[NT] Windows .NET Server (RC1) and MSDE Security Vulnerability
From: support@securiteam.comDate: 09/03/02
- Previous message: support@securiteam.com: "[NEWS] Blue Coat Systems (formerly CacheFlow) Cross Site Scripting Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Tue, 3 Sep 2002 19:39:28 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Windows .NET Server (RC1) and MSDE Security Vulnerability
------------------------------------------------------------------------
SUMMARY
Though Microsoft Windows .NET Server is still a release candidate,
presently at RC1, NGSSoftware has decided to release this warning as
anyone evaluating .NET Server is vulnerable if IIS 6 has been installed.
When IIS 6 is installed, the Microsoft Desktop Engine (MSDE) is also
installed. MSDE is based on SQL Server technology designed to support
transactional applications in the background. This version of MSDE is
vulnerable to the Name Resolution buffer overflows that allow an attacker
without a UserID and password to compromise the server. For more details
about these overflows please see
<http://www.nextgenss.com/advisories/mssql-udp.txt>
http://www.nextgenss.com/advisories/mssql-udp.txt, but to summarize an
attacker can send a single UDP packet to port 1434 on the machine running
MSDE and overflow a buffer gaining control of the process' path of
execution.
DETAILS
Fix Information:
Customers evaluating .NET Server should apply the following patch:
<http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-043.asp> http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-043.asp
Whilst
<http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-039.asp> http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-039.asp specifically addresses these overflows, the former URL includes a fix for this issue and others.
ADDITIONAL INFORMATION
The information has been provided by <mailto:nisr@nextgenss.com>
NGSSoftware Insight Security Research.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Blue Coat Systems (formerly CacheFlow) Cross Site Scripting Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
