TITLE:
Windows SMB Denial of Service and Privilege Escalation
SECUNIA ADVISORY ID:
SA20635
VERIFY ADVISORY:
http://secunia.c
om/advisories/20635/
CRITICAL:
Less critical
IMPACT:
Privilege escalation, DoS
WHERE:
Local system
OPERATING SYSTEM:
Microsoft Windows XP Professional
http://secunia.com/pro
duct/22/
Microsoft Windows XP Home Edition
http://secunia.com/pro
duct/16/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/p
roduct/1176/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/p
roduct/1173/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/p
roduct/1174/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/p
roduct/1175/
Microsoft Windows 2000 Server
http://secunia.com/pro
duct/20/
Microsoft Windows 2000 Professional
http://secunia.com/prod
uct/1/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/p
roduct/1177/
Microsoft Windows 2000 Advanced Server
http://secunia.com/pro
duct/21/
DESCRIPTION:
Two vulnerabilities have been reported in Microsoft Windows,
which
can be exploited by malicious, local users to cause a DoS
(Denial of
Service) and gain escalated privileges.
1) An input validation error exists within the
"MRxSmbCscIoctlOpenForCopyChunk()" function in
MRXSMB.SYS when
handling certain DeviceIoControl requests. This can be
exploited to
overwrite kernel memory and allows arbitrary code execution
with
escalated privileges.
2) An input validation error exists within the
"MrxSmbCscIoctlCloseForCopyChunk()" function in
MRXSMB.SYS when
handling certain requests. This can be exploited to cause a
deadlock,
which potentially leads to a DoS, by passing an invalid
handle
to the
function.
SOLUTION:
Apply patches.
Microsoft Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=6ec86784-6b12-410b-806
8-028c58ed5df7
Microsoft Windows XP SP1 or SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=c17ddc07-204b-4a7f-8c5
a-36b7865a030c
Microsoft Windows XP Professional x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=89fbbdd0-7504-4807-933
7-08324aa457e7
Microsoft Windows Server 2003 (with or without SP1):
http://www.micro
soft.com/downloads/details.aspx?FamilyId=%2043d69a41-6acb-4c
64-89dc-2b9aef6e98fd
Microsoft Windows Server 2003 (Itanium) (with or without
SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=e1d13c18-72d1-40b8-95b
3-08aef8db9213
Microsoft Windows Server 2003 x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=b6018a61-b0ec-467e-902
5-059d3c9f1c5f
ORIGINAL ADVISORY:
MS06-030 (KB914389):
http://www.microsoft.com/technet/security/Bullet
in/MS06-030.mspx
iDEFENSE:
http://www.idefense.com/intelligence/vuln
erabilities/display.php?id=408
http://www.idefense.com/intelligence/vuln
erabilities/display.php?id=409
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|