SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Remote Access Service Vendors:   Microsoft
Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016285
SecurityTracker URL:  http://securitytracker.com/id/1016285
CVE Reference:   CVE-2006-2370, CVE-2006-2371   (Links to External Site)
Updated:  Jun 27 2006
Original Entry Date:  Jun 13 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Windows Routing and Remote Access Service. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted RPC data to the routing and remote access ervice to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Two separate buffer overflows were reported, one affecting system memory and one affecting the registry.

Microsoft credits Peter Winter-Smith of NGS Software with reporting one of the buffer overflow vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   On June 27, 2006, Microsoft issued revised updates to address the dial-up networking issues affecting customers (as identified in Microsoft Knowledge Base Article 911280 http://support.microsoft.com/kb/911280):

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=c1af96b2-2807-444b-82df-b6b61ec63715

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=74838e2b-bd5f-4584-81f1-3250e6b69728

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=09d1a284-6a16-44a5-a95e-8eb566401ce9

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=b4264cb9-8979-40e8-b903-bc8deda00fec

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=890535c9-98cf-49a9-ae50-178e3c5fac6b

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bf9cef95-89fd-4ec3-be0a-93902f2bb768

A restart is required.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms06-025.mspx (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 24 2006 (Exploit Code is Available) Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code
Exploit code is available.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC