Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2003.0564 -- Microsoft Security Bulletin MS03-029 (UPDATED)
Flaw in Windows Function Could Allow Denial of Service (823803)
14 August 2003
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Publisher: Microsoft
Operating System: Windows NT 4.0 Server
Impact: Denial of Service
Access Required: Existing Account
CVE Names: CAN-2003-0525
Ref: ESB-2003.0510
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
- - ----------------------------------------------------------------------
Title: Flaw in Windows Function Could Allow Denial of Service
(823803)
Date: 23 July 2003 (Revised 13 August 2003)
Software: Microsoft Windows NT 4.0 Server
Impact: Denial of service
Max Risk: Moderate
Bulletin: MS03-029
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/MS03-029.asp
http://www.microsoft.com/security/security_bulletins/ms03-029.asp
- - ----------------------------------------------------------------------
Issue:
======
Subsequent to issuing this security bulletin, Microsoft identified a
problem with the security patch which specifically affects systems
which have the Remote Access Service (RAS) enabled on them. This
causes RAS to fail when the system is rebooted after applying the
patch. It does not affect other non-RAS functions, nor is there a
problem with the actual fix for the security vulnerability itself.
Microsoft has developed a fix for this issue and is re-releasing this
bulletin to reflect the new updated patch.
A flaw exists in a Windows NT 4.0 Server file management function
that can cause a denial of service vulnerability. The flaw results
because the affected function can cause memory that it does not own
to be freed when a specially crafted request is passed to it. If
the application making the request to the function does not carry
out any user input validation and allows the specially crafted
request to be passed to the function, the function may free memory
that it does not own. As a result, the application passing the
request could fail.
By default, the affected function is not accessible remotely,
however applications installed on the operating system that are
available remotely may make use of the affected function.
Application servers or Web servers are two such applications that
may access the function. Note that Internet Information Server 4.0
(IIS 4.0) does not, by default, make use of the affected function.
Mitigating Factors:
====================
- - -The default installation of Windows NT 4.0 Server is not
vulnerable to a remote denial of service. Additional software that
makes use of the affected file management function must be
installed on the system to expose the vulnerability remotely.
- - -If the application calling the affected file management function
carries out input validation, the specially crafted request may not
be passed to the vulnerable function.
- - -The vulnerability cannot be used to cause Windows NT 4.0 Server
itself to fail. Only the application that makes the request may
fail.
Risk Rating:
============
-Moderate
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms03-029.asp
http://www.microsoft.com/security/security_bulletins/ms03-029.asp
for information on obtaining this patch.
Acknowledgment:
===============
- Matt Miller and Jeremy Rauch of @stake, http://www.atstake.com
- - ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE
FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
- -----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBPzl25I0ZSRQxA/UrAQFw3Qf/Ykrag/npUIhapgkAS3uscxxNG3xsmBmz
iHyv68O6vpUbDXH7QQJL2YgMne7weMys4ckaFJXX2j8S8gp+YJPHd9ZzpRzg/aL4
xCqA9uOP2FIIp5+F4VVSKnkYO+JYLwOozZviDoOOeO6EmVAAcRerkmMP9ODeQopu
QUE4qH4rZwE0T7+gl0Scr5ktWedjK20Ip0Ejy9vPNy48VMHZVCN4vCGlYrPgLvEG
Etz8N2PsalERyl4NpRleUyT+YrwFvWEB2TEqUC/ONRsRf7tdKHhxSZMPaVEsZoCo
PzkxMTF8WfSNzAaVe3rczFhsYF66LSV1hV2z81i2g4HR5IjRULmZDg==
=Oh7J
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call after hours
for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBPzsS+Ch9+71yA2DNAQE3CQP+Ou5Jd/QtNJWuaNT9W7N9+lqYt94Q2qcP
1JcuFKw3uZnZXLBYX4woRx2XCQoEaJ/c5XxePSbS2bR/t1XiTNlxWReaKaasQB3S
xYTr5+Lw2HaO/woQb+TS80iunyulQ6ZPTarU1F67rwe5vjSHcsNBh9/2w91Y35kw
Lo5XgMLrJ8s=
=Lbwc
-----END PGP SIGNATURE-----