Authentication Error in SMTP Service Could Allow Mail Relaying

Security 10941 Published by Philipp Esselbach 0

An SMTP service installs by default as part of Windows 2000 server products, and can be selected for installation on Windows 2000 Professional. A vulnerability results because of a flaw in the authentication process used by the service. The vulnerability could allow an unauthorized user to successfully authenticate to the service using incorrect credentials. An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server.

A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-037.asp for information on obtaining this patch.

Function Exposed via LDAP over SSL Could Enable Passwords to be Changed

Security 10941 Published by Philipp Esselbach 0

This vulnerability involves an LDAP function that is only available if the LDAP server has been configured to support LDAP over SSL sessions, and whose purpose is to allow users to change the data attributes of directory principals. By design, the function should check the authorizations of the user before completing the request; however, it contains an error that manifests itself only when the directory principal is a domain user and the data attribute is the domain password -- when this is the case, the function fails to check the permissions of the requester, with the result that it could be possible for a user to change any other user´s domain login password.

An attacker could change another user´s password for either of two purposes: to cause a denial of service by preventing the other user >from logging on, or in order to log into the user´s account and gain any privileges the user had. Clearly, the most serious case would be one in which the attacker changed a domain administrator´s password and logged into the administrator´s account.

A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-036.asp for information on obtaining this patch.

Patch Available for "NetMeeting Desktop Sharing" Vulnerability 2.0

Security 10941 Published by Philipp Esselbach 0

A new variant of the originally reported vulnerability has been
found. The patch has been updated to address both the original and new variants.

Issue
A remote denial of service vulnerability has been discovered in a component of Microsoft(r) NetMeeting. The denial of service can occur when a malicious client sends a particular malformed string to a port which the NetMeeting service is listening on and with Remote Desktop Sharing enabled.

Although the NetMeeting application is provided as part of Windows(r) 2000 products, the application and affected component is not enabled by default, and customers who have not enabled it would not be at risk >from this vulnerability.

A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms00-077.asp for information on obtaining this patch.

Malformed Word Document Could Enable Macro to Run Automatically

Security 10941 Published by Philipp Esselbach 0

Word, like other members of the Office product family, provides a security mechanism that requires the user´s approval to run macros.
By design, any time a document is opened Word scans it for macros. If any are found, they are handled in accordance with user´s selected security settings. By default in Word 2000 and 2002, only macros that are signed by a trusted party are enabled; all others are disabled. In Word 97, if the document contains macros, the user is prompted regarding whether to enable them or disable them.

A vulnerability results because it is possible to modify a Word document in such a way as to prevent the security scanner from recognizing an embedded macro while still allowing it to execute. Exploiting the vulnerability would enable an attacker to cause a macro to run automatically when such a document was opened. Such a macro would be able to take any action that the user herself could take. This could include disabling the user´s Word security settings so that subsequently-opened Word documents would no longer be checked for macros.

A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-034.asp for information on obtaining this patch.

FrontPage Server Extension Sub-Component Contains Unchecked Buffer

Security 10941 Published by Philipp Esselbach 0

FrontPage Server Extensions ship as part of IIS 4.0 and 5.0, and facilitate the development of Web sites and Web-based applications. FrontPage Server Extensions includes an additional, optional sub-component called Visual Studio RAD (Remote Application Deployment) Support. This sub-component allows Visual InterDev 6.0 users to register and unregister COM objects on an IIS 4.0 or 5.0 Server. This sub-component contains an unchecked buffer in a section that processes input information. An attacker could exploit this vulnerability against any server with this sub-component installed by establishing a web session on with the server and passing a specially malformed packet to the server component. The attacker could use that packet to thereby load code of his choice for execution on the server. An attack that exploits this vulnerability would execute in the IUSR_machinename context (see Q142868). However, it is possible under certain circumstances to execute code in the SYSTEM context.

It is important to note that this feature is not installed by default with FPSE. It is also not installed by default on either of IIS 4.0 or 5.0. Also, when the feature is selected during installation, a
warning message is raised alerting the administrator that this feature should not be installed on production machines, especially if the production machine has Internet access. This is because this feature is only intended for facilitating internal development. The administrator must acknowledge the warning to successfully install the feature.

A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-035.asp for information on obtaining this patch.

The Cleaner Database v3242

Security 10941 Published by Philipp Esselbach 0

MooSoft has posted a new trojan definitions database update for "The Cleaner"

Database v3242, dated June 20, 2001, 3445 trojan definitions.
-------------------------
Added AIMBus
Added CS
Added Muska52
Added Small Fun
Added Theef

Updated BioNet
Updated Buschtrommel
Updated Cyn
Updated Latinus
Updated Little Witch
Updated Magistr
Updated Remote Hack

Download

Norton Antivirus Virus Definitions Update (50314 Viruses)

Security 10941 Published by Philipp Esselbach 0

Symantec has released a new virus definitions update for Norton Antivirus.

This update will work on the following products:

NAV for Lotus Notes (Intel)
NAV for MS Exchange (Intel)
NAV 4.0, 5.0 and 2000 for Win9x
NAV 4.0, 5.0 and 2000 for WinNT
NAV 2000 for Win2000
NAV for Firewalls
pcAnywhere32 7.5 and higher for WinNT
Norton Utilities for Windows 95/98 (all versions)
Norton SystemWorks (all versions)

Download

Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Comprom

Security 10941 Published by Philipp Esselbach 0

As part of its installation process, IIS installs several ISAPI extensions -- .dlls that provide extended functionality. Among these is idq.dll, which is a component of Index Server (known in Windows 2000 as Indexing Service) and provides support for administrative scripts (.ida files) and Internet Data Queries (.idq files).

A security vulnerability results because idq.dll contains an
unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it.

The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability.

Read more

Incorrect Attachment Handling in Exchange OWA Can Execute Script 2.0

Security 10941 Published by Philipp Esselbach 0

Microsoft has updated the "Incorrect Attachment Handling in Exchange OWA Can Execute Script" Security Bulletin to 2.0

Reason for Revision:
====================
- Exchange 5.5 has been determined to be affected by the vulnerability. We have developed an Exchange 5.5 patch.
- The originally released Exchange 2000 patch has been determined to contain a regression error that can cause performance problems on the servers it is installed on. We have eliminated the regression error and updated the patch; we recommend that customers who installed the original patch install the updated one.

Download

Previous Page

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...