Next Page >>
Windows 2008
The vulnerability is caused by a stack overflow error in the OpenType
Compact Font Format (CFF) driver "ATMFD.dll" when processing certain
operands within an OpenType font, which could be exploited by remote
attackers to execute arbitrary code on a vulnerable Windows 7, Windows
Server 2008, Windows Server 2008 R2, and Windows Vista systems via a
malicious font, or by local attackers to gain elevated privileges on
Windows XP and Windows Server 2003 systems via a malicious application.
CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Windows Vista, Windows Vista SP 1, and Windows Vista SP 2
Windows Vista x64 Edition, Windows Vista x64 Edition SP 1, and Windows
Vista x64 Edition SP 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for
32-bit Systems SP 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for
x64-based Systems SP 2
Microsoft Windows 7 (32-bit)
Microsoft Windows 7 (64x)
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (64x)
Microsoft Windows Server 2008 (64x) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Windows Server 2008 for Itanium-based Systems
Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2
III. AFFECTED PRODUCTS
---------------------------
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Windows Vista SP1
Windows Vista SP2
Windows Vista x64 Edition
Windows Vista x64 Edition SP1
Windows Vista x64 Edition SP2
Windows Server 2008 x32
Windows Server 2008 x32 SP2
Windows Server 2008 x64 SP2
Windows Server 2008 x64 SP2
Windows Server 2008 for Itanium-based systems
Windows Server 2008 for Itanium-based systems SP2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Windows Server 2008 for Itanium-based Systems
Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2
III. AFFECTED PRODUCTS
---------------------------
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (64x)
Microsoft Windows Server 2008 (64x) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
III. AFFECTED PRODUCTS
---------------------------
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
----------------------------------------------------------------------------------------------------
Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 2008
----------------------------------------------------------------------------------------------------
+ Author: Fabien KERBOUCI
+ Version/Date: 27/01/2009
+ Keywords: [ benchmark timing benchmarking attacks Windows runas vulnerability password length ]
Get a more detailed version of this advisory with complete tutorial and video in Haking9 Magazine
of May 2009.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01682739
Version: 1
HPSBMA02413 SSRT080040 rev.1 - HP WMI Mapper for Windows Server 2003 and Windows Server 2008 for Itanium-based Servers, Remote Unauthorized Access to Data, Local Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-03-02
Last Updated: 2009-03-09
! Valid chars are: \x20 ( ), \x22 ("), \x2E (.), \x3C (<), \x3E (>)
! Valid strings are all combinations of the above chars.
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
PHP 5.3.0 Windows Server 2008 (WampServer 2.0i install)
C:\PHPFS_MAD2> php alfi_fuzzer.php
! Valid chars are: \x20 ( ), \x22 ("), \x2E (.), \x3C (<), \x3E (>)
! Valid strings are all combinations of the above chars.
A directory traversal vulnerability allows an attacker to remotely
retrieve files from vCenter Server without authentication. In order
to exploit this vulnerability, the attacker will need to have access
to the network on which the vCenter Server host resides.
In case vCenter Server is installed on Windows 2008 or
Windows 2008 R2, the security vulnerability is not present.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2011-0426 to this issue.
A potential security vulnerability has been identified with Procurve Identity Driven Manager (IDM) running on Microsoft IAS or NPS. The vulnerability could be exploited to allow a local user to gain unauthorized access.
References: CVE-2009-2681
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Procurve IDM A.02.03 and previous, only on Microsoft Windows 2003 running IAS or Windows 2008 runnning NPS
HP Procurve IDM A.03.00 and previous, only on Microsoft Windows 2003 running IAS or Windows 2008 runnning NPS
BACKGROUND
CVSS 2.0 Base Metrics
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 2003
Microsoft Windows Vista/SP1
Microsoft Windows Server 2008
Unaffected system:
==============
Microsoft Windows Vista SP2
- Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
--------------------
Consequences
-----------------------
4. *Vulnerable packages*
. Microsoft Windows 2000 (SP4 and previous)
. Microsoft Windows XP (SP3, SP2 and previous)
. Microsoft Windows 2003 (SP2 and previous)
. Microsoft Windows 2008 (SP2 and previous)
. Microsoft Windows 2008 R2
. Microsoft Exchange Server 2003 (SP3, SP2 and previous)
. Microsoft Exchange Server 2007 (SP2, SP1 and previous)
. Microsoft Exchange Server 2010
. Microsoft Windows 2000 up to and including Service Pack 4
. Microsoft Windows Server 2003 up to and including Service Pack 2
. Microsoft Windows XP up to and including Service Pack 3
. Windows Vista up to and including Service Pack 1 (not exploitable
with IE running with Protected mode on)
. Windows Server 2008
5. *Non-vulnerable packages*
. Internet Explorer 8 under Windows 2000/2003/XP/Vista
At least all supported versions of Windows were reported by Microsoft
to be vulnerable:
. Windows 7
. Windows Vista
. Windows Server 2008 R2
. Windows Server 2008
. Microsoft Windows XP
. Microsoft Windows Server 2003
Platforms: Windows 2000
Windows XP
Windows Vista
Windows server 2003
Windows Server 2008 SR2
Exploitation: Remote Exploitable
CVE Number: CVE-2010-0816
HP Network Configuration Utility for Windows Server 2003 x64 Editions
HP Network Configuration Utility for Windows Server 2003
HP Network Configuration Utility for Windows Server 2008 x64 Editions
HP Network Configuration Utility for Windows Server 2008
HP Network Configuration Utility for Windows Server 2008 R2
. Internet Explorer 7 on Windows XP sp3
. Internet Explorer 7 on Windows Vista sp1
. Internet Explorer 7 on Windows Vista sp2
. Internet Explorer 7 on Windows Server 2003 sp2 if
Protected Mode is OFF and not using Enhanced Security Configuration
. Internet Explorer 7 on Windows Server 2008 i
if Protected Mode is OFF and
not using Enhanced Security Configuration
. Internet Explorer 8 on Windows XP sp2
. Internet Explorer 8 on Windows XP sp3
. Internet Explorer 8 on Windows Vista sp1
As always, we've worked hard to create a show with timely, technical content and a broad range of topics. Some highlights of this year's program include:
* A talk from Pedram Amini and Aaron Portnoy from Tipping Point about the Sulley fuzzing framework - a game changing, free, highly automated fuzzing suite.
* A talk from Halvar Flake, world-class reverse engineer and one of Black Hat's most sought-after speakers entitled "Automated Unpacking and Malware Classification."
* Brandon Baker of Microsoft will be speaking on the very timely topic of the security model of Windows Server Virtualization in Windows Server 2008.
Please bear in mind that on-line registration closes October 15, and it is a good idea to sign up now to avoid waiting in the long on site registration lines.
The Briefings will once again be held in the Keio Plaza Hotel in Tokyo, on Thursday, October 25 and Friday, October 26. On site registration begins at 09:00 both days.
In other news:
=========================================================================
=====================
Windows Operating Systems
=====================
Windows Server 2008 SP1 (32-bit and X64) Enterprise / Standard / Datacenter / Web Server Editions
Windows Server 2003 R2 SP2 (32-bit and X64) Enterprise / Standard Editions
Windows Small Business Server 2008 (32-bit and X64)
Windows Small Business Server 2003 R2 (32-bit and X64)
Windows Unified Data Storage Server 2003 R2 (32-bit and X64)
Windows Storage Server 2003 R2 (32-bit and X64)
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000 SP4
Version v3.0.0.64 windows
Version v6.0.0.96 windows
Version v6.1.0.102 windows
Version v6.1.0.103 linux
Tested on Windows 2008 64bit, Windows 2003 and Centos/Red Hat enterprise
Hardware Proliant DL380 G5, DL360 G5, DL380 G4
1) Basic reflective XSS attack (Windows only).
assumption is that this applies to many servers in internal networks)
the traversal can be a serious issue, because a samba user (even nobody)
can create the symlinks. It would in my point of view be more secure to
only allow administrators to create symlinks as it is intended.
Again I might be wrong with this thought.
I first audited Windows Server 2008 for the new SMB2 hardlinking
features. Symlinking on a windows server is possible but only when the
remotely logged in account is the Administrator. Creating symlinks to
paths outside the directory of the given share is not possible. However
accessing a symlink in a directory which points to for example c:\
is possible. I don't say that because Samba should have the same
Exploitation:
This is remotely exploitable from anywhere on the Internet with access
to ANY Altigen service port.
Platform:
Windows Server 2008, fully updated, firewall enabled with ports opened
for Altigen services.
Solution:
Vendor is releasing patch for this issue in next revision. Binding
outbound traffic to just PRI/Trunk seems to mitigate the issue.
Next Page>>
|
