Microsoft Network Monitor Software Vulnerable to Multiple Overflows

Microsoft has released a security bulletin and patches to address a vulnerability in the "protocol parser" feature of Network Monitor

Steve Manzuik

October 31, 2000

1 Min Read
ITPro Today logo

Reported November 1, 2000 by Microsoft

VERSIONS AFFECTED

DESCRIPTIONMicrosoft has released a security bulletin and patch to address a security vulnerability that could allow a malicious user to gain control of an affected server.

Network Monitor, shipped with SMS Server 1.2, 2.0 and Windows 2000 Server versions, contains a protocol parser that aids in interpreting and analyzing previously captured network data.  If a malicious user was to send a specially crafted frame to a server that was monitoring network traffic it would cause an overflow that would cause Network Monitor to crash and allow the malicious user to launch arbitrary commands. 

VENDOR RESPONSE

Microsoft has released a security bulletin, MS00-0083.  Multiple patches are also available; 

Microsoft Windows NT 4.0 Server and Windows NT 4.0 Server,

Enterprise Edition:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25487

Microsoft Windows NT 4.0 Server, Terminal Server Edition:

To be released shortly.

- Microsoft Windows 2000 Server, Advanced Server and

Datacenter Server:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25485

Microsoft Systems Management Server 1.2:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25505

Microsoft Systems Management Server 2.0:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25514

CREDITDiscovered by NAI Labs, and ISS X-Force

Read more about:

Microsoft
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like