W2K Server Active Directory Buffer Overflow -> Форум на Исходниках.Ру

	Наши проекты: Журнал · Discuz!ML · Wiki · DRKB · Помощь проекту

Здравствуйте, Гость ! [3.145.34.185]

Правила!

Пожалуйста, подумайте два! раза перед тем как нажать кнопку Отправить.
Убедительная просьба пользоваться поиском и ИНСТРУКЦИЕЙ, и только потом спрашивать!

Публикация вирусов/эксплоитов в бинарном виде запрещена!
Запрещается размещать прямые ссылки на зараженные сайты! (если хочется предупредить, то исправляйте HTTP://... на ХТТП://...)
Категорически запрещается поиск кряков/варезов/серийников, а также размещение ссылок на серийники/ключи/кряки и т.п.
Запрещается использование оскорбительных выражений в адрес участников коференции, в том числе и в личной переписке.

Модераторы: Rust

Новое голосование

W2K Server Active Directory Buffer Overflow

vot

Сообщ. #1 , 03.07.03, 12:36

Administrator

Профиль · PM

Поощрения: 7 Dgm

Рейтинг (т): 17

TITLE:
Windows 2000 Server Active Directory Buffer Overflow Vulnerability

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From local network

OPERATING SYSTEM:
Microsoft Windows 2000 Server

DESCRIPTION:
A vulnerability has been identified in Windows 2000 Server, which can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system.

The vulnerablity is caused due to a boundary error in Active Directory. This can be exploited by sending a specially crafted LDAP v3 search request containing about 1000 "AND" or "OR" operators to a vulnerable Active Directory server, which will crash the "Lsass.exe" service and therefore automatically reboot the system within 30 seconds.

Reportedly, the vulnerability only affects Windows 2000 Server with Active Directory.

SOLUTION:
Reportedly, this has been fixed in Windows 2000 Service Pack 4: http://www.microsoft.com/Windows2000/downloads/servicepacks/sp4/

Сообщение отредактировано: vot - 04.07.03, 15:08

vot

Сообщ. #2 , 04.07.03, 15:07

Administrator

Профиль · PM

Поощрения: 7 Dgm

Рейтинг (т): 17

TITLE:
Windows 2000 ShellExecute API Buffer Overflow Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9175/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional

DESCRIPTION:
A vulnerability has been reported in Windows 2000, which can be exploited by malicious people to crash applications and potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the API "ShellExecute" in "shell32.dll", which is used to execute programs associated with a given file type. This can be exploited by supplying a pointer referencing an overly long string (about 4000 bytes) to the "lpszFile" parameter, which will cause a buffer overflow. Any program using this API is potentially affected.

Reportedly, both browsers, email programs, and text editors have been identified as vulnerable.

The vulnerability has been reported in "shell32.dll" version 5.0.3502.6144. However, other versions may also be affected.

SOLUTION:
Reportedly, the vulnerability has been fixed in Windows 2000 Service Pack 4: http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp

REPORTED BY / CREDITS:
Yuu Arai and Hisayuki Shinmachi (SecureNet Service).

ORIGINAL ADVISORY: http://www.lac.co.jp/security/english/snsadv_e/65_e.html

0 пользователей читают эту тему (0 гостей и 0 скрытых пользователей)

0 пользователей:

[ Script execution time: 0,0141 ] [ 15 queries used ] [ Generated: 16.04.24, 04:53 GMT ]