Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Authentication Service multiple security vulnerabilities
Published:09.12.2009
Source:
SecurityVulns ID:10452
Type:remote
Threat Level:
7/10
Description:MS-CHAP authentication bypass, memory corruption.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability.")
 CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-071 - Critical Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) (09.12.2009)
Files:Microsoft Security Bulletin MS09-071 - Critical Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod