[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030717061742.GY4584@netsys.com>
From: len at netsys.com (Len Rose)
Subject: [cert-advisory@...t.org: CERT Advisory CA-2003-16 Buffer Overflow in Microsoft RPC]
----- Forwarded message from CERT Advisory <cert-advisory@...t.org> -----
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-16 Buffer Overflow in Microsoft RPC
Original release date: July 17, 2003
Last revised: --
Source: CERT/CC
A complete revision history is at the end of this file.
Systems Affected
* Microsoft Windows NT 4.0
* Microsoft Windows NT 4.0 Terminal Services Edition
* Microsoft Windows 2000
* Microsoft Windows XP
* Microsoft Windows Server 2003
Overview
A buffer overflow vulnerability exists in Microsoft's Remote Procedure
Call (RPC) implementation. A remote attacker could exploit this
vulnerability to execute arbitrary code or cause a denial of service.
I. Description
There is a buffer overflow in Microsoft's RPC implementation.
According to Microsoft Security Bulletin MS03-026, "There is a
vulnerability in the part of RPC that deals with message exchange over
TCP/IP. The failure results because of incorrect handling of malformed
messages. This particular vulnerability affects a Distributed
Component Object Model (DCOM) interface with RPC, which listens on
TCP/IP port 135. This interface handles DCOM object activation
requests that are sent by client machines (such as Universal Naming
Convention (UNC) paths) to the server."
The CERT/CC is tracking this issue as VU#568148. This reference number
corresponds to CVE candidate CAN-2003-0352.
II. Impact
A remote attacker could exploit this vulnerability to execute
arbitrary code with Local System privileges or to cause a denial of
service.
III. Solution
Apply a patch
Apply the appropriate patch as specified by Microsoft Security
Bulletin MS03-026.
Restrict access
You may wish to block access from outside your network perimeter,
specifically by blocking access to port 135/TCP. This will limit your
exposure to attacks. However, blocking at the network perimeter would
still allow attackers within the perimeter of your network to exploit
the vulnerability. It is important to understand your network's
configuration and service requirements before deciding what changes
are appropriate.
_________________________________________________________________
This vulnerability was discovered by The Last Stage of Delirium
Research Group. Microsoft has published Microsoft Security Bulletin
MS03-026, upon which this document is largely based.
_________________________________________________________________
Author: Ian A. Finlay
______________________________________________________________________
This document is available from:
http://www.cert.org/advisories/CA-2003-16.html
______________________________________________________________________
CERT/CC Contact Information
Email: cert@...t.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
EDT(GMT-4) Monday through Friday; they are on call for emergencies
during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more
information.
Getting security information
CERT publications and other security information are available from
our web site
http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins,
send email to majordomo@...t.org. Please include in the body of your
message
subscribe cert-advisory
* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
______________________________________________________________________
NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
_________________________________________________________________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History
July 17, 2003: Initial release
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQCVAwUBPxYuDmjtSoHZUTs5AQFv7wP/WetxU0XdObqmC02+lOSG/aR1lGsMpB0i
9AAilcA21Dd/VO/cD8cAiAnb/pavd7NF+uXM8xDdlCTB7ypME5pKFOn6zk1sc9L9
G+9iOSqFUQbnM496CQRdz+UpDYNN4dT9/bgt239Bpyh2gxGxGIxKKN/cUCQ2kGxr
yjsZSjp9hME=
=ao29
-----END PGP SIGNATURE-----
----- End forwarded message -----
Powered by blists - more mailing lists