Microsoft Network Monitor Software Vulnerable to Multiple Overflows

Reported November 1, 2000 by Microsoft

VERSIONS AFFECTED

Network Monitor Software
Windows NT 4.0 Server
Windows NT 4.0 Workstation
Windows NT 4.0 Terminal Server
Windows 2000 Server
Windows 2000 Advanced Server
Windows 2000 Datacenter Server
Systems Management Server 1.2
Systems Management Server 2.0

DESCRIPTION

Microsoft has released a security bulletin and patch to address a security vulnerability that could allow a malicious user to gain control of an affected server.

Network Monitor, shipped with SMS Server 1.2, 2.0 and Windows 2000 Server versions, contains a protocol parser that aids in interpreting and analyzing previously captured network data. If a malicious user was to send a specially crafted frame to a server that was monitoring network traffic it would cause an overflow that would cause Network Monitor to crash and allow the malicious user to launch arbitrary commands.

VENDOR RESPONSE

Microsoft has released a security bulletin, MS00-0083. Multiple patches are also available;

Microsoft Windows NT 4.0 Server and Windows NT 4.0 Server,

Enterprise Edition:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25487

Microsoft Windows NT 4.0 Server, Terminal Server Edition:

To be released shortly.

- Microsoft Windows 2000 Server, Advanced Server and

Datacenter Server:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25485

Microsoft Systems Management Server 1.2:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25505

Microsoft Systems Management Server 2.0:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25514

CREDIT
Discovered by NAI Labs, and ISS X-Force

Comments

Plain text