MS Sec Notification mailing list archives
Microsoft Security Bulletin MS03-024: Buffer Overrun in Windows Could Lead to Data Corruption (Q817606)
From: "Microsoft" <0_49880_04BF067D-4CF8-4245-B5C1-58573E5746A8_US () Newsletters Microsoft com>
Date: Wed, 9 Jul 2003 12:44:50 -0700
-----BEGIN PGP SIGNED MESSAGE----- - - ----------------------------------------------------------------- Title: Buffer Overrun in Windows Could Lead to Data Corruption (817606) Date: 09 July 2003 Software: - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0, Terminal Server Edition - Microsoft Windows 2000 - Windows XP Professional Impact: Allow an attacker to execute code of their choice Max Risk: Important Bulletin: MS03-024 Microsoft encourages customers to review the Security Bulletins at: http://www.microsoft.com/technet/security/bulletin/MS03- 024.asp http://www.microsoft.com/security/security_bulletins/ms03-024.asp - - ----------------------------------------------------------------- Issue: ====== Server Message Block (SMB) is the Internet Standard protocol that Windows uses to share files, printers, serial ports, and to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources, and servers make SMB responses in what's described as a client server request-response protocol. A flaw exists in the way that the server validates the parameters of an SMB packet. When a client system sends an SMB packet to the server system, it includes specific parameters that provide the server with a set of "instructions." In this case, the server is not properly validating the buffer length established by the packet. If the client specifies a buffer length that is less than what is needed, it can cause the buffer to be overrun. By sending a specially crafted SMB packet request, an attacker could cause a buffer overrun to occur. If exploited, this could lead to data corruption, system failure, or-in the worst case- it could allow an attacker to run the code of their choice. An attacker would need a valid user account and would need to be authenticated by the server to exploit this flaw. Mitigating Factors: ==================== - Windows Server 2003 is not affected by this vulnerability. - By default, it is not possible to exploit this flaw anonymously. The attacker would have to be authenticated by the server prior to attempting to send a SMB packet to it. - Blocking port 139/445 at the firewall will prevent the possibility of an attack from the Internet. Risk Rating: ============ - Important Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletins at http://www.microsoft.com/technet/security/bulletin/ms03-024.asp http://www.microsoft.com/security/security_bulletins/ms03-024.asp for information on obtaining this patch. Acknowledgment: =============== - Microsoft thanks Jeremy Allison and Andrew Tridgell, Samba Team for reporting this issue to us and working with us to protect customers. - - ----------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQEVAwUBPwxcW40ZSRQxA/UrAQGH+ggAkkkYxL2EcptHtP3WAHCYp00a9OZ7NDYg nN49feSUNjHiQcPgxs7o4JN20t6sS1SANeweKc1DZLsPcc60L0XSBA1DiA5iwxIY Hh3h4V91BvUqF7z7H7ciaKm8YGv5Z1Sl5BO4NvM8Yo7uo6/gRxzgR8nzma2D6W15 RjDgvtahnBw47t3kEA6E/IoeqTI6sc7GmsCna3NPW1dPAVBYnHWP5jgauhXqxyER 1aioIvZkuwiYa/OcTv/oXhxueloubwXbvByFTuVKUiIAasAWWQ7Yd5WyKP1RoacW 0C0CRwX5KUXNsaS34GLK1AvQwvk+rya/epcmay4AQYHugy+eZ5RJNQ== =1WAq -----END PGP SIGNATURE----- ******************************************************************* You have received this e-mail bulletin because of your subscription to the Microsoft Product Security Notification Service. For more information on this service, please visit http://www.microsoft.com/technet/security/notify.asp. To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp. To unsubscribe from the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp If you do not wish to use Microsoft Passport, you can unsubscribe from the Microsoft Security Notification Service via email as described below: Reply to this message with the word UNSUBSCRIBE in the Subject line. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security.
Current thread:
- Microsoft Security Bulletin MS03-024: Buffer Overrun in Windows Could Lead to Data Corruption (Q817606) Microsoft (Jul 09)
- <Possible follow-ups>
- Microsoft Security Bulletin MS03-024: Buffer Overrun in Windows Could Lead to Data Corruption (Q817606) Microsoft (Aug 11)