List Info

Thread: PCWorks: Microsoft Windows SNMP Service Buffer Overflow Vulnerability
PCWorks: Microsoft Windows SNMP Service Buffer Overflow Vulnerability
user name
 2006-12-13 08:12:57 
(Not installed by default on any Windows)


TITLE:
Microsoft Windows SNMP Service Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA23307

VERIFY ADVISORY:
http://secunia.c
om/advisories/23307/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From local network

OPERATING SYSTEM:
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/p
roduct/1174/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/p
roduct/1175/
Microsoft Windows XP Professional
http://secunia.com/pro
duct/22/
Microsoft Windows XP Home Edition
http://secunia.com/pro
duct/16/
Microsoft Windows 2000 Server
http://secunia.com/pro
duct/20/
Microsoft Windows 2000 Professional
http://secunia.com/prod
uct/1/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/p
roduct/1177/
Microsoft Windows 2000 Advanced Server
http://secunia.com/pro
duct/21/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/p
roduct/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/p
roduct/1176/

DESCRIPTION:
A vulnerability has been reported in Microsoft Windows,
which 
can be
exploited by malicious people to compromise a vulnerable 
system.

The vulnerability is caused due to a boundary error in the
SNMP
service and can be exploited to cause a buffer overflow via
a
specially crafted message.

Successful exploitation allows execution of arbitrary code.

SOLUTION:
Apply patches.

Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=ef2dbcb6-cc8e-4299-a1e
6-e6db202b41d5

Windows XP SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=2b57e00f-0f47-4567-b40
f-f630ba5a29cb

Windows XP Professional x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=65ab5876-7c9a-4add-8b6
d-0fd7d617397a

Windows Server 2003 (optionally with SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=7856ee11-4f3a-4138-bfc
e-1b97fb25be69

Windows Server 2003 for Itanium-based systems (optionally
with 
SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=c1b01b91-c565-4d1f-90e
c-f57a70fa012e

Microsoft Windows Server 2003 x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=5b61249a-dba7-4fd5-85f
3-b918044bbc92

ORIGINAL ADVISORY:
MS06-074 (KB926247):
http://www.microsoft.com/technet/security/Bullet
in/MS06-074.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )