SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Directory)  >   Microsoft Active Directory Vendors:   Microsoft
Microsoft Active Directory Federation Services Lets Remote Authenticated Users Execute Arbitrary Code and Spoof Web Sites
SecurityTracker Alert ID:  1023296
SecurityTracker URL:  http://securitytracker.com/id/1023296
CVE Reference:   CVE-2009-2508, CVE-2009-2509   (Links to External Site)
Date:  Dec 8 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, 2008 SP2
Description:   Two vulnerabilities were reported in Microsoft Active Directory Federation Services. A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can spoof web sites in certain cases.

A remote authenticated user with access to a workstation and website that offers single sign on that has been recently used by the target user can impersonate a target user [CVE-2009-2508].

A remote authenticated user can send specially crafted request headers to a target web server that has Active Directory Federation Services (ADFS) enabled to execute arbitrary code on the IIS server with the privileges of the target Worker Process Identity (WPI) [CVE-2009-2509].

Impact:   A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can spoof a web site in certain cases.

Solution:   The vendor has issued the following fixes:

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=31351b9e-b5bb-4618-990b-1089ea5a3bc2

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=b6eb9d9b-1a43-4b30-a033-19a1db786244

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=f6715abb-fd93-44ba-9854-2ecc672622da

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7d1f5e9e-a7de-4f96-89c8-510fd51f16e7

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-070.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-070.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2003), Windows (2008)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC