SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft Distributed File System Vendors:   Microsoft
Microsoft Distributed File System Bugs Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1025639
SecurityTracker URL:  http://securitytracker.com/id/1025639
CVE Reference:   CVE-2011-1868, CVE-2011-1869   (Links to External Site)
Date:  Jun 14 2011
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs
Description:   Two vulnerabilities were reported in Microsoft Distributed File System. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

A remote user can send a specially crafted Distributed File System (DFS) response in response to a DFS client request to execute arbitrary code on the target system [CVE-2011-1868]. The code will run with the privileges of the target service.

A remote user can send specially crafted DFS referral responses to cause the target system to stop responding until manually restarted [CVE-2011-1869]. Laurent Gaffie of NGS Software reported this vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=67A25ABD-F43C-4B01-B507-A109B739238F

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=AF6B7627-C462-45FE-8948-70DA37E60659

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3AA8F1BC-07DE-451A-8244-1733247E6F2E

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E9018258-5A72-47A1-8584-3D1AA52317C3

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=96309C49-4822-4C47-B364-2BA65327CAC5

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=ADED8F20-479D-40C1-9560-C0581C6F77A2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=962CB40C-680C-4C37-98D4-CA9789CA7270

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=8EBFA067-0236-4454-8605-DF1B99742F90

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=F1D76B82-9996-4D08-894B-9C16A4B3BB1E

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=F80C89C6-27AB-4F6A-AFAD-9C8E92CBBCE4

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=9DE1BF5D-6F25-496D-BC44-A32C5E8920FE

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=50D1C677-57AA-4E3F-BDFC-6F01B5D3BFE2

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=9D66B1E7-DBF9-4475-A973-49FB85557ECA

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=3C8455F1-B8A0-4BA2-84A2-043D25EF75C5

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-042.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms11-042.mspx (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC