|
Windows DNS Resolution Code Execution Vulnerabilities
|
|
Secunia Advisory:
|
SA21394
|
|
|
Release Date:
|
2006-08-08
|
|
Last Update:
|
2006-08-15
|
|
Popularity:
|
15,190 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-3440
CVE-2006-3441
|
|
Description:
Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
1) A boundary error in the Remote Access AutoDial Helper library (rasadhlp.dll) when performing hostname look-ups can be exploited to cause a stack-based buffer overflow via an overly long string.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
2) Some errors exists in the DNS Client service when processing DNS responses. This can be exploited to corrupt memory by returning a DNS response with a specially crafted "TXT", "HINFO", "X25", "ISDN", or "ATMA" record.
Successful exploitation allows execution of arbitrary code.
Solution:
Apply patches.
Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=144408a7-3011-458a-bc79-49b1658aa25d
Windows XP SP1/SP2:
http://www.microsoft.com/downloads/de...=c332b95a-2956-406b-9e06-07c5e96b02e3
Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/de...=1be5310b-1995-4ef9-a462-04da9833f50b
Windows Server 2003 (optionally with SP1):
http://www.microsoft.com/downloads/de...=6d027e72-1f94-44de-95f9-f52000a991cc
Windows Server 2003 for Itanium-based systems (optionally with SP1):
http://www.microsoft.com/downloads/de...=18477016-0b70-4c86-90c7-3535d365b7c1
Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/de...=583b741c-47e2-429d-9d50-44670bb2f452
Provided and/or discovered by:
1) Peter Winter Smith, NGS Software.
2) ISS X-Force
Changelog:
2006-08-09: Added links to US-CERT. Added additional information provided by ISS X-Force.
2006-08-15: Added link to NGSSoftware advisory.
Original Advisory:
MS06-041 (KB920683):
http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx
NGSSoftware:
http://www.ngssoftware.com/advisories...-in-microsoft-windows-dns-resolution/
ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/233
http://xforce.iss.net/xforce/alerts/id/234
http://xforce.iss.net/xforce/alerts/id/235
Other References:
US-CERT VU#794580:
http://www.kb.cert.org/vuls/id/794580
US-CERT VU#908276:
http://www.kb.cert.org/vuls/id/908276
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
