ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA20635] Windows SMB Denial of Service and Privilege Escalation

> 
> TITLE:
> Windows SMB Denial of Service and Privilege Escalation
> 
> SECUNIA ADVISORY ID:
> SA20635
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/20635/
> 
> CRITICAL:
> Less critical
> 
> IMPACT:
> Privilege escalation, DoS
> 
> WHERE:
> Local system
> 
> OPERATING SYSTEM:
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows Server 2003 Web Edition
> http://secunia.com/product/1176/
> Microsoft Windows Server 2003 Standard Edition
> http://secunia.com/product/1173/
> Microsoft Windows Server 2003 Enterprise Edition
> http://secunia.com/product/1174/
> Microsoft Windows Server 2003 Datacenter Edition
> http://secunia.com/product/1175/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in Microsoft Windows, which
> can be exploited by malicious, local users to cause a DoS (Denial of
> Service) and gain escalated privileges.
> 
> 1) An input validation error exists within the
> "MRxSmbCscIoctlOpenForCopyChunk()" function in MRXSMB.SYS when
> handling certain DeviceIoControl requests. This can be exploited to
> overwrite kernel memory and allows arbitrary code execution with
> escalated privileges.
> 
> 2) An input validation error exists within the
> "MrxSmbCscIoctlCloseForCopyChunk()" function in MRXSMB.SYS when
> handling certain requests. This can be exploited to cause a deadlock,
> which potentially leads to a DoS, by passing an invalid handle to the
> function.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=6ec86
> 784-6b12-410b-8068-028c58ed5df7
> 
> Microsoft Windows XP SP1 or SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=c17dd
> c07-204b-4a7f-8c5a-36b7865a030c
> 
> Microsoft Windows XP Professional x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=89fbb
> dd0-7504-4807-9337-08324aa457e7
> 
> Microsoft Windows Server 2003 (with or without SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=%2043
> d69a41-6acb-4c64-89dc-2b9aef6e98fd
> 
> Microsoft Windows Server 2003 (Itanium) (with or without SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=e1d13
> c18-72d1-40b8-95b3-08aef8db9213
> 
> Microsoft Windows Server 2003 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=b6018
> a61-b0ec-467e-9025-059d3c9f1c5f
> 
> PROVIDED AND/OR DISCOVERED BY:
> Discovered by Ruben Santamarta and reported via iDEFENSE.
> 
> ORIGINAL ADVISORY:
> MS06-030 (KB914389):
> http://www.microsoft.com/technet/security/Bulletin/MS06-030.mspx
> 
> iDEFENSE:
> http://www.idefense.com/intelligence/vulnerabilities/display.p
> hp?id=408
> http://www.idefense.com/intelligence/vulnerabilities/display.p
> hp?id=409
> 
>

 



Copyright © Lexa Software, 1996-2009.