SecurityFocus Microsoft Newsletter #397

SecurityFocus Microsoft Newsletter #397

----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools.  Network with 4,000 delegates from 50 nations.  Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Anti-Social Networking
       2. Thinking Beyond the Ivory Towers
II.  MICROSOFT VULNERABILITY SUMMARY
       1. freeSSHd SFTP 'opendir' Buffer Overflow Vulnerability
       2. Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability
       3. VMware VMCI Arbitrary Code Execution Vulnerability
       4. Xerox DocuShare Multiple Cross-Site Scripting Vulnerabilities
       5. Symantec Backup Exec System Recovery Manager Directory Traversal Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. ISA as a proxy
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Anti-Social Networking
By Mark Rasch
On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions.
http://www.securityfocus.com/columnists/473

2. Thinking Beyond the Ivory Towers
By Dave Aitel
In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.
http://www.securityfocus.com/columnists/472


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. freeSSHd SFTP 'opendir' Buffer Overflow Vulnerability
BugTraq ID: 29453
Remote: Yes
Date Published: 2008-05-31
Relevant URL: http://www.securityfocus.com/bid/29453
Summary:
freeSSHd is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

 This issue affects freeSSHd 1.2.1; other versions may also be affected.

2. Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability
BugTraq ID: 29445
Remote: Yes
Date Published: 2008-05-30
Relevant URL: http://www.securityfocus.com/bid/29445
Summary:
A vulnerability in Apple Safari on the Microsoft Windows operating system stems from a combination of security issues in Safari and all versions of Microsoft XP and Vista that will allow executables to be downloaded to a user's computer and run without prompting.

Third-party sources have indicated that the vulnerability in Safari is the "carpet-bombing" issue reported by Nitesh Dhanjani. If the issue is exploited, attacked-specified content is downloaded to the user's desktop without prompting. However, the Safari issue alone does not let an attacker execute the content. Presumably, an additional issue in Microsoft Windows can be exploited in tandem with this issue to run the content that is downloaded to the user's desktop.

3. VMware VMCI Arbitrary Code Execution Vulnerability
BugTraq ID: 29443
Remote: No
Date Published: 2008-05-30
Relevant URL: http://www.securityfocus.com/bid/29443
Summary:
Multiple VMware hosted products with VMCI enabled are prone to a vulnerability that lets attackers execute arbitrary code. This issue affects Microsoft Windows-based hosts only.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue can completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition.

This issue affects the following VMware products:

VMware Workstation prior to 6.0.4 build 93057
VMware Player prior to 2.0.4 build 93057
VMware ACE prior to 2.0.2 build 93057

4. Xerox DocuShare Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29430
Remote: Yes
Date Published: 2008-05-29
Relevant URL: http://www.securityfocus.com/bid/29430
Summary:
Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Xerox DocuShare 6 and prior versions are vulnerable.

5. Symantec Backup Exec System Recovery Manager Directory Traversal Vulnerability
BugTraq ID: 29350
Remote: Yes
Date Published: 2008-05-28
Relevant URL: http://www.securityfocus.com/bid/29350
Summary:
Symantec Backup Exec System Recovery Manager is prone to a directory-traversal vulnerability.

An attacker can exploit this issue to access privileged system files and gain unauthorized access to the affected computer.

This issue affects these versions:

Symantec Backup Exec System Recovery Manager 7 prior to 7.0.4
Symantec Back Exec System Recovery Manager 8 prior to 8.0.2.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. ISA as a proxy
http://www.securityfocus.com/archive/88/492690

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools.  Network with 4,000 delegates from 50 nations.  Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com