Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code
|
SecurityTracker Alert ID: 1016285 |
SecurityTracker URL: http://securitytracker.com/id/1016285
|
CVE Reference:
CVE-2006-2370, CVE-2006-2371
(Links to External Site)
|
Updated: Jun 27 2006
|
Original Entry Date: Jun 13 2006
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Windows Routing and Remote Access Service. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted RPC data to the routing and remote access ervice to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
Two separate buffer overflows were reported, one affecting system memory and one affecting the registry.
Microsoft credits Peter Winter-Smith of NGS Software with reporting one of the buffer overflow vulnerabilities.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
On June 27, 2006, Microsoft issued revised updates to address the dial-up networking issues affecting customers (as identified in Microsoft Knowledge Base Article 911280 http://support.microsoft.com/kb/911280):
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=c1af96b2-2807-444b-82df-b6b61ec63715
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=74838e2b-bd5f-4584-81f1-3250e6b69728
Microsoft Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=09d1a284-6a16-44a5-a95e-8eb566401ce9
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=b4264cb9-8979-40e8-b903-bc8deda00fec
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=890535c9-98cf-49a9-ae50-178e3c5fac6b
Microsoft Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=bf9cef95-89fd-4ec3-be0a-93902f2bb768
A restart is required.
The vendor's advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms06-025.mspx (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS: Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|