[ISN] Security UPDATE, June 5, 2002

From: InfoSec News (isnat_private)
Date: Thu Jun 06 2002 - 02:27:58 PDT

  • Next message: InfoSec News: "[ISN] FC: Terrorists could use open source software to wreak havoc!"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows .NET Server, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Fast, Easy-to-Use--UltraBac Disaster Recovery
       http://list.winnetmag.com/cgi-bin3/flo?y=eME50CJgSH0CBw02M40Aa
    
    Connected Home Virtual Tour
       http://list.winnetmag.com/cgi-bin3/flo?y=eME50CJgSH0CBw0LTe0Aw
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: FAST, EASY-TO-USE--ULTRABAC DISASTER RECOVERY ~~~~
       UltraBac's Image-Based Disaster Recovery software is now GUI based
    and backs up all hidden and active partition types including
    'extended' and LIVE OPERATING SYSTEM partitions. A new wizard is
    available for users to easily create a network boot floppy that will
    allow recovery of a failed machine by quickly booting from a single
    floppy (or other media). The machine's OS partition is recovered from
    either tape or a network UNC path in record time. To learn more about
    our Windows 2000 Advanced Server Certified products or to download a
    free live trial visit
       http://list.winnetmag.com/cgi-bin3/flo?y=eME50CJgSH0CBw02M40Aa
    
    ~~~~~~~~~~~~~~~~~~~~
    
    June 5, 2002--In this issue:
    
    1. IN FOCUS
         - Security Conferences
    
    2. SECURITY RISKS
         - Buffer-Overrun Vulnerability in Macromedia's JRun Server 3.1
           and Jrun 3.0
         - Denial of Service in Microsoft Exchange 2000 Server
         - Unauthorized File Disclosure in Deerfield.com's WebSite Pro
           3.1.11.0
         - Authentication Flaw in Windows Debugger
    
    3. ANNOUNCEMENTS
         - Raising Windows 2000 Availability--Free Webinar
         - Register for Our Latest Web Seminar and Get a Free Subscription
           to SQL Server Magazine!
         - Submit Top Product Ideas
    
    4. SECURITY ROUNDUP
         - News: Will Electronic Eavesdropping Become a M-o-o-t Point?
         - News: Microsoft's Buffer-Overrun Problem: Fact or Fallacy?
         - News: Microsoft Patches Critical Exchange Hole
         - Feature: New IE Update Blocks IFRAME in Outlook HTML Messages
    
    5. SECURITY TOOLKIT
         - Virus Center
         - FAQ: How Can I Recover a Deleted Dynamic NTFS or FAT32 Volume
           in Windows XP or Windows 2000?
    
    6. NEW AND IMPROVED
         - Enhanced Virus Scanner
         - PnP Policy Enforcer
    
    7. HOT THREAD
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Restoring Encrypted Files After Format and
     Reinstall
    
    8. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * SECURITY CONFERENCES
    
    Last week, I mentioned an article in CIO Magazine that discusses
    several ways to hire and keep security personnel. The article suggests
    that companies can retain staff by offering incentives such as letting
    employees attend yearly training conferences. A lot of security
    conferences and seminars are available, and the number of new events
    continues to grow. The cost of such events isn't cheap, and
    determining which events to attend isn't always easy. This week, I
    describe three of the more popular choices: the NetSec conference, the
    Black Hat Briefings, and SANSFIRE training seminars.
    
    NetSec 2002
       Computer Security Institute (CSI) hosts NetSec 2002, which takes
    place in San Francisco June 17 through 19. The conference will offer
    more than 85 sessions on a wide variety of subject matter, including
    Internet and intranets, secure e-commerce, VPNs, computer crime,
    Denial of Service (DoS) attacks, forensic investigation, response
    teams, cryptography and public key infrastructure (PKI), intrusion
    detection, Windows NT, privacy, policies, awareness, remote access,
    and more. In addition to the learning tracks, an exhibition will
    feature products from more than 70 network security vendors. Just
    about anyone involved in network security should consider attending
    NetSec 2002, and CSI is expecting more than 1500 attendees this year.
       http://www.gocsi.com
    
    Black Hat Briefings
       The next Black Hat USA 2002 Briefings and Training is scheduled for
    July 29 through August 1 in Las Vegas. Windows & .NET Magazine and the
    Security Administrator newsletter are sponsoring this popular event
    that includes a series of informational briefings and a training
    series. The briefings include more than 30 talks by notable industry
    insiders covering a wide range of topics such as using biometrics,
    auditing source code, tracing anonymous users, securing databases,
    using second-generation honeypots, securing email, attacking wireless
    networks, cracking Voice over IP (VoIP) Cisco Systems router
    forensics, and more. The training series includes 12 sessions that
    cover security-related tools and toolkits, Active Directory (AD)
    security, advanced Internet Control Message Protocol (ICMP) scanning
    techniques, and a variety of hacking techniques (e.g., hacking into
    Cisco networks).
       http://www.blackhat.com/html/bh-usa-02/bh-usa-02-index.html
    
    SANSFIRE 2002
       The System Administration, Networking, and Security (SANS)
    Institute hosts numerous training events each year. The Institute's
    SANSFIRE 2002 event is scheduled for June 25 through July 2 in Boston.
    The event is for new and experienced security practitioners and
    includes several learning tracks, including security essentials,
    firewalls, perimeter protection and VPNs, intrusion detection
    in-depth, hacker techniques, exploits and incident handling, securing
    Windows, securing UNIX, auditing, forensic investigation and response,
    information security officer training, and more.
       http://www.sans.org/SANSFIRE02
    
    If you're looking for a seminar to attend outside the United States,
    CSI, Black Hat, and SANS all host conferences in various countries.
    For information about these international events, visit each
    organization's respective Web site. Of course, you can perform a
    simple Web search to locate a variety of conferences and seminars
    presented by other organizations. For example, I used the URLs below
    to search Google, and the search results revealed dozens and dozens of
    interesting events. Although most security-related conferences are
    hosted by non-vendor-affiliated organizations, many security product
    and service vendors offer seminars to create a better understanding of
    how particular products fit into a given security strategy.
       http://www.google.com/search?hl=en&lr=&q=security+%2bseminar
       http://www.google.com/search?hl=en&lr=&q=security+%2bconference
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: CONNECTED HOME VIRTUAL TOUR ~~~~
       WIN A FREE $200 GIFT CERTIFICATE TO ROADWIRED.COM!
       Visit the Connected Home Virtual Tour and browse through the latest
    home entertainment, home networking, and home automation options. Sign
    up for prize drawings, too, and you might win a free gift certificate
    to RoadWired.com. Take the tour today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eME50CJgSH0CBw0LTe0Aw
    
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * BUFFER-OVERRUN VULNERABILITY IN MACROMEDIA'S JRUN SERVER 3.1 AND
    JRUN 3.0
       David Litchfield of Next Generation Security Software discovered a
    buffer-overrun condition in Macromedia's JRun Server 3.1 and Jrun 3.0.
    The Internet Server API (ISAPI) .dll filter that JRun uses to handle
    requests for .jsp resources doesn't properly handle overly long host
    header fields. As a result, an attacker can gain control over the
    process's execution. A more detailed advisory is located on
    Litchfield's Web site. Macromedia has released a bulletin regarding
    this vulnerability and recommends that affected users apply the
    appropriate patch listed in the bulletin.
       http://www.secadministrator.com/articles/index.cfm?articleid=25406
    
    * DENIAL OF SERVICE IN MICROSOFT EXCHANGE 2000 SERVER
       Several people from the Computing Center, Johannes Gutenberg
    University, Mainz, Germany, discovered a Denial of Service (DoS)
    condition in Exchange 2000. This vulnerability stems from a flaw in
    the way Exchange 2000 handles certain malformed message attributes
    specified in Request for Comments (RFC) 821 and RFC 822 on received
    mail. An attacker can use these malformed messages to cause the Store
    service to consume 100 percent of CPU resources until the Exchange
    server processes the mail message. Rebooting the server or restarting
    the service won't help because the Exchange server still must process
    the malformed message. Microsoft Security Bulletin MS02-025 (Malformed
    Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources)
    addresses this vulnerability and recommends that affected users apply
    the appropriate patch listed at the URL below.
      
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-025.asp
    
    * UNAUTHORIZED FILE DISCLOSURE IN DEERFIELD.COM'S WEBSITE PRO 3.1.11.0
       Ory Segal discovered a vulnerability in Deerfield.com's WebSite Pro
    3.1.11.0 that can disclose source-script code to an unauthorized user.
    This condition appears when the software attempts to serve files with
    at least a four-character extension (e.g., .shtml), which it requests
    by using 8.3-format filenames. Deerfield has released version
    3.1.13.0, which addresses this vulnerability.
       http://www.secadministrator.com/articles/index.cfm?articleid=25385
    
    * AUTHENTICATION FLAW IN WINDOWS DEBUGGER
       A vulnerability exists in the authentication mechanism of the
    Windows 2000 and Windows NT 4.0 debugging facility that can let an
    unauthorized program gain access to the debugger. An attacker can use
    this vulnerability to cause a running program to execute a program of
    the attacker's choice under the system security context. Microsoft
    Security Bulletin MS02-024 (Authentication Flaw in Windows Debugger
    can Lead to Elevated Privileges) addresses these vulnerabilities and
    recommends that affected users apply the appropriate patch listed in
    the bulletin at the second URL below.
    
    http://www.secadministrator.com/articles/index.cfm?articleid=25367
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-024.asp
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * RAISING WINDOWS 2000 AVAILABILITY--FREE WEBINAR
       How can you reduce (or eliminate) data loss and downtime in the
    event of a site-wide disaster? Attend the latest free webinar from
    Windows & .NET Magazine and get the answers, including what kind of
    fault-tolerant disk setup to use, what clustering is (and isn't) good
    at, and best practices for boosting SQL Server and Exchange 2000
    Server availability. Register (for FREE) today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eME50CJgSH0CBw012G0AR
    
    * REGISTER FOR OUR LATEST WEB SEMINAR AND GET A FREE SUBSCRIPTION TO
    SQL SERVER MAGAZINE!
       SQL Server Magazine, the premier source of technical, how-to
    information for database professionals, has an unbeatable lineup of
    educational tools. Register today for our upcoming Web seminar
    "Identifying SQL Server Performance Problems," presented by Brian
    Moran (just $29.95!), and get a 1-year subscription to SQL Server
    Magazine--absolutely free!
       http://list.winnetmag.com/cgi-bin3/flo?y=eME50CJgSH0CBw02Js0Aa
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column in Windows & .NET Magazine.
    Send your product suggestions to whatshotat_private
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: WILL ELECTRONIC EAVESDROPPING BECOME A M-O-O-T POINT?
       A group of self-proclaimed civil libertarians have launched an
    effort to create an OS and a set of applications that prevent computer
    eavesdropping and data collection. The new open-source OS, dubbed
    "M-o-o-t," will ship in the form of a single CD-ROM that you can boot
    on popular PC hardware platforms.
       http://www.secadministrator.com/articles/index.cfm?articleid=25370
    
    * NEWS: MICROSOFT'S BUFFER-OVERRUN PROBLEM: FACT OR FALLACY?
       You're accustomed to hearing about Microsoft security flaws.
    However, a recent warning regarding Visual C++ .NET might not have
    been as straightforward or helpful as it first appeared. Gary McGraw,
    the chief technology officer (CTO) for Cigital, claimed that the
    Visual C++ .NET compiler, a part of the Visual Studio .NET suite,
    contains an improperly implemented feature (known as Buffer Security
    Checking) that causes a buffer-overrun problem to appear in code
    written with the tool.
       http://www.secadministrator.com/articles/index.cfm?articleid=24882
    
    * NEWS: MICROSOFT PATCHES CRITICAL EXCHANGE HOLE
       Microsoft has released a patch that corrects what the company calls
    a "critical" security flaw in Microsoft Exchange 2000 Server. The flaw
    lets attackers send a specially formatted message that ties up 100
    percent of the server's resources.
       http://www.secadministrator.com/articles/index.cfm?articleid=25392
    
    * FEATURE: NEW IE UPDATE BLOCKS IFRAME IN OUTLOOK HTML MESSAGES
       Microsoft issued a critical update for Microsoft Internet Explorer
    (IE) in Microsoft Security Bulletin MS02-023 (15 May 2002 Cumulative
    Patch for Internet Explorer) that eliminates a longstanding
    vulnerability in HTML-format messages. The update prevents an < IFRAME >
    tag from using the Internet Sites security zone, rather than the
    Restricted Sites zone, to launch a file attached to a message or to
    open a Web page inside a message.
       http://www.secadministrator.com/articles/index.cfm?articleid=25269
    
    5. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to remain
    informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: HOW CAN I RECOVER A DELETED DYNAMIC NTFS OR FAT32 VOLUME IN
    WINDOWS XP OR WINDOWS 2000?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. When you delete a dynamic volume in Win2K or XP, the OS erases the
    volume's file-system boot sector (sector 0) and removes the volume
    entry from the Microsoft Management Console (MMC) Disk Management
    snap-in private region database. However, as part of this process, the
    OS leaves the rest of the drive intact, including the data. Both FAT32
    and NTFS store a backup copy of the boot sector. You can copy this
    boot sector back to sector 0 and restore the volume as long as you
    know the original volume size. For detailed step-by-step instructions
    about how to recover the volume, visit our Win2K FAQ at the URL below.
       http://www.windows2000faq.com/articles/index.cfm?articleid=25375
    
    6. ==== NEW AND IMPROVED ====
       (contributed by Judy Drennen, productsat_private)
    
    * ENHANCED VIRUS SCANNER
       Rockliffe released MailSite SE 5.0 for Small Enterprises, featuring
    integrated virus scanning, security improvements, and personal
    calendaring. With the new antivirus support in MailSite SE, customers
    no longer need to worry about viruses sneaking into their system
    through email. MailSite SE automatically eliminates viruses without
    any administrator intervention. Prices for MailSite SE start at $595
    for 50 mailboxes. For more information, contact Rockliffe at
    408-879-5600, or to purchase online, visit Rockliffe's Web site.
       http://www.rockliffe.com
    
    * PnP POLICY ENFORCER
       InfoExpress released CyberGatekeeper Server, a Plug and Play (PnP)
    appliance that proactively enforces remote and mobile desktop
    configurations and applications. CyberGatekeeper Server is vendor
    neutral and can enforce desktop configurations connected through VPNs,
    extranets, dial-up connections, wireless LANs (WLANs), and wired LANs.
    The appliance audits systems before permitting access to the network.
    CyberGatekeeper Server is $6500 per appliance. For more information,
    contact InfoExpress at 650-623-0260, or infoat_private
       http://www.infoexpress.com
     
    7. ==== HOT THREAD ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: Restoring Encrypted Files After Format and Reinstall
       (Twenty-eight messages in this thread)
    
    Christer writes that he runs an FTP server and noticed a COM1
    directory within his PUB directory. The COM1 directory contains 600GB
    of data, but he can't open or delete the folder. When he tries to
    access the directory, Windows reports that it can't be found. Do you
    know how he can remove the folder?
       http://www.secadministrator.com/forums/thread.cfm?thread_id=99095
    
    8. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- vpattersonat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe
    today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    
    MANAGE YOUR ACCOUNT
       You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    SUBSCRIBE
       To quickly subscribe, send a blank email to
     mailto:Security-UPDATE_Subat_private
    
    UNSUBSCRIBE
       To quickly unsubscribe, send a blank email to
     mailto:Security-UPDATE_Unsubat_private
    
    Thank you!
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jun 06 2002 - 05:17:26 PDT