Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2003-09-12 by ReCall
Views: 429
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: Several buffer overflow vulnerabilities were reported in several Microsoft operating systems in the RPCSS service related to Distributed Component Object Model (DCOM) messages. A remote user can execute arbitrary code with Local System privileges or cause denial of service conditions.
It is reported that the RPCSS service contains three vulnerabilities in the processing of RPC DCOM object activation requests that can be triggered by a remote user sending malformed messages.
It is reported that a remote user can establish a connection to the target system and then send a specially crafted and malformed RPC message to cause the DCOM activation infrastructure to execute arbitrary, user-supplied code. This is because user-supplied inputs are not properly checked by the software, according to the report. The flaws reportedly occur in the processing of RPC DCOM object activation requests.
Two of the vulnerabilities can be exploited to execute arbitrary code. The other vulnerability results in the RPCSS service crashing and only affects Windows 2000.
Microsoft reports that the affected service may initially receive connections via UDP ports 135, 137, 138, and 445 and TCP ports 135, 139, 445, and 593. In addition, the systems can be configured to receive RPC connections via TCP on 80 and 443. Other ports may also be used.
One of these buffer overflow vulnerabilities is related to the exploit code released by XFocus on July 25, 2003 and described in Alert ID 1007302 [the exploit was also reportedly effective against CVE CAN-2003-0352].
Technical details regarding another of the buffer overflow vulnerabilities has been provided by eEye Digital Security [see the Message History for a separate Alert dedicated to the eEye advisory]. In this particular buffer overflow, a remote user can reportedly send a DCERPC "bind" packet followed by a malformed DCERPC DCOM object activation request packet. The activate packet can contain specially crafted length fields to cause heap memory to be overwritten with user-supplied data, the report said. It may require several activation packets (e.g., 4, 5) to cause the memory to be overwritten.
Microsoft credits eEye Digital Security, NSFOCUS Security Team, and Xue Yong Zhi and Renaud Deraison from Tenable Network Security with reporting these flaws.
Impact: A remote user can execute arbitrary code with Local System privileges on the target server. A remote user can cause the target server's RPCSS service to crash.
Solution: Microsoft has released the following patches:
Windows NT Workstation 4.0
http://www.microsoft.com/downloads/details.aspx?FamilyId=7EABAD74-9CA9-48F4-8DB5-CF8C188879D A&displaylang=en
Windows NT Server 4.0
http://www.microsoft.com/downloads/details.aspx?FamilyId=71B6135C-F957-4702-B376-2DACCE773DC0&displaylang=en
Windows NT Server 4.0, Terminal Server Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=677229F8-FBBF-4FF4-A2E9-506D17BB883F&displaylang=en
Windows 2000
http://www.microsoft.com/downloads/details.aspx?FamilyId=F4F66D56-E7CE-44C3-8B94-817EA8485DD1&displaylang=en
Windows XP
http://www.microsoft.com/downloads/details.aspx?FamilyId=5FA055AE-A1BA-4D4A-B424-95D32CFC8CBA&displaylang=en
Windows XP 64 bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=50E4FB51-4E15-4A34-9DC3-7053EC206D65&displaylang=en
Windows XP 64 bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=80AB25B3-E387-441F-9B6D-84106F66059B&displaylang=en
Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=51184D09-4F7E-4F7B-87A4-C208E9BA4787&displaylang=en
Windows Server 2003 64 bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=80AB25B3-E387-441F-9B6D-84106F66059B&displaylang=en
The vendor reports that the Windows NT Workstation 4.0 and Server 4.0 patches can be installed on SP6a. The Windows NT Server 4.0, Terminal Server Edition patch can be installed on Windows NT Server 4.0, Terminal Server Edition SP6. The Windows 2000 patch can be installed on Windows 2000 SP2, SP3, or SP4. The Windows XP patch can be installed on Windows XP Gold or SP1. The Windows Server 2003 patch can be installed on Windows Server 2003 Gold.
Microsoft plans to include this fix in Windows 2000 SP5, Windows XP SP2, and Windows Server 2003 SP1.
A reboot is required after installing this patch.
This patch supersedes the patches described in Microsoft Security Bulletin MS03-026 and MS01-048.
Microsoft plans to issue Knowledge Base article 824146 regarding this issue, to be available shortly on the Microsoft Online Support web site at:
http://support.microsoft.com/?kbid=824146
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=420
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
