lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C51A8CA3.905A%dvlabs@tippingpoint.com>
Date: Tue, 14 Oct 2008 17:51:31 -0500
From: dvlabs <dvlabs@...pingpoint.com>
To: bugtraq <bugtraq@...urityfocus.com>, FD <full-disclosure@...ts.grok.org.uk>
Subject: TPTI-08-07: Microsoft Windows Message Queuing
 Service Heap Overflow and Memory Disclosure Vulnerability

TPTI-08-07: Microsoft Windows Message Queuing Service Heap Overflow and
Memory Disclosure Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-08-07
October 14, 2008

-- CVE ID:
CVE-2008-3479

-- Affected Vendors:
Microsoft

-- Affected Products:
Microsoft OS

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6482.
For further product information on the TippingPoint IPS, visit:

    http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Windows running the Message
Queuing service (mqsvc.exe).  User interaction is not required to
exploit this vulnerability.

The specific flaw exists in the parsing of an RPC request to the Message
Queing Service (mqsvc.exe).  By sending a specially crafted RPC request
a heap calculation can be controlled and later overflowed during an
unchecked string copy operation.  By sending a similar request memory
can be disclosed to the attacker.  Exploitation of the heap overflow
leads to full access of the affected system under the SYSTEM context.

-- Vendor Response:
Microsoft has issued an update to correct this vulnerability. More
details can be found at:

http://www.microsoft.com/technet/security/bulletin/MS08-065.mspx

-- Disclosure Timeline:
2007-11-14 - Vulnerability reported to vendor
2008-10-14 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Cody Pierce, TippingPoint DVLabs

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ