Наши проекты:
Журнал · Discuz!ML · Wiki · DRKB · Помощь проекту |
||
ПРАВИЛА | FAQ | Помощь | Поиск | Участники | Календарь | Избранное | RSS |
[3.144.96.159] |
|
Сообщ.
#1
,
|
|
|
TITLE:
Windows 2000 Server Active Directory Buffer Overflow Vulnerability CRITICAL: Moderately critical IMPACT: DoS WHERE: From local network OPERATING SYSTEM: Microsoft Windows 2000 Server DESCRIPTION: A vulnerability has been identified in Windows 2000 Server, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system. The vulnerablity is caused due to a boundary error in Active Directory. This can be exploited by sending a specially crafted LDAP v3 search request containing about 1000 "AND" or "OR" operators to a vulnerable Active Directory server, which will crash the "Lsass.exe" service and therefore automatically reboot the system within 30 seconds. Reportedly, the vulnerability only affects Windows 2000 Server with Active Directory. SOLUTION: Reportedly, this has been fixed in Windows 2000 Service Pack 4: http://www.microsoft.com/Windows2000/downloads/servicepacks/sp4/ |
Сообщ.
#2
,
|
|
|
TITLE:
Windows 2000 ShellExecute API Buffer Overflow Vulnerability READ ONLINE: http://www.secunia.com/advisories/9175/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: From remote OPERATING SYSTEM: Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Server Microsoft Windows 2000 Professional DESCRIPTION: A vulnerability has been reported in Windows 2000, which can be exploited by malicious people to crash applications and potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error in the API "ShellExecute" in "shell32.dll", which is used to execute programs associated with a given file type. This can be exploited by supplying a pointer referencing an overly long string (about 4000 bytes) to the "lpszFile" parameter, which will cause a buffer overflow. Any program using this API is potentially affected. Reportedly, both browsers, email programs, and text editors have been identified as vulnerable. The vulnerability has been reported in "shell32.dll" version 5.0.3502.6144. However, other versions may also be affected. SOLUTION: Reportedly, the vulnerability has been fixed in Windows 2000 Service Pack 4: http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp REPORTED BY / CREDITS: Yuu Arai and Hisayuki Shinmachi (SecureNet Service). ORIGINAL ADVISORY: http://www.lac.co.jp/security/english/snsadv_e/65_e.html |