Windows : Microsoft Bulletins : Microsoft Windows Server Service Remote Code Execution Vulnerability (921883)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.902782

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows Server Service Remote Code Execution Vulnerability (921883)

Zusammenfassung: This host is missing important security update according to; Microsoft Bulletin MS06-040.

Beschreibung: Summary:
This host is missing important security update according to
Microsoft Bulletin MS06-040.

Vulnerability Insight:
The flaw is due to a boundary error in the 'CanonicalizePathName()'
function in netapi32.dll and can be exploited to cause a stack-based buffer
overflow via a malicious NetrpPathCanonicalize RPC request with an overly
long path name to the Server Service.

Vulnerability Impact:
Successful exploitation could allow remote code execution by sending a
specially crafted RPC request and can take complete control of an affected system.

Affected Software/OS:
- Microsoft Windows XP Service Pack 2 and prior

- Microsoft Windows 2K3 Service Pack 1 and prior

- Microsoft Windows 2000 Service Pack 4 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-3439
BugTraq ID: 19409
http://www.securityfocus.com/bid/19409
Cert/CC Advisory: TA06-220A
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
CERT/CC vulnerability note: VU#650769
http://www.kb.cert.org/vuls/id/650769
Cisco Security Advisory: 20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability
http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html
http://www.dhs.gov/dhspublic/display?content=5789
Microsoft Security Bulletin: MS06-040
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492
http://securitytracker.com/id?1016667
http://secunia.com/advisories/21388
http://www.vupen.com/english/advisories/2006/3210
XForce ISS Database: ms-server-service-bo(28002)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28002

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.902782
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows Server Service Remote Code Execution Vulnerability (921883)
Zusammenfassung:	This host is missing important security update according to; Microsoft Bulletin MS06-040.
Beschreibung:	Summary: This host is missing important security update according to Microsoft Bulletin MS06-040. Vulnerability Insight: The flaw is due to a boundary error in the 'CanonicalizePathName()' function in netapi32.dll and can be exploited to cause a stack-based buffer overflow via a malicious NetrpPathCanonicalize RPC request with an overly long path name to the Server Service. Vulnerability Impact: Successful exploitation could allow remote code execution by sending a specially crafted RPC request and can take complete control of an affected system. Affected Software/OS: - Microsoft Windows XP Service Pack 2 and prior - Microsoft Windows 2K3 Service Pack 1 and prior - Microsoft Windows 2000 Service Pack 4 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3439 BugTraq ID: 19409 http://www.securityfocus.com/bid/19409 Cert/CC Advisory: TA06-220A http://www.us-cert.gov/cas/techalerts/TA06-220A.html CERT/CC vulnerability note: VU#650769 http://www.kb.cert.org/vuls/id/650769 Cisco Security Advisory: 20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html http://www.dhs.gov/dhspublic/display?content=5789 Microsoft Security Bulletin: MS06-040 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492 http://securitytracker.com/id?1016667 http://secunia.com/advisories/21388 http://www.vupen.com/english/advisories/2006/3210 XForce ISS Database: ms-server-service-bo(28002) https://exchange.xforce.ibmcloud.com/vulnerabilities/28002
Copyright	Copyright (C) 2011 Greenbone AG