-
March 12th, 2002, 04:06 AM
#1
Microsoft SNMP Patch (Version 4!!)
- ----------------------------------------------------------------------
- - -
Title: Unchecked Buffer in SNMP Service Could Enable Arbitrary
Code to be Run
Released: 12 February 2002
Revised: 11 March 2002 (Version 4.0)
Software: Microsoft Windows 95, 98, 98SE, NT 4.0, NT 4.0 Terminal
Server Edition, 2000, XP
Impact: Denial of Service, potentially run code of
attacker's choice
Max Risk: Moderate
Bulletin: MS02-006
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/sec.../MS02-006.asp.
- -
- ----------------------------------------------------------------------
Reason for Revision:
====================
On March 11, 2002, Microsoft released an updated version of the
bulletin annoucing the availability of a patch for Windows NT 4.0
Terminal Server Edition and to advise customers that the work-around
procedure is no longer needed for that platform. Patches for
additional platforms are forthcoming and this bulletin will be
re-released to annouce their availability.
Issue:
======
Simple Network Management Protocol (SNMP) is an Internet standard
protocol for managing disparate network devices such as firewalls,
computers, and routers. All versions of Windows except Windows ME
provide an SNMP implementation, which is neither installed nor
running by default in any version.
A buffer overrun is present in all implementations. By sending a
specially malformed management request to a system running an
affected version of the SNMP service, an attacker could cause a
denial of service. In addition, it is possible that he cause code
to run on the system in LocalSystem context. This could
potentially give the attacker the ability to take any desired
action on the system.
A patch is under development to eliminate the vulnerability.
In the meantime, Microsoft recommends that customers who use the
SNMP service disable it temporarily. Patches will be available
shortly, at which time we will re-release this bulletin with
updated details.
Mitigating Factors:
====================
- The SNMP service is neither installed nor running by default
in any version of Windows.
- Standard firewalling practices recommend blocking the port
over which SNMP operates (UDP ports 161 and 162). If these
recommendations have been followed, the vulnerability could
only be exploited by an intranet user.
- Standard security recommendations recommend against using SNMP
except on trusted networks, as the protocol, by design,
provides minimal security.
Risk Rating:
============
- Internet systems: Low
- Intranet systems: Moderate
- Client systems: Moderate
Patch Availability:
===================
- A patch is available to fix this vulnerability for WIndows XP,
Windows 2000, WIndows NT 4.0, and Windows NT 4.0 Terminal
Server Edition. Please read the Security Bulletin at
http://www.microsoft.com/technet/sec...n/ms02-006.asp
for information on obtaining this patch.
- Patches for other platforms are under development and will be
available shortly. When this happens, we will re-release this
bulletin with information on how to obtain and install these
patches.
- -
- ---------------------------------------------------------------------
-
March 12th, 2002, 10:43 PM
#2
Hehe, Are we supposed to be surprised that it took M$ 4 versions of a patch to fix a vulnerability? Nahhhh, hopefully this one will fix it
-
March 12th, 2002, 10:47 PM
#3
I like the fact they went through four versions in just one month.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|