SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   NetMeeting Vendors:   Microsoft
Microsoft NetMeeting Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1001819
SecurityTracker URL:  http://securitytracker.com/id/1001819
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 22 2001
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): NetMeeting Version 3.01 (4.4.3385) on Windows 2000 or Windows NT 4.0
Description:   Microsoft reported a vulnerability in their NetMeeting multimedia conferencing software that allows a remote user to crash the software. The vulnerability is reported to be a variant of a previously announced vulnerability from October 2000.

A remote user can cause denial of service by sending a specially crafted malformed string to a port on which which the NetMeeting service (Mnmsvc.exe) is listening (typically port 1720) if the NetMeeting service has enabled Remote Desktop Sharing. When this occurs, single-processor computers may experience 100 percent CPU usage and dual-processor computers may experience 50 percent CPU usage for the duration of the attack.

The NetMeeting application is reported to be not enabled by default on Windows 2000 and Windows NT 4.0.

Impact:   A remote user can cause 100% CPU usage on a single-processor host by sending a specially crafted message to NetMeeting when Remote Desktop Sharing is enabled on the target host.
Solution:   The vendor has released an updated patch. See the Vendor URL for patch information.
Vendor URL:  www.microsoft.com/technet/security/bulletin/ms00-077.asp (Links to External Site)
Cause:   Exception handling error, Resource error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Microsoft Security Bulletin MS00-077 (version 2.0)


The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title:      Patch Available for "NetMeeting Desktop Sharing" 
            Vulnerability
Released:   13 October 2000
Revised:    21 June 2001 (version 2.0)
Software:   Netmeeting
Impact:     Denial of service
Bulletin:   MS00-077

Microsoft encourages customers to review the Security Bulletin at: 
http://www.microsoft.com/technet/security/bulletin/MS00-077.asp.
- ----------------------------------------------------------------------

Reason for Revision:
====================
A new variant of the originally reported vulnerability has been
found.  
The patch has been updated to address both the original and new 
variants.

Issue:
======
A remote denial of service vulnerability has been discovered in a 
component of Microsoft(r) NetMeeting. The denial of service can occur
when a malicious client sends a particular malformed string to a port
which the NetMeeting service is listening on and with Remote Desktop 
Sharing enabled. 

Although the NetMeeting application is provided as part of Windows(r)
2000 products, the application and affected component is not enabled
by 
default, and customers who have not enabled it would not be at risk 
from this vulnerability. 

Mitigating Factors:
====================
 - NetMeeting is not enabled by default on either Windows 2000 or
   Windows NT(r) 4.0.  
 - The vulnerability could not be used for any broader attack - that 
   is, it could not be used to compromise data within a Netmeeting 
session
   or usurp administrative control of a remote desktop session.

Patch Availability:
===================
 - A patch is available to fix this vulnerability. Please read the 
   Security Bulletin
   http://www.microsoft.com/technet/security/bulletin/ms00-077.asp
   for information on obtaining this patch.

Acknowledgment:
===============
 - Peter Grundl

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED 
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL 
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF 
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL 
MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS 
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. 
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT 
APPLY.




-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBOzKujI0ZSRQxA/UrAQEJ/QgAnP0Kx9rxNVrMYyzAndqQRbC1Svu40nOu
KRwmkGGwusnR7w1FWuDFiWmqkJ1+Kditqhnm0EOGoM8qAZ6p676I46+l1H9/7fiS
Xfb+WwaxU/WiHAwdqaY+Pcbka0dhPcFgwiI5K9XrzACLGSfgUBwfGJmkvEDyEDZn
NnLcJeU2ISDPzdKPywYfCeVpifWR5EltvUqjAvWooOwjh6ga9aS1thREJaEocuyM
ydds+cvqYeCYRQCmK7sciLwi5UOwP7eRiz59h3SS7oz3uTTvIr5QkaSd7eOu6M3u
Bj14GZ+DxxfNC40Rv9TU/tpnwi2LjeNdAosaJfTeYiU+epCixuIbJQ==
=QCFG
-----END PGP SIGNATURE-----

   *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.

To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.

For  more  information on  the  Microsoft  Security Notification  Service
please  visit  http://www.microsoft.com/technet/security/notify.asp.  For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC