ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA21394] Windows DNS Resolution Code Execution Vulnerabilities

> 
> TITLE:
> Windows DNS Resolution Code Execution Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA21394
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21394/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows Server 2003 Web Edition
> http://secunia.com/product/1176/
> Microsoft Windows Server 2003 Standard Edition
> http://secunia.com/product/1173/
> Microsoft Windows Server 2003 Enterprise Edition
> http://secunia.com/product/1174/
> Microsoft Windows Server 2003 Datacenter Edition
> http://secunia.com/product/1175/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in Microsoft Windows, which
> can be exploited by malicious people to compromise a vulnerable
> system.
> 
> 1) A boundary error in the Winsock API when handling hostnames can be
> exploited to cause a buffer overflow by either tricking a user into
> opening a file or visiting a specially crafted website.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> 2) A boundary error in the DNS Client service when processing DNS
> responses can be exploited to cause a buffer overflow by returning a
> specially crafted DNS response.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> SOLUTION:
> Apply patches.
> 
> Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=14440
> 8a7-3011-458a-bc79-49b1658aa25d
> 
> Windows XP SP1/SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=c332b
> 95a-2956-406b-9e06-07c5e96b02e3
> 
> Windows XP Professional x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=1be53
> 10b-1995-4ef9-a462-04da9833f50b
> 
> Windows Server 2003 (optionally with SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=6d027
> e72-1f94-44de-95f9-f52000a991cc
> 
> Windows Server 2003 for Itanium-based systems (optionally with SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=18477
> 016-0b70-4c86-90c7-3535d365b7c1
> 
> Windows Server 2003 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=583b7
> 41c-47e2-429d-9d50-44670bb2f452
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1) The vendor credits Peter Winter Smith, NGS Software.
> 2) The vendor credits Mark Dowd, ISS X-Force.
> 
> ORIGINAL ADVISORY:
> MS06-041 (KB920683):
> http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx

 



Copyright © Lexa Software, 1996-2009.