Alert: Microsoft Security Bulletin MS04-029 - Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)

From: Russ Cooper (Russ.Cooper_at_TRUSECURE.CA)
Date: 10/12/04

  • Next message: Russ Cooper: "Alert: Microsoft Security Bulletin MS04-030 - Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)"
    Date:         Tue, 12 Oct 2004 13:23:19 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Microsoft Security Bulletin MS04-029:
    Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)

    Bulletin URL:
    <http://www.microsoft.com/technet/security/bulletin/MS04-029.mspx>

    Version Number: 1.0
    Issued Date: Tuesday, October 12, 2004
    Impact of Vulnerability: Important
    Maximum Severity Rating: Information Disclosure and Denial of Service
    Patch(es) Replaced: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.
    Caveats: None

    Tested Software:
    Affected Software:
    ------------------
    * Microsoft Windows NT Server 4.0 Service Pack 6a
    <http://tinyurl.com/6xzfr>
    * Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
    <http://tinyurl.com/6tobs>

    Technical Description:
    ----------------------
    * RPC Runtime Library Vulnerability - CAN-2004-0569: An information disclosure and denial of service vulnerability exists when the RPC Runtime Library processes specially crafted messages. An attacker who successfully exploited this vulnerability could potentially read portions of active memory or cause the affected system to stop responding.

    This email is sent to NTBugtraq automagically as a service to my subscribers. (v4.01.1664.40858)

    Cheers,
    Russ - Senior Scientist - TruSecure Corporation/NTBugtraq Editor

    --
    NTBugtraq Editor's Note:
    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    --
    

  • Next message: Russ Cooper: "Alert: Microsoft Security Bulletin MS04-030 - Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)"

    Relevant Pages

    • Microsoft Security Bulletin MS02-028
      ... Microsoft encourages customers to review the Security Bulletin at: ... This patch eliminates a newly discovered vulnerability affecting Internet ...
      (microsoft.public.security)
    • Microsoft Security Bulletin MS02-028
      ... Microsoft encourages customers to review the Security Bulletin at: ... This patch eliminates a newly discovered vulnerability affecting Internet ...
      (microsoft.public.inetserver.iis.security)
    • Microsoft Security Notification Service
      ... Software: Internet Explorer ... Microsoft encourages customers to review the Security Bulletin at: ... - The first vulnerability involves a flaw in the handling of the ... "Frame Domain Verification" vulnerability discussed in Microsoft ...
      (Bugtraq)
    • Neue Sicherheits-Bulletins - KRITISCHE UPDATES - Bitte beachten
      ... Bulletin Anfang. ... Microsoft is releasing the following four new security bulletins for newly discovered vulnerabilities: ... Windows Services for UNIX, ...
      (microsoft.public.de.german.visio)
    • Re: Claims Regarding the MS02-023 Security Bulletin
      ... >>Posting on behalf of the MSRC (Microsoft Security ... >>discussing the availability of a patch that eliminates ... >>bulletin, and we'd like to address those claims. ... >>vulnerability in a local HTML resource that ships as part ...
      (microsoft.public.security)