SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Internet Authentication Service/Network Policy Server RADIUS Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1031532
SecurityTracker URL:  http://securitytracker.com/id/1031532
CVE Reference:   CVE-2015-0015   (Links to External Site)
Date:  Jan 13 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, 2008 SP2, 2008 R2 SP1, 2012, 2012 R2; and prior service packs
Description:   A vulnerability was reported in Microsoft Internet Authentication Service/Network Policy Server. A remote user can cause denial of service conditions.

A remote user can send specially crafted RADIUS username strings to the target Internet Authentication Service (IAS) or Network Policy Server (NPS) to cause the target system to stop responding, preventing RADIUS authentication.

Impact:   A remote user can cause the target RADIUS server to stop responding.
Solution:   The vendor has issued the following fixes:

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=AB611773-DC84-4432-87D6-715253C4D52B

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=664CAD9C-9947-4158-9577-C44E85395957

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=55E3C9D1-7A87-4521-86B1-0B43C9AA85A7

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=AE519667-DDD0-416D-972B-008C76436176

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=63D32B24-79F0-422A-85C6-1CBD9C009A64

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=6E06A446-5586-42FC-B3A4-53188D7EDCAE

Windows Server 2012:

http://www.microsoft.com/downloads/details.aspx?familyid=A38845DC-9E16-4539-932F-40DB448CCB31

Windows Server 2012 R2:

http://www.microsoft.com/downloads/details.aspx?familyid=567C46A9-FBF8-406E-8065-8BC5F1BB2D44

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-007

Vendor URL:  technet.microsoft.com/library/security/ms15-007 (Links to External Site)
Cause:   Input validation error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC