Date: 01 August 2006
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0527 -- [Win]
Vulnerability in Server Driver could result in Denial of Service
1 August 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Windows
Publisher: ISS
Operating System: Windows Server 2003
Windows XP
Windows 2000
Impact: Denial of Service
Access: Remote/Unauthenticated
Original Bulletin: http://xforce.iss.net/xforce/alerts/id/231
- --------------------------BEGIN INCLUDED TEXT--------------------
Internet Security Systems Protection Brief
July 28, 2006
Vulnerability in Server Driver could result in Denial of Service
Summary:
Multiple versions of Microsoft Windows are vulnerable to a null pointer
dereference in the server driver (srv.sys). By sending a specially-crafted
network packet to an affected system, a remote attacker could cause the
system to crash.
Business Impact:
Attackers can reliably cause Microsoft Windows to blue screen. Users must
reboot to recover from the crash. An exploit is available in the wild. As of
this writing no patch is available for the vulnerability.
Affected Products:
Microsoft Corporation: Windows 2000 SP4
Microsoft Corporation: Windows Server 2003
Microsoft Corporation: Windows Server 2003 Itanium
Microsoft Corporation: Windows Server 2003 SP1
Microsoft Corporation: Windows Server 2003 SP1 Itanium
Microsoft Corporation: Windows Server 2003 x64 Edition
Microsoft Corporation: Windows XP Pro x64 Edition
Microsoft Corporation: Windows XP SP1
Microsoft Corporation: Windows XP SP2
Description:
An exploit was released into the wild that was misconstrued as a denial of
service proof of concept for the Windows Mailslot vulnerability (MS06-035).
In fact, this proof of concept exploits a different vulnerability, which has
not been patched, caused by a null pointer dereference. It is unlikely that
this vulnerability could result in remote code execution; however, complete
system crashes are reliable. As there is no patch available for this problem
at the time of this writing, ISS has decided to provide coverage on an
expedited basis.
Mitigation:
The vulnerability exists in the Server Message Block protocol which runs on
TCP ports 139 and 445. Both of these ports should be blocked at perimeter
firewalls, both inbound and outbound.
Reference:
http://xforce.iss.net/xforce/alerts/id/231
______________________________________________________________________
About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) is the trusted security advisor to
thousands of the world's leading businesses and governments, providing
preemptive protection for networks, desktops and servers. An established
leader in security since 1994, ISS' integrated security platform
automatically protects against both known and unknown threats, keeping
networks up and running and shielding customers from online attacks before
they impact business assets. ISS products and services are based on the
proactive security intelligence of its X-ForceĀ® research and development
team - the unequivocal world authority in vulnerability and threat research.
ISS' product line is also complemented by comprehensive Managed Security
Services. For more information, visit the Internet Security Systems Web site
at www.iss.net or call 800-776-2362.
Copyright (c) 2006 Internet Security Systems, Inc. All rights reserved
worldwide.
This document is not to be edited or altered in any way without the
express written consent of Internet Security Systems, Inc. If you wish
to reprint the whole or any part of this document, please email
xforce@iss.net for permission. You may provide links to this document
from your web site, and you may make copies of this document in
accordance with the fair use doctrine of the U.S. copyright laws.
Disclaimer: The information within this paper may change without notice. Use
of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this
information or its use. Any use of this information is at the user's risk.
In no event shall the author/distributor (Internet Security Systems X-Force)
be held liable for any damages whatsoever arising out of or in connection
with the use or spread of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRM6lTCh9+71yA2DNAQJr5AP8CUCGalwq13yllodpXp8niXpcrKVslovc
3g0IiCS5pHSAfZ3i8Sg4EaJZg0+lO7E9VYU1KNBG14KI7tIa6ZM9qrIh6RYl795Y
6kNpmclvqPFcEBAOVEl4LnqsvhbDnTeLpMt0NewKYw+zTaSDz8DhqVXW5zmEpYHe
grBPFAB3NT0=
=mENq
-----END PGP SIGNATURE-----
|