Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Generic) > Microsoft Remote Access Service

Vendors: Microsoft

Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1016285

SecurityTracker URL: http://securitytracker.com/id/1016285

CVE Reference: CVE-2006-2370, CVE-2006-2371 (Links to External Site)

Updated: Jun 27 2006

Original Entry Date: Jun 13 2006

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Description: A vulnerability was reported in Windows Routing and Remote Access Service. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted RPC data to the routing and remote access ervice to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Two separate buffer overflows were reported, one affecting system memory and one affecting the registry.

Microsoft credits Peter Winter-Smith of NGS Software with reporting one of the buffer overflow vulnerabilities.

Impact: A remote user can execute arbitrary code on the target system.

Solution: On June 27, 2006, Microsoft issued revised updates to address the dial-up networking issues affecting customers (as identified in Microsoft Knowledge Base Article 911280 http://support.microsoft.com/kb/911280):

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=c1af96b2-2807-444b-82df-b6b61ec63715

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=74838e2b-bd5f-4584-81f1-3250e6b69728

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=09d1a284-6a16-44a5-a95e-8eb566401ce9

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=b4264cb9-8979-40e8-b903-bc8deda00fec

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=890535c9-98cf-49a9-ae50-178e3c5fac6b

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bf9cef95-89fd-4ec3-be0a-93902f2bb768

A restart is required.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms06-025.mspx (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (2000), Windows (2003), Windows (XP)

Message History: This archive entry has one or more follow-up message(s) listed below.

(Exploit Code is Available) Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code
Exploit code is available.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2021, SecurityGlobal.net LLC