Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Переполнение буфера в telnet сервере Microsoft (buffer overflow)

From:MICROSOFT <secure_(at)_microsoft.com>
Date:08.02.2002
Subject:Security Bulletin MS02-004

- ----------------------------------------------------------------------
Title:      Unchecked Buffer in Telnet Server Could Lead to Arbitrary
           Code Execution
Date:       07 February 2002
Software:   Telnet Service in Microsoft Windows 2000; Telnet
           Daemon in Microsoft Interix 2.2
Impact:     Denial of Service; Possibly Run Code of Attacker's Choice
Max Risk:   Moderate
Bulletin:   MS02-004

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-004.asp.
- -
- ----------------------------------------------------------------------

Issue:
======
The Telnet protocol provides remote shell capabilities. Microsoft has
implemented the Telnet protocol by providing a Telnet Server in
several products. The implementations in two of these products
- - - Windows 2000 and Interix 2.2 - contain unchecked buffers in the
code that handles the processing of telnet protocol options.

An attacker could use this vulnerability to perform a buffer
overflow attack. A successful attack could cause the Telnet Server
to fail, or in some cases, could possibly allow an attacker to
execute code of her choice on the system. Such code would execute
using the security context of the Telnet service, but this context
varies from product to product. In Windows 2000, the Telnet service
always runs as System; in the Interix implementation, the
administrator selects the security context in which to run as part
of the installation process.

Mitigating Factors:
====================
- While the Telnet Service in Windows 2000 is installed by default,
  it is not running by default. As a result, a Windows 2000 system
  would only be vulnerable if the administrator had started the
  service

- Remotely exploiting this vulnerability would require the attacker
  to have the ability to connect to the Telnet Server. Best
  practices recommends against allowing Telnet access on
  uncontrolled networks.

- The Telnet Daemon in Interix 2.2 is not installed by default when
  Interix 2.2 is installed. An administrator would have to choose
  to install and configure this feature.

- The Telnet Daemon in Interix does not specify a security context
  by default. The administrator specifies the security context when
  they configure or run the daemon. Best practices recommend that
  the Telnet Daemon run in a context of least privilege, meaning
  that it have only those rights necessary and no more.

Risk Rating:
============
- Internet systems: Moderate
- Intranet systems: Moderate
- Client systems: Moderate

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
  Security Bulletin at
  http://www.microsoft.com/technet/security/bulletin/ms02-004.asp
  for information on obtaining this patch.


- -
- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQEVAwUBPGMy/40ZSRQxA/UrAQHWRQgAoU4jNlmYZyo1bh+diOeH0Xq5xUjM3bPH
3XL2ldr6kjzJuJBLBmiSfFyxIerQ5aQoDawnf19pzXeTJgHFNBUqA4dBtfIPyCQM
EWGOkxRzWH/hPdZ+buQG7tlwLtcsDLgzhT2aJoVJFyqwxLPTtBWJJgR8ncrv8Jsv
EEAMGtXNwG1CpVgYm1pxXn/1xr1X3OysRhsGfjr0OeDSb/sHSiXtuIWB71ZqU9RN
drtgUA28uMyvzD5tw3v8uGxBo1Ct3i8FV+J2UPeXFxT/ZiZKax4I5HmzVhzjEfE2
vSUzTPIRKW9qrNvTgbrHgPG8C4ZX09ngfSb6vICF4akEyGt4TB7NCw==
=0sRz
-----END PGP SIGNATURE-----

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod