Microsoft Remote DOS Vulnerability Resolved!

Microsoft Security Bulletin MS10-085 - Important

Vulnerability in SChannel Could Allow Denial of Service (2207566)

Published: October 12, 2010 | Updated: October 18, 2010

Source: Security Focus 

Original Advisory : http://www.microsoft.com/technet/security/Bulletin/MS10-085.mspx

Bugtraq ID:	43780
Class:	Unknown
CVE:	CVE-2010-3229
Remote:	Yes
Local:	No
Published:	Oct 12 2010 12:00AM
Updated:	Oct 19 2010 11:49AM
Credit:	The Mu Test Suite Team
Vulnerable:	Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Vista x64 Edition SP1 Microsoft Windows Vista Ultimate 64-bit edition SP2 Microsoft Windows Vista Ultimate 64-bit edition SP1 Microsoft Windows Vista Home Premium 64-bit edition SP2 Microsoft Windows Vista Home Premium 64-bit edition SP1 Microsoft Windows Vista Home Basic 64-bit edition SP2 Microsoft Windows Vista Home Basic 64-bit edition SP1 Microsoft Windows Vista Enterprise 64-bit edition SP2 Microsoft Windows Vista Enterprise 64-bit edition SP1 Microsoft Windows Vista Business 64-bit edition SP2 Microsoft Windows Vista Business 64-bit edition SP1 Microsoft Windows Vista Ultimate SP2 Microsoft Windows Vista Ultimate SP1 Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Windows Vista Home Premium SP2 Microsoft Windows Vista Home Premium SP1 Microsoft Windows Vista Home Basic SP2 Microsoft Windows Vista Home Basic SP1 Microsoft Windows Vista Enterprise SP2 Microsoft Windows Vista Enterprise SP1 Microsoft Windows Vista Business SP2 Microsoft Windows Vista Business SP1 Microsoft Windows Server 2008 Standard Edition X64 Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard Edition Itanium Microsoft Windows Server 2008 Standard Edition 0 Microsoft Windows Server 2008 Standard Edition - Sp2 Web Microsoft Windows Server 2008 Standard Edition - Sp2 Storage Microsoft Windows Server 2008 Standard Edition - Sp2 Hpc Microsoft Windows Server 2008 Standard Edition - Gold Web Microsoft Windows Server 2008 Standard Edition - Gold Storage Microsoft Windows Server 2008 Standard Edition - Gold Standard Microsoft Windows Server 2008 Standard Edition - Gold Itanium Microsoft Windows Server 2008 Standard Edition - Gold Hpc Microsoft Windows Server 2008 Standard Edition - Gold Enterprise Microsoft Windows Server 2008 Standard Edition - Gold Datacenter Microsoft Windows Server 2008 Standard Edition - Gold Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems R2 Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems R2 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Windows Server 2008 Enterprise Edition SP2 Microsoft Windows Server 2008 Enterprise Edition 0 Microsoft Windows Server 2008 Datacenter Edition SP2 Microsoft Windows Server 2008 Datacenter Edition 0 Microsoft Windows Server 2008 SP2 Beta Microsoft Windows 7 XP Mode 0 Microsoft Windows 7 Ultimate 0 Microsoft Windows 7 Starter 0 Microsoft Windows 7 Professional 0 Microsoft Windows 7 Home Premium 0 Microsoft Windows 7 for x64-based Systems 0 Microsoft Windows 7 for 32-bit Systems 0 Avaya Aura Conferencing Standard Avaya Aura Conferencing 6.0 Standard

Microsoft Released October 2010 Black Tuesday Summary

On 12th of Oct, Microsoft had released 49 patches to address issues on it Windows platforms including ranging from Microsoft office, Internet Explorer, .NET framework, and including two that fixes the bugs a targeted by the Stuxnet worms. Internet Explorer recorded the most patches which is up to 10 patches followed by Microsoft Word and Excel. Please be noted that eight of the bugs were publicly disclosed before. Microsoft also had released Malicious Software Removal Tool (MSRT) (http://www.microsoft.com/security/malwareremove/default.aspx) to hunt and remove the infamous widely spreading botnet, the Zeus or Zbot (http://blogs.technet.com/b/mmpc/archive/2010/10/12/msrt-on-zbot-the-botnet-in-a-box.aspx).

All the patches can be carried out if auto-update is enabled for your Microsoft Windows. As usual, you may want to follow your patching procedures before deploying it to the production environment. Four (4) of the vulnerabilities are rated as Critical, Ten(10) are rated as important affecting the OS and Microsoft Office and Two (2) are rated as moderate affecting the OS :

MS10-071 - Cumulative Security Update for Internet Explorer (2360131)
MS10-075 - Vulnerability in Media Player Network Sharing Service Could Allow Remote
                     Code Execution (2281679)
MS10-076 - Vulnerability in the Embedded OpenType Font Engine Could Allow Remote
                     Code Execution (982132)
MS10-077 - Vulnerability in .NET Framework Could Allow Remote Code Execution
                     (2160841)
MS10-072 - Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
MS10-073 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of
                     Privilege (981957)
MS10-078 - Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow
                     Elevation of Privilege (2279986)
MS10-079 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
                     (2293194)
MS10-080 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
                     (2293211)
MS10-081 - Vulnerability in Windows Common Control Library Could Allow Remote Code
                     Execution (2296011)
MS10-082 - Vulnerability in Windows Media Player Could Allow Remote Code Execution
                     (2378111)
MS10-083 - Vulnerability in COM Validation in Windows Shell and WordPad Could Allow
                     Remote Code Execution (2405882)
MS10-084 - Vulnerability in Windows Local Procedure Call Could Cause Elevation of
                     Privilege (2360937)
MS10-085 - Vulnerability in SChannel Could Allow Denial of Service (2207566)
MS10-074 - Vulnerability in Microsoft Foundation Classes Could Allow Remote Code
                     Execution (2387149)
MS10-086 - Vulnerability in Windows Shared Cluster Disks Could Allow Tampering
                     (2294255)


For more information on these security updates, please refer to the link below:

https://www.microsoft.com/technet/security/bulletin/ms10-oct.mspx

Oracle released critical update!

Oracle today had released a critical update to its widely-installed Java software, fixing at least 29 security vulnerabilities in the program.

If you have some version of Java installed, kindly verify the version from the following link;

http://java.com/en/download/installed.jsp


To install the latest version which is Java 6 Update 22:

1. Go the Windows Control Panel
2. Click on the Java icon
3. Seelect the “Update Now” button on the “Update” tab

For Oracle’s patches, updates are available for Windows, Solaris and Linux. Apple has its own version of Java for their OS X systems. They will issue fixes for after several months of the official release. Kindly, refer to this link:

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

Java’s updater may also include additional add-on such as the Yahoo! Toolbar to bundle with the software update. If you don't need it, un-select the appropriate check box during installation.

Sagan.. Snort's twin released!

Sagan release version 0.1.0
http://sagan.softwink.com
Written by Champ Clark (AKA 'Da Beave') and the Softwink, Inc team
Date: 06/24/2010

Obligatory screen shot of Sagan version 0.1.0 running running in FIFO mode.

Softwink announces the release of Sagan, a real time log monitoring
system.

Sagan is a multi-threaded, real time system- and event-log monitoring system,
but with a twist. Sagan uses a "Snort" like rule set for detecting "bad
things" happening on your network and/or computer systems. If Sagan detects
a "bad thing" happening, that event can be stored to a Snort database
(MySQL/PostgreSQL) and Sagan will correlate the event with your
Snort Intrusion Detection/Intrusion Prevention (IDS/IPS) system. Sagan
is meant to be used in a 'centralized' logging environment, but will
work fine as part of a standalone Host IDS system for workstations.

Sagan is fast: Sagan is written in C and is a multi-threaded application.
Sagan is threaded to prevent blocking Input/Output (I/O). For example,
data processing doesn't stop when an SQL query is needed. It is also meant
to be as efficient as possible in terms of memory and CPU usage.

Sagan uses a "Snort" like rule set: If you're a user of "Snort" and
understand Snort rule sets, then you already understand Sagan rule sets.
Essentially, Sagan is compatible with Snort rule management utilities, like
"oinkmaster" for example.

Sagan can log to Snort databases: Sagan will operate as a separate "sensor"
ID to a Snort database. This means that your IDS/IPS events from Snort will
remain separate from your Sagan (syslog/event log) events. Since Sagan can utilize
Snort databases, using Snort front-ends like BASE and Snorby will not only
work with your IDS/IPS event, but also with your syslog events as well!

Sagan output formats: You don't have to be a Snort user to use Sagan. Sagan
supports multiple output formats, such as a standard output file log format
(similar to Snort), e-mailing of alerts (via libesmtp), Logzilla support and
externally based programs that you can develop using the language you prefer
(Perl/Python/C/etc).

Sagan is actively developed: Softwink, Inc. actively develops and maintains
the Sagan source code and rule sets. Softwink, Inc. uses Sagan to monitor
security related log events on a 24/7 basis.

Other Features:

- Sagan is meant to be easy to install. The traditional,
"./configure && make && make install" works for many installations,
depending on the functionality needed and configuration.
- Thresholding of alerts. Uses the same format as Snort in the
Sagan rule set.
- Attempts to pull TCP/IP addresses, port information, and protocol
of rule set that was triggered. This leads to better correlation.
- Can be used to monitor just about any type of device or system
(Routers, firewalls, managed switches, IDS/IPS systems,
Unix/Linux systems, Windows event logs, wireless access points,
much more).
- Works 'out of the box' with Snort front ends like BASE, Snorby,
proprietary consoles, various Snort based reporting systems.
- Sagan is 'open source' and released under the GNU/GPL version 2
license.

For more information about Sagan, please see:

Sagan web site: http://sagan.softwink.com


Screenshots:

 

Mozilla Foundation Security Advisory 2010-58

Title: Crash on Mac using fuzzed font in data: URL

Impact: Critical

Announced: September 7, 2010

Reporter: Marc Schoenefeld

Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.9
Firefox 3.5.12
Thunderbird 3.1.3
Thunderbird 3.0.7
SeaMonkey 2.0.7
Description

Security researcher Marc Schoenefeld reported that a specially crafted font could be applied to a document and cause a crash on Mac systems. The crash showed signs of memory corruption and presumably could be used by an attacker to execute arbitrary code on a victim's computer.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=583520
* CVE-2010-2770

Fretsweb Multiple SQL Injection Vulnerabilities

Released on 08-10-2010 Source page: SecurityFocus 

==========================================================
FretsWeb 1.2 Multiple Local File Inclusion Vulnerabilities
==========================================================


----------------------------------------------------------------------------------------------
|                MULTIPLE LOCAL FILE INCLUSION VULNERABILITIES               |
|--------------------------------------------------------------------------------------------|
|                                    |      FretsWeb 1.2      |                    |
|  CMS INFORMATION:                 ------------------------                              |
|                       |
|-->WEB: http://sourceforge.net/projects/fretsweb/                 |
|-->DOWNLOAD: http://sourceforge.net/projects/fretsweb/                               |
|-->DEMO: N/A               |
|-->CATEGORY: CMS / Games/Entertainment            |
|-->DESCRIPTION: Fretsweb is a Contest or Chart Server for Frets on Fire. It...              |
|  is an improved version of FoFCS.It is meant for...                 |
|-->RELEASED: 2009-05-30             |
|                |
|  CMS VULNERABILITY:              |
|                |
|-->TESTED ON: firefox 3                           |
|-->DORK: N/A                      |
|-->CATEGORY: LOCAL FILE INCLUSION (LFI) / INSECURE COOKIE HANDLING (LFI)              |
|-->AFFECT VERSION: CURRENT (MAYBE <= ?)            |
|-->Discovered Bug date: 2009-06-02            |
|-->Reported Bug date: 2009-06-02            |
|-->Fixed bug date: 2009-06-14             |
|-->Info patch: http://sourceforge.net/projects/fretsweb/         |
|-->Author: YEnH4ckEr              |
|-->WEB/BLOG: N/A              |
|-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.       |
|-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)        |
----------------------------------------------------------------------------------------------



Note: Of course use null byte () when you want to include a file with different extension to "php"



###########################
///////////////////////////

LOCAL FILE INCLUSION (LFI):

///////////////////////////
###########################



<<<<---------++++++++++++++ Condition: Nothing +++++++++++++++++--------->>>>



[++] GET var --> 'language'



~~~> http://[HOST]/[PATH]/charts.php?language=[LFI]



###############################
///////////////////////////////

INSECURE COOKIE HANDLING (LFI):

///////////////////////////////
###############################



[++] Cookie --> 'fretsweb_language'



~~~> fretsweb_language=[LFI]