SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft ASN.1 Library Vendors:   Microsoft
Microsoft ASN.1 Library (msasn1.dll) Double-Free Memory Allocation Error May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1009754
SecurityTracker URL:  http://securitytracker.com/id/1009754
CVE Reference:   CVE-2004-0123   (Links to External Site)
Date:  Apr 13 2004
Impact:   Denial of service via network, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A double-free memory allocation error was reported in Microsoft's ASN.1 library implementation. A remote user can cause the target service to crash or potentially execute arbitrary code.

Foundstone reported a double-free heap memory corruption vulnerability in Microsoft's ASN.1 DLL (msasn1.dll). A remote user can reportedly supply a specially crafted encoded ASN.1 value to the ASN1BERDecZeroCharString() function to cause previously deallocated memory to be deallocated again. As a result, the target process may crash or potentially execute arbitrary code.

This flaw can reportedly be exploited by a variety of services, including SMB, RPC, HTTP, HTTPS, and others.

Microsoft credits Foundstone and Qualys with reporting this flaw.

Impact:   A remote user can cause the target service to crash [Microsoft reports that this is likely to be the most common impact].

A remote user may be able to execute arbitrary code on the target system.

Solution:   Patches are available for the following operating systems [please note that even though we have listed all the patches provided in MS04-011, not all operating systems are affected equally by all vulnerabilities]:

Microsoft Windows NT Workstation 4.0 Service Pack 6a:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7F1713FC-F95C-43E5-B825-3CF72C1A0A3E&displaylang=en

Microsoft Windows NT Server 4.0 Service Pack 6a:

http://www.microsoft.com/downloads/details.aspx?FamilyId=67A6F461-D2FC-4AA0-957E-3B8DC44F9D79&displaylang=en

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=62CBA527-A827-4777-8641-28092D3AAE4F&displaylang=en

Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and
Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows XP and Microsoft Windows XP Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en

Microsoft Windows XP 64-Bit Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C6B55EF2-D9FE-4DBE-AB7D-73A20C82FF73&displaylang=en

Microsoft Windows XP 64-Bit Edition Version 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en

Microsoft Windows Server 2003 64-Bit Edition:

http://downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft NetMeeting: (no URL was provided)

A restart is required after installating any of these patches.

For Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME), the vendor indicates that you should read the "FAQ section" of the security bulletin for details about these operating systems.

Microsoft reports that the security update for Windows NT Server 4.0 Terminal Server Edition Service Pack 6 requires that you first have installed the Windows NT Server 4.0 Terminal Server Edition Security Rollup Package (SRP).

Although the MS04-011 bulletin addresses many vulnerabilities, it is not a cumulative
security update, the vendor said.

Microsoft reports that this vulnerability is similar to the flaws reported in MS04-007 but was not corrected by MS04-007. The new fix includes the fixes in MS04-007.

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms04-011.mspx (Links to External Site)
Cause:   State error
Underlying OS:  Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  http://www.foundstone.com/products/sa/fs-sa-04-13-04.pdf


http://www.foundstone.com/products/sa/fs-sa-04-13-04.pdf

CVE: CAN-2004-0123

Foundstone reported a double-free heap memory corruption vulnerability in Microsoft's 
ASN.1 DLL (msasn1.dll).  A remote user can reportedly supply a specially crafted encoded 
ASN.1 value to the ASN1BERDecZeroCharString() function to cause previously deallocated 
memory to be deallocated again.  As a result, the target process may crash or potentially 
execute arbitrary code.

This flaw can reportedly be exploited by a variety of services, including SMB, RPC, HTTP, 
HTTPS, and others.

Microsoft has issued a fix as part of MS04-011:

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

 > Microsoft Security Bulletin MS04-011
 > Security Update for Microsoft Windows (835732)

Microsoft has assigned a 'Critical' severity rating for NT 4.0, 2000, 2003, and XP.

Patches are available for the following operating systems [please note that even though we 
have listed all the patches provided in MS04-011, not all operating systems are affected 
equally by all vulnerabilities]:


http://www.microsoft.com/downloads/details.aspx?FamilyId=7F1713FC-F95C-43E5-B825-3CF72C1A0A3E&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=67A6F461-D2FC-4AA0-957E-3B8DC44F9D79&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=62CBA527-A827-4777-8641-28092D3AAE4F&displaylang=en

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=C6B55EF2-D9FE-4DBE-AB7D-73A20C82FF73&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en


http://downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en


A restart is required after installating any of these patches.

For Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows 
Millennium Edition (ME), the vendor indicates that you should read the "FAQ section" of 
the security bulletin for details about these operating systems.

Microsoft reports that the security update for Windows NT Server 4.0 Terminal Server 
Edition Service Pack 6 requires that you first have installed the Windows NT Server 4.0 
Terminal Server Edition Security Rollup Package (SRP).

Although the MS04-011 bulletin addresses many vulnerabilities, it is not a cumulative 
security update, the vendor said.

Microsoft reports that this update causes files that end with the file name extension 

Microsoft reports that this vulnerability is similar to the flaws reported in MS04-007 but 
was not corrected by MS04-007.  The new fix includes the fixes in MS04-007.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC