAM! FTP Server Directory Traversal Vulnera...
8. Lotus Sametime Multiple Encryption Implementation Flaw Vulne...
9. MiniHTTPServer WebForums Server Null Default Password Vulner...

III. MICROSOFT FOCUS LIST SUMMARY

1. Administrivia: Spam threads (Thread)
2. MS broadening its efforts to warn customers (Thread)
3. Exchange 2000 out of office (Thread)
4. TSGrinder 2.03 Released (Thread)
5. HTASploit (Thread)
6. How to silently deploy DirectX9b? (Thread)
7. SecurityFocus Microsoft Newsletter #148 (Thread)

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. Intellitactics Network Security Manager
2. Netsecure Log
3. F-Secure Internet Security 2003
4. Primedius Personal Firewall/Anti-Spy ware
5. AES PRO
6. Aluria's Spyware Eliminator
7. NEW TOOLS FOR MICROSOFT PLATFORMS
8. ngrep v1.41
9. Securepoint Firewall and VPN Server v3.1.3 P3
10. libdvdcss v1.2.8
11. Enigmail v0.81.0
12. aNTG v1.0
13. LibTomMath v0.23

VI. SPONSOR INFORMATION I. FRONT AND CENTER

1. The Lingering Ghost of Slammer By Tim Mullen

The last big Windows worm showed that network security can literally be a matter of life and death.

http://www.securityfocus.com/columnists/178

2. Blogs: Another Tool in the Security Pro's Toolkit (Part Two) By Scott Granneman

Part Two on blogs covers RSS feeds that are highly relevant to the security community.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/columnists/177

3. Demonstrating ROI for Penetration Testing (Part Two) By Marcia Wilson

The second article in this series will introduce Risk Management concepts as they relate to Information Asset valuation.

http://www.securityfocus.com/infocus/1718

II. MICROSOFT VULNERABILITY SUMMARY

1. Counterpane Password Safe Clipboard Data Recovery Vulnerabil... BugTraq ID: 8334 Remote: No Date Published: Aug 04 2003 12:00A Relevant URL: http://www.securityfocus.com/bid/8334 Summary: Counterpane Password Safe is a password storage application for Microsoft Windows operating systems.

Password Safe has security options that clear data from the clipboard and lock the password database when the Password Safe window is minimized by the user.  

It has been reported the Password Safe will not clear passwords or other sensitive information from the clipboard when the program is minimized, even in circumstances where it is configured to do so. This could create a false sense of security as the user expects that credentials have been cleared from the clipboard when the program window is minimized. This could also permit password credentials to be retrieved by malicious users under some circumstances.

It should be noted that a user must first copy a password or other sensitive information to the clipboard for this issue to be exploited.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Invision Board Overlapping IBF Formatting Tag HTML Injection... BugTraq ID: 8335
Remote: Yes
Date Published: Aug 04 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8335 Summary:
Invision Board is web forum software. It is implemented in PHP and is available for Unix and Linux variants and Microsoft Windows operating systems.

Invision Board supports the use of formatting tags that allow users to insert images and links into content as well as control certain aspects of how content is rendered. These tags are referred to as IBF codes.

It may be possible to inject hostile HTML into Invision Board by using overlapping IBF tags. This could cause the hostile code to be interpreted in the context of the site hosting the software. Any input fields which support inclusion of IBF code may be prone to this issue.

It should be noted that it may not be possible to inject arbitrary HTML into Invision Board but it is more likely that this could be exploited to spoof or manipulate links or include other abusive content.

3. ZoneAlarm Local Device Driver IO Control Code Execution Vuln... BugTraq ID: 8342
Remote: No
Date Published: Aug 05 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8342 Summary:
ZoneAlarm is a firewall software package available for the Microsoft Windows operating system. It is distributed and maintained by Zone Labs.

A problem in the handling of input may, under some circumstances, allow an attacker to cause the execution of code at arbitrary locations of memory through the ZoneAlarm application. This may lead to unauthorized access to system resources.

The problem is in the handling of input by the ZoneAlarm Device Driver "VSDATANT". It is possible to overwrite specific locations in memory by supplying a signal and location to which the data will be written. By using a dwIoControl code, it is possible to cause the ZoneAlarm application to jump to this location of memory and execute the code contained at the address. The code executed by ZoneAlarm would be with the privileges of ring0.

This vulnerability was reported to affect ZoneAlarm 3.1, however, other versions may also be affected.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. EveryBuddy Long Message Denial Of Service Vulnerability BugTraq ID: 8343
Remote: Yes
Date Published: Aug 05 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8343 Summary:
EveryBuddy is an instant messaging client that supports numerous instant messaging services, including AIM, ICQ and MSN. It is available for Microsoft Windows operating systems.

EveryBuddy is prone to a denial of service vulnerability when handling instant messages of excessive length. The condition is reportedly reproducible by sending 55 lines with 27 characters per line in an instant message to a user of a vulnerable client. Most legitimate clients will limit the length of outgoing instant messages, however this could be exploited with a malicious instant messaging client designed to send messages of excessive length.

This condition may be due to a buffer overflow, though this has not been confirmed.

5. TightVNC Win32 Server QueryAllowNoPass Access Control Bypass... BugTraq ID: 8347
Remote: Yes
Date Published: Aug 05 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8347 Summary:
TightVNC is a VNC implementation that is freely available for a number of platforms including Linux variants and Microsoft Windows operating systems.

TightVNC for Win32 platforms is reported to be prone to an unspecified vulnerability that could permit access controls to be bypassed. This issue is reportedly due to a failure of the software while acting on the QueryAllowNoPass configuration directive. This issue is known to affect the TightVNC server.

It has been reported that this issue exists in versions prior to 1.2.9.

Precise technical details are not available at this time. This BID will be updated when further details become available.

6. JSCI SSO URI Pattern Matching Access Validation Vulnerabilit... BugTraq ID: 8353
Remote: Yes
Date Published: Aug 06 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8353 Summary:
JCSI is a suite of Java components that offer solutions for data security requirements. JCSI SSO (Single Sign-On) suite provides for authorization and access control for Java applications using Microsoft Active Directory.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

JSCI SSO has been reported prone to an access validation vulnerability under certain circumstances.

The issue presents itself in pattern-matching tags contained in JSCI SSO XML configuration files; these tags are used when controlling access to Java applications. It has been reported that these pattern-matching tags match an entire URI rather than the relative path to the secured Java application. This may mean that if the protected Java application is moved and has a different context root, JSCI SSO will no longer be protecting it.

This may lead a system administrator into a false sense of security and may allow remote attackers to access restricted Java applications that were presumed secured.

7. 121 Software 121 WAM! FTP Server Directory Traversal Vulnera... BugTraq ID: 8356
Remote: Yes
Date Published: Aug 06 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8356 Summary:
121 WAM! Server is a FTP Server for Microsoft Windows Platform allowing users to manage online databases including Microsoft Access, SQL Server and MySQL.

A vulnerability has been reported in 121 WAM! Server that may allow remote users to access restricted data from the server and other user accounts outside the user root directory. The vulnerability is due to an access validation error that allows clients to traverse outside of the root FTP directory using '/../' character sequences.

This may allow the attacker to access system resources on the server. Information that could be useful in further attacks could be disclosed to an attacker through successful exploitation of this issue.

8. Lotus Sametime Multiple Encryption Implementation Flaw Vulne... BugTraq ID: 8359
Remote: Yes
Date Published: Aug 07 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8359 Summary:
Sametime is the Instant Message client distributed and maintained by Lotus.  It is available for the Microsoft Windows operating system.

Several problems have been identified in Lotus Sametime that may make information encrypted through Sametime more prone to retrieval by a malicious party. This may result in an adversary gaining access to sensitive information.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

One issue is the RC2/40 key being sent in the login message. Upon intercepting the login message, an adversary has a significantly greater chance of decrypting the user's password.

Next, the key is also transmitted with Instant Messages. This may also increase the liklihood of decrypting sensitive information.

Also, Encrypted Instant Messages contain six bytes of known characters at the beginning of each IM. It is theorized that by gathering Instant Messages over a period of time and cracking the six bytes of known text, it may be possible to reveal the encryption key used. This has not been confirmed.

Finally, the implementation of RC2/40 in Sametime uses a limited range of characters when generating encryption keys that significantly weakens generated keys. The implementation uses only ASCII representations of decimal numbers that weaken keyspace from 256^10 possibilities to 10^10 possibilities.

9. MiniHTTPServer WebForums Server Null Default Password Vulner... BugTraq ID: 8363
Remote: Yes
Date Published: Aug 07 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8363 Summary:
WebForums Server is a commercially available HTTP server. It is available for the Microsoft Windows platform.

A vulnerability has been reported for WebForums server. Reportedly, the database's administrative user, the 'admin' account, is created by default during installation and is assigned a blank password.

A remote attacker can exploit this vulnerability by connecting to a vulnerable system's as an administrative user, and supplying a null password. The attacker may gain administrative access on a default installation. It has been reported that attributes for this account include the ability to access the local 'C:\' drive.

Although this vulnerability has been reported to affect MiniHTTPServer WebForums Server version 1.5, other versions might also be affected.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

III. MICROSOFT FOCUS LIST SUMMARY

1. Administrivia: Spam threads (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/332111

2. MS broadening its efforts to warn customers (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/332110

3. Exchange 2000 out of office (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/332109

4. TSGrinder 2.03 Released (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/331998

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. HTASploit (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/331996

6. How to silently deploy DirectX9b? (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/331906

7. SecurityFocus Microsoft Newsletter #148 (Thread) Relevant URL:

http://www.securityfocus.com/archive/88/331762

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. Intellitactics Network Security Manager By: Intellitactics Platforms: Solaris, Windows NT Relevant URL: http://www.intellitactics.com/products/nsm_overview.html Summary:

Intellitactics Network Security Manager is the holistic, integrated threat management
platform that gives you a virtual window into your enterprise security environment.
NSM lets you police, prioritize and prevail across the full range of today's security threats.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

You get a clear picture of your security situation in real time--and over time--so you can
deliver the most effective information security possible.

With NSM, you leverage the infrastructure you've already built. NSM correlates massive amounts of data for you--gathered from your full range of security devices and other information sources throughout the enterprise.

Then, on a single pane of glass, NSM provides a graphical visualization of threats, anomalies and trends. Your Security Operations Center can now respond more effectively to real security threats than with any other security product--in moments instead of days, with fewer resources.

2. Netsecure Log
By: CalyxNetSecure
Platforms: Solaris, Windows 2000, Windows NT Relevant URL:
http://www.calyxnetsecure.com/produit.asp?nom_produit=NetsecureLog Summary:

Netsecure Log is a security administration solution. It makes the administrator's job easier by centralizing security events in a database and then to analyze them with a powerful requesting tool.

3. F-Secure Internet Security 2003
By: F-Secure Corporation
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL: http://www.f-secure.com/estore/fsis2003.shtml Summary:

F-Secure Internet Security 2003 includes an award winning antivirus software, as well as an easy-to-use personal firewall product that protects your system against break-in attempts when you are connected to the Internet.

4. Primedius Personal Firewall/Anti-Spy ware By: Primedius
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.primedius.com/PersonalFirewall.htm Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Primedius Personal Firewall/Anti-Spy ware Prevents intrusions, stops unwanted entries to and communications from your computer. Other features are:

• Detects, reviews and screens any entry through Winsock layer. 5. AES PRO By: Workable Resources Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL: http://www.aes.safeworld.info/pro.htm Summary:

AES Pro is the utility program that creates active public keys. Active key is an executable program that contains a public key and the software necessary to encrypt messages and decrypt the answer-back messages. Users can create active public keys that anyone can use to encrypt messages. No other software is required. These active public keys are ideal to create communication with the users who do not have the PGP or CHAOS Public Key programs installed.

6. Aluria's Spyware Eliminator
By: Aluria Software
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL: http://www.aluriasoftware.com/spywareeliminator/index.html Summary:

Aluria's Spyware Eliminator protects you from the Spyware epidemic. While anti-virus software guards you from viruses, it does not prevent Spyware from attacking your computer. Aluria's Spyware Eliminator not only detects and removes Spyware, Adware and Keyloggers from your computer, but now actively blocks Spyware and Adware when your computer is under assault.

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. ngrep v1.41 By: Jordan Ritter <jpr5@darkridge.com> Relevant URL: http://ngrep.sourceforge.net/ Platforms: AIX, Digital UNIX/Alpha, FreeBSD, IRIX, Linux, OpenBSD, Solaris, Windows 2000, Windows 95/98, Windows NT Summary:

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP and UDP across ethernet, ppp and slip interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools like tcpdump and snoop.

2. Securepoint Firewall and VPN Server v3.1.3 P3 By: Lutz Hausmann
Relevant URL: http://www.securepoint.cc/ Platforms: Linux, Windows 2000, Windows 95/98, Windows NT Summary:

Securepoint Firewall and VPN Server is a high-performance application designed to offer full protection for network assets. The Security Manager offers a graphical user interface with many features, different configurations, and advanced reporting functions. The Securepoint server is a complete firewall and VPN software system with an operating system based on a secure Linux. VPN operation supports PPTP and IPSec (X.509 certificates, preshared, RSA signature). You can use the firewall on a standard PC with 2 to 16 network cards (including Ethernet, ADSL, ISDN). It is very easy to install and administer. The Securepoint Security Manager is available in English, German, and Spanish, and works in online and offline mode.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. libdvdcss v1.2.8
By: Samuel Hocevar <sam@zoy.org>
Relevant URL: http://www.videolan.org/libdvdcss/ Platforms: BeOS, FreeBSD, Linux, OpenBSD, Windows 2000, Windows 95/98, Windows NT
Summary:

libdvdcss is a cross-platform library for transparent DVD device access with on the fly CSS decryption. It currently runs under Linux, FreeBSD, NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win98, Win2k and MacOS X. It is used for the vlc DVD player because of its portability and because, unlike similar libraries, it does not require your DVD drive to be region-locked.

4. Enigmail v0.81.0
By: Patrick
Relevant URL: http://enigmail.mozdev.org/thunderbird.html Platforms: Linux, MacOS, POSIX, UNIX, Windows 2000, Windows 3.x, Windows 95/98, Windows CE, Windows NT, Windows XP Summary:

Enigmail is a "plugin" for the mail client of Mozilla and Netscape 7.x which allows users to access the authentication and encryption features provided by the popular GnuPG software. Enigmail can encrypt/sign mail when sending, and can decrypt/authenticate received mail. It can also import/export public keys. Enigmail supports both the inline PGP format and the PGP/MIME format, which can be used to encrypt attachments. Enigmail is cross-platform, although binaries are supplied only for a limited number of platforms. Enigmail uses inter-process communication to execute GPG to carry out encryption/authentication.

5. aNTG v1.0
By: Lucas
Relevant URL: http://www.thebobo.com/antg.php Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

aNTG (another Network Traffic Grapher) is a PHP program that collects and graphs network traffic statistics on a Linux machine.

6. LibTomMath v0.23
By: Tom St Denis <tomstdenis@iahu.ca>
Relevant URL: http://math.libtomcrypt.org/ Platforms: Linux, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

LibTomMath provides highly optimized and portable routines for a vast majority of integer-based number theoretic applications (including public key cryptography).

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

VI. SPONSOR INFORMATION