SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Logon (Winlogon) Vendors:   Microsoft
Microsoft Winlogon Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1009768
SecurityTracker URL:  http://securitytracker.com/id/1009768
CVE Reference:   CVE-2003-0806   (Links to External Site)
Date:  Apr 14 2004
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A buffer overflow vulnerability was reported in the Windows logon process (Winlogon). A remote user may be able to execute arbitrary code on the target system.

Microsoft reported that winlogon does not validate the size of a domain-based value before copying it to the allocated buffer. A remote user with privileges to modify user objects in a domain can supply a specially crafted value to trigger a buffer overflow and execute arbitrary code on the target system.

Only systems that are members of a domain are vulnerable, the report said.

Microsoft credits Ondrej Sevecek with reporting this vulnerability.

Impact:   A remote user with privileges to modify user objects in a domain can execute arbitrary code on the target system.
Solution:   Patches are available for the following operating systems [please note that even though we have listed all the patches provided in MS04-011, not all operating systems are affected equally by all vulnerabilities]:

Microsoft Windows NT Workstation 4.0 Service Pack 6a:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7F1713FC-F95C-43E5-B825-3CF72C1A0A3E&displaylang=en

Microsoft Windows NT Server 4.0 Service Pack 6a:

http://www.microsoft.com/downloads/details.aspx?FamilyId=67A6F461-D2FC-4AA0-957E-3B8DC44F9D79&displaylang=en

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=62CBA527-A827-4777-8641-28092D3AAE4F&displaylang=en

Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows XP and Microsoft Windows XP Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en

Microsoft Windows XP 64-Bit Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C6B55EF2-D9FE-4DBE-AB7D-73A20C82FF73&displaylang=en

Microsoft Windows XP 64-Bit Edition Version 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en

Microsoft Windows Server 2003 64-Bit Edition:

http://downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft NetMeeting: (no URL was provided)

A restart is required after installating any of these patches.

For Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME), the vendor indicates that you should read the "FAQ section" of the security bulletin for details about these operating systems.

Microsoft reports that the security update for Windows NT Server 4.0 Terminal Server Edition Service Pack 6 requires that you first have installed the Windows NT Server 4.0 Terminal Server Edition Security Rollup Package (SRP).

Although the MS04-011 bulletin addresses many vulnerabilities, it is not a cumulative security update, the vendor said.

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms04-011.mspx (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents

Subject:  CVE-2003-0806


http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

 > Microsoft Security Bulletin MS04-011
 > Security Update for Microsoft Windows (835732)

 > Issued: April 13, 2004

Windows NT 4.0, Windows 2000, and Windows XP

CVE:  CAN-2003-0806

A buffer overrun vulnerability was reported in the Windows logon process (Winlogon).  A 
remote user may be able to execute arbitrary code on the target system.

Microsoft reported that winlogon does not validate the size of a domain-based value before 
copying it to the allocated buffer.  A remote user with privileges to modify user objects 
in a domain can supply a specially crafted value to trigger a buffer overflow and execute 
arbitrary code on the target system.

Only systems that are members of a domain are vulnerable, the report said.

Microsoft credits Ondrej Sevecek with reporting this vulnerability.


Patches are available for the following operating systems [please note that even though we 
have listed all the patches provided in MS04-011, not all operating systems are affected 
equally by all vulnerabilities]:


http://www.microsoft.com/downloads/details.aspx?FamilyId=7F1713FC-F95C-43E5-B825-3CF72C1A0A3E&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=67A6F461-D2FC-4AA0-957E-3B8DC44F9D79&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=62CBA527-A827-4777-8641-28092D3AAE4F&displaylang=en

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=C6B55EF2-D9FE-4DBE-AB7D-73A20C82FF73&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en


http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en


http://downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en


A restart is required after installating any of these patches.

For Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows 
Millennium Edition (ME), the vendor indicates that you should read the "FAQ section" of 
the security bulletin for details about these operating systems.

Microsoft reports that the security update for Windows NT Server 4.0 Terminal Server 
Edition Service Pack 6 requires that you first have installed the Windows NT Server 4.0 
Terminal Server Edition Security Rollup Package (SRP).

Although the MS04-011 bulletin addresses many vulnerabilities, it is not a cumulative 
security update, the vendor said.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC