From our friends at the SANS Institute.


TABLE OF CONTENTS:

{02.33.004} Win - Midicart CGI database exposure
{02.33.019} Win - MS02-042: Network Connection Manager callback code
execution
{02.33.020} Win - MS02-043: SQL Server cumulative patch
{02.33.029} Win - WebEasyMail SMTP and POP vulnerabilities
{02.33.038} Win - IE Help and Support Center protocol file deletion
{02.33.039} Win - NTFS hard links obfuscate file auditing logs
{02.33.041} Win - IIS 5.0 ignores SSL cert basic constraints
{02.33.042} Win - MS SQL Agent file modification
{02.33.045} Win - Kerio Mail Server multiple DoS and CSS
vulnerabilities
{02.33.047} Win - Trillian IRC module multiple vulnerabilities
{02.33.050} Win - MyWebServer multiple vulnerabilities
{02.33.051} Win - IE File Transfer Manager control vulnerabilties


- --- Windows News
-------------------------------------------------------

*** {02.33.004} Win - Midicart CGI database exposure

The Midicart shopping cart CGI suite reportedly uses a database located
in the remotely accessible Web root that allows a remote attacker to
download the database of orders.

This vulnerability is not confirmed.

Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-08/0074.html

*** {02.33.019} Win - MS02-042: Network Connection Manager callback
code execution

Microsoft released MS02-042 ("Network Connection Manager callback code
execution"). The Network Connection Manager shipped with Windows 2000
allows the user to specify the execution of a callback function when
a network connection is established. Unfortunately, this function is
executed with local system privileges, thus allowing a local attacker
to gain administrative/system access.

FAQ and patch:
http://www.microsoft.com/technet/sec...n/MS02-042.asp

Source: Microsoft
http://archives.neohapsis.com/archiv...2-q3/0086.html

*** {02.33.020} Win - MS02-043: SQL Server cumulative patch

Microsoft released MS02-043 ("SQL Server cumulative patch"). This
cumulative patch fixes all known problems to date in MS SQL Server
7.0 and 2000 as well as in MSDE 1.0 and 2000. It also fixes a new bug,
whereby an attacker capable of running stored procedures can execute
arbitrary SQL with administrative privileges.

FAQ and patch:
http://www.microsoft.com/technet/sec...n/MS02-043.asp

Source: Microsoft (NTBugtraq)
http://archives.neohapsis.com/archiv...2-q3/0087.html

*** {02.33.029} Win - WebEasyMail SMTP and POP vulnerabilities

The WebEasyMail suite version 3.4.2.2 contains a format string
vulnerability in the handling of SMTP commands. It also contains an
information disclosure bug in the POP service that allows a remote
attacker to brute force valid user names.

These vulnerabilities are not confirmed.

Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-08/0197.html

*** {02.33.038} Win - IE Help and Support Center protocol file deletion

Windows XP running Internet Explorer 6.x comes with a 'Help and
Support Center' software feature that is a suite of help-related
files and functions used both internally by Windows XP and external
by Web sites. However, a bug allows a malicious Web site (or e-mail)
to delete arbitrary files on the user's system by tricking the user's
browser into making a particular request.

The advisory indicates vendor confirmation.

Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-08/0129.html

*** {02.33.039} Win - NTFS hard links obfuscate file auditing logs

A released advisory indicates it's possible for a local attacker to
use NTFS hard links to obfuscate file audint logs. Basically, the
logs will contain entries for an arbitrary file name rather than the
actual file name, so it may not be apparent which file is the target
of the various audited events.

The advisory indicates confirmation by the vendor, which released a
fix in Windows 2000 SP3.

Source: VulnWatch
http://archives.neohapsis.com/archiv...2-q3/0080.html

*** {02.33.041} Win - IIS 5.0 ignores SSL cert basic constraints

IIS 5.0 prior to Windows 2000 SP3 ignores the basic constraints
on client certificates, potentially allowing a remote attacker to
present what appear to be valid, trusted SSL certificates to IIS
for authentication.

The advisory indicates confirmation by the vendor, which included a
fix in Windows 2000 SP3.

Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-08/0167.html

*** {02.33.042} Win - MS SQL Agent file modification

MS SQL Server versions 7 and 2000 reportedly contain a bug in the way
users can submit jobs to the SQL agent. Basically, they can specify
a file for the output that will overwrite any existing file already
on the file system.

This vulnerability is not confirmed.

Source: VulnWatch
http://archives.neohapsis.com/archiv...2-q3/0084.html

*** {02.33.045} Win - Kerio Mail Server multiple DoS and CSS
vulnerabilities

Kerio Mail Server version 5.0 reportedly contains multiple cross-site
scripting and denial of service vulnerabilities. Sending SYNs to all
listening Kerio Mail services triggers the DoS. Multiple Webmail URLs
are vulnerable to the CSS vulnerabilities.

These vulnerabilities are not confirmed.

Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-08/0183.html

*** {02.33.047} Win - Trillian IRC module multiple vulnerabilities

An advisory indicates that Trillian version 0.73 has a buffer
overflow in the handling of the PING response by the IRC module as
well as format string handling errors in IRC invite responses. These
bugs may allow a malicious server to execute arbitrary code on the
user's system.

These vulnerabilities have not been confirmed.

Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-07/0479.html
http://archives.neohapsis.com/archiv...2-07/0489.html

*** {02.33.050} Win - MyWebServer multiple vulnerabilities

MyWebServer version 1.0.2 reportedly contains three vulnerabilities:
a buffer overflow in the search functionality, which may allow remote
execution of arbitrary code; a cross-site scripting bug in the handling
of nonexistent URL requests; and disclosure of the physical path.

These vulnerabilities are not confirmed.

Source: VulnWatch
http://archives.neohapsis.com/archiv...2-q3/0077.html

*** {02.33.051} Win - IE File Transfer Manager control vulnerabilties

The Microsoft File Transfer Manager ActiveX control is a
Microsoft-signed control used for handling file downloads from premium
Microsoft sites. The control contains a buffer overflow that could
lead to the execution of arbitrary code. It also allows a remote Web
site to schedule file uploads and downloads without user intervention.

The advisory indicates vendor confirmation.

Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-08/0189.html

************************************************************************