Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges
|
|
SecurityTracker Alert ID: 1008146
|
|
CVE Reference: CAN-2003-0812
(Links to External Site)
|
Date: Nov 11 2003
|
Impact: Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): Windows 2000, Windows XP
|
Description: A buffer overflow vulnerability was reported in Microsoft Windows 2000 and Windows XP in the Workstation service. A remote user can execute arbitrary code with System privileges on the target system.
It is reported that a remote user can send a specially crafted message to the Workstation service to cause the service to crash or
execute arbitrary code with System level privileges. Other attack vectors can reportedly be used. For example, a remote authenticated
user can login and send malformed messages to the service or an application that passes messages to the service can be exploited.
The
flaw exists in the Wkssvc.dll file.
The Workstation service is used to route local file system requests and remote file or print
network requests and is enabled by default, according to the report.
Microsoft indicates that if you have blocked inbound UDP
ports 138, 139, 445 and TCP ports 138, 139, 445 with a firewall, a remote user cannot send messages to the Workstation service.
Microsoft
credits eEye Digital Security with reporting this flaw.
|
Impact: A remote user can execute arbitrary code on the target system with System privileges.
|
Solution: Microsoft indicates that the Windows XP security updates that were released on October 15, 2003 as part of Security Bulletin MS03-043
(828035) included an updated file that helps protect from this vulnerability. Users that have applied the Windows XP security updates
for MS03-043 (828035) do not have to reapply this update.
A fix is available for Microsoft Windows 2000 Service Pack 2, Service
Pack 3, Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2467FE46-D167-479C-9638-D4D79483F261&displaylang=en
A
reboot may be required in some cases. This fix will be included in Windows 2000 SP5.
A fix is available for Microsoft Windows
XP, Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F02DA309-4B0A-4438-A0B9-5B67414C3833&displaylang=en
A
fix is available for Microsoft Windows XP 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2BE95254-4C65-4CA5-80A5-55FDF5AA2296&displaylang=en
See the Microsoft advisory for a list of workarounds and a description of installation options:
http://www.microsoft.com/technet/security/bulletin/MS03-049.asp
|
Vendor URL: www.microsoft.com/technet/security/bulletin/MS03-049.asp (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (2000), Windows (XP)
|
OS Comments: Windows 2000, Windows XP
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 11 Nov 2003 13:12:34 -0500
Subject: http://www.microsoft.com/technet/security/bulletin/MS03-049.asp
|
http://www.microsoft.com/technet/security/bulletin/MS03-049.asp
Microsoft Security Bulletin MS03-049
Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)
Issued: November 11, 2003
Version Number: 1.0
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
CVE: CAN-2003-0812
Affected Versions:
* Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
* Microsoft Windows XP, Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition
A buffer overflow vulnerability was reported in Microsoft Windows 2000 and Windows XP in
the Workstation service. A remote user can execute arbitrary code with System privileges
on the target system.
It is reported that a remote user can send a specially crafted message to the Workstation
service to cause the service to crash or execute arbitrary code with System level
privileges. Other attack vectors can reportedly be used. For example, a remote
authenticated user can login and send malformed messages to the service or an application
that passes messages to the service can be exploited.
The flaw exists in the Wkssvc.dll file.
The Workstation service is used to route local file system requests and remote file or
print network requests and is enabled by default, according to the report.
Microsoft indicates that if you have blocked inbound UDP ports 138, 139, 445 and TCP ports
138, 139, 445 with a firewall, a remote user cannot send messages to the Workstation service.
Microsoft credits eEye Digital Security with reporting this flaw.
Microsoft indicates that the Windows XP security updates that were released on October 15,
2003 as part of Security Bulletin MS03-043 (828035) included an updated file that helps
protect from this vulnerability. Users that have applied the Windows XP security updates
for MS03-043 (828035) do not have to reapply this update.
A fix is available for Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2467FE46-D167-479C-9638-D4D79483F261&dis
playlang=en
A reboot may be required in some cases. This fix will be included in Windows 2000 SP5.
A fix is available for Microsoft Windows XP, Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F02DA309-4B0A-4438-A0B9-5B67414C3833&dis
playlang=en
A fix is available for Microsoft Windows XP 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2BE95254-4C65-4CA5-80A5-55FDF5AA2296&dis
playlang=en
See the Microsoft advisory for a list of workarounds and a description of installation
options:
http://www.microsoft.com/technet/security/bulletin/MS03-049.asp
|
|
Go to the Top of This SecurityTracker Archive Page
|
