Microsoft released patches for a bulk of MS SQL Server vulnerabilities
this week (items {02.28.006} and {02.28.007} in the Windows
category). The CDE-equipped Unix camps need to worry about the latest
rpc.ttdbserver vulnerability (item {02.28.011} in the Cross-Platform
category). Historically, other CDE ttdb bugs have been exploited to
a large degree, so affected shops should consider upgrading sooner
rather than later.
Until next week,
--Security Alert Consensus Team
************************************************************************
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TABLE OF CONTENTS:
{02.28.003} Win - Carello CGI arbitrary app execution
{02.28.005} Win - PGP Outlook plugin decryption overflow
{02.28.006} Win - MS02-034: Cumulative Patch for SQL Server
{02.28.007} Win - MS02-035: SQL Server setup.iss log file exposes
passwords
{02.28.015} Win - RealONE/RealJukebox RJS skin.ini overflow
{02.28.023} Win - Adobe Library eBook DoS vulnerabilities
{02.28.026} Win - Lil'HTTP pbcgi CGI e-mail parameter CSS vulnerability
{02.28.027} Win - Popcorn e-mail client multiple vulnerabilities
{02.28.029} Win - BadBlue Web server multiple vulnerabilities
{02.28.032} Win - Norton Personal Internet Firewall HTTP proxy overflow
{02.28.034} Win - Oddsock Playlist Generator CGI multiple DoS
- --- Windows News
-------------------------------------------------------
*** {02.28.003} Win - Carello CGI arbitrary app execution
The Carello shopping cart CGI suite version 1.3 allows a remote
attacker to execute arbitrary programs on the system by submitting
a particular VBEXE URL parameter.
The advisory indicates confirmation by the vendor, which fixed the
problem in the next available version.
Source: VulnWatch
http://archives.neohapsis.com/archiv...2-q3/0015.html
*** {02.28.005} Win - PGP Outlook plugin decryption overflow
The PGP Outlook plugin included with PGP Desktop, Personal and Freeware
versions 7.0.4 and prior contains a buffer overflow in the decryption
of malformed e-mail messages. This allows a remote attacker to execute
arbitrary code on users' systems as soon as they view the malformed
e-mail. It is said that PGP Corporate Desktop users are not vulnerable.
The vendor confirmed this vulnerability and
released a patch, which is available at:
http://www.nai.com/naicommon/downloa...-pgphotfix.asp
Source: VulnWatch
http://archives.neohapsis.com/archiv...2-q3/0016.html
*** {02.28.006} Win - MS02-034: Cumulative Patch for SQL Server
Microsoft released MS02-034 ("Cumulative Patch for SQL Server"). MS
SQL Server and MSDE installations have three new vulnerabilities:
a buffer overflow in the bulk insert procedure; a buffer overflow in
the password encryption procedure; and insecure permissions on the
SQL service account registry key. The buffer overflows allow attackers
capable of running arbitrary SQL statements to elevate their SQL user
privileges and potentially execute arbitrary code.
FAQ and patch:
http://www.microsoft.com/technet/sec...n/MS02-034.asp
Source: Microsoft (NTBugtraq)
http://archives.neohapsis.com/archiv...2-q3/0012.html
*** {02.28.007} Win - MS02-035: SQL Server setup.iss log file exposes
passwords
Microsoft released MS02-035 ("SQL Server setup.iss log file
exposes passwords"). It's possible to create a precomputed
set-up file (setup.iss) in MS SQL Server to use for unattended
installations. However, installations that use the setup.iss
file produce installation log files afterwards, which include any
SQL-server-related passwords in plain text.
FAQ and patch:
http://www.microsoft.com/technet/sec...n/MS02-035.asp
Source: Microsoft (NTBugtraq)
http://archives.neohapsis.com/archiv...2-q3/0009.html
*** {02.28.015} Win - RealONE/RealJukebox RJS skin.ini overflow
The RealONE and RealJukebox clients contain a buffer overflow in the
parsing of custom skin files, potentially allowing a malformed skin
file to execute arbitrary code on the user's system. In addition, it
may be possible for a malicious Web site to force the download of a
skin file. Skin files also can potentially contain active scripting,
which is executed in the Local System zone.
The vendor confirmed this problem; updates are listed at:
http://service.real.com/help/faq/sec...n07092002.html
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-07/0127.html
http://archives.neohapsis.com/archiv...2-07/0130.html
*** {02.28.023} Win - Adobe Library eBook DoS vulnerabilities
The Adobe Library eBook virtual library suite contains multiple denial
of service attacks that could allow a malicious attacker to check out
all available books for large periods of time, regardless of settings.
These vulnerabilities are not confirmed.
Source: VulnWatch
http://archives.neohapsis.com/archiv...2-q3/0020.html
*** {02.28.026} Win - Lil'HTTP pbcgi CGI e-mail parameter CSS
vulnerability
The pbcgi CGI included with Lil'HTTP contains a cross-site scripting
vulnerability in the handling of the e-mail URL parameter.
This vulnerability is not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-07/0112.html
*** {02.28.027} Win - Popcorn e-mail client multiple vulnerabilities
The popcorn e-mail client versions 1.20 and prior contain multiple
vulnerabilities: a buffer overflow in the Subject e-mail header and
two denial of service attacks that lead to resource consumption or
application crashing.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-07/0117.html
*** {02.28.029} Win - BadBlue Web server multiple vulnerabilities
The BadBlue Web server reportedly contains three vulnerabilities:
a denial of service attack when submitting a malformed HTTP request;
disclosure of source code and other file contents regardless of
settings; and weak storage of the administrative password.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-07/0143.html
*** {02.28.032} Win - Norton Personal Internet Firewall HTTP proxy
overflow
Norton Personal Internet Firewall version 3.0.4.91 (version 2001)
contains a buffer overflow in the handling of large HTTP proxy
requests. As a result, an internal/local attacker can execute arbitrary
code on the system.
The vendor confirmed this vulnerability and released a patch.
Source: VulnWatch
http://archives.neohapsis.com/archiv...2-q3/0026.html
http://archives.neohapsis.com/archiv...2-q3/0027.html
*** {02.28.034} Win - Oddsock Playlist Generator CGI multiple DoS
The Oddsock Playlist Generator CGI contains multiple overflows that
lead to denial of service situations. A remote attacker can trigger
these vulnerabilities.
These vulnerabilities are not confirmed.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-07/0175.html
************************************************************************
Reply With Quote