Alert: Microsoft Security Bulletin - MS03-024
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 07/09/03
- Previous message: Russ: "Alert: Microsoft Security Bulletin - MS03-023"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Jul 2003 13:10:43 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
http://www.microsoft.com/technet/security/bulletin/MS03-024.asp
Buffer Overrun in Windows Could Lead to Data Corruption (817606)
Originally posted: July 09, 2003
Summary
Who should read this bulletin: Customers using Microsoft® Windows® NT, Microsoft Windows 2000, or Microsoft Windows XP
Impact of vulnerability: Allow an attacker to execute code of their choice
Maximum Severity Rating: Important
Recommendation: Administrators should consider installing the patch.
Affected Software:
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Windows XP Professional Not Affected Software:
- Microsoft Windows Server 2003
Technical description:
Server Message Block (SMB) is the Internet Standard protocol that Windows uses to share files, printers, serial ports, and to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources, and servers make SMB responses in what's described as a client server request-response protocol.
A flaw exists in the way that the server validates the parameters of an SMB packet. When a client system sends an SMB packet to the server system, it includes specific parameters that provide the server with a set of "instructions." In this case, the server is not properly validating the buffer length established by the packet. If the client specifies a buffer length that is less than what is needed, it can cause the buffer to be overrun.
By sending a specially crafted SMB packet request, an attacker could cause a buffer overrun to occur. If exploited, this could lead to data corruption, system failure, or-in the worst case-it could allow an attacker to run the code of their choice. An attacker would need a valid user account and would need to be authenticated by the server to exploit this flaw.
Mitigating factors:
- Windows Server 2003 is not affected by this vulnerability.
- By default, it is not possible to exploit this flaw anonymously. The attacker would have to be authenticated by the server prior to attempting to send a SMB packet to it.
- Blocking port 139/445 at the firewall will prevent the possibility of an attack from the Internet.
Vulnerability identifier: CAN-2003-0345
This email is sent to NTBugtraq automatically as a service to my subscribers. (v1.18)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to
http://www.trusecure.com/offer/s0100/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "Alert: Microsoft Security Bulletin - MS03-023"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
