Microsoft FrontPage Server Extensions Buffer Overflow May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1008147
|
|
CVE Reference: CAN-2003-0822
, CAN-2003-0824
(Links to External Site)
|
Updated: Dec 1 2003
|
Original Entry Date: Nov 11 2003
|
Impact: Denial of service via network, Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): FrontPage Server Extensions 2000 and 2002
|
Description: Two vulnerabilities were reported in Microsoft FrontPage Server Extensions (FPSE). A remote user can execute arbitrary code on a target user's system or cause denial of service conditions.
It is reported that there is a buffer overflow in the remote debug functionality of FPSE [CVE: CAN-2003-0822]. Due to a flaw in
one of the DLL files, a remote user can send a specially crafted packet to the FrontPage Server Extensions to execute arbitrary
code with Local System privileges.
It is also reported that there is a flaw in the SmartHTML interpreter. A remote user can
make a particular type of invalid request to FPSE to cause a target server running Front Page Server Extensions to temporarily stop
responding to requests [CVE: CAN-2003-0824]. The remote user can cause the SmartHTML interpreter to temporarily cycle, consuming
all CPU resources for a temporary period of time.
Microsoft reports that Windows 2000 SP4 is not affected by either flaw. Also,
FrontPage Server Extensions are not configured by default on Windows XP and Windows NT 4.0.
Microsoft SharePoint Team Services
on Windows XP is also affected [a separate Alert will be issued for SharePoint].
Microsoft credits Brett Moore of Security-Assessment.com
with reporting these flaws.
|
Impact: A remote user can execute arbitrary code on the target system with Local System privileges.
A remote user can cause denial of
service conditions on the target system, causing the system to consume all available CPU resources for a temporary period of time.
|
Solution: Microsoft has issued the following fixes:
Microsoft FrontPage Server Extensions 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C84C3D10-A821-4819-BF5
8-D3BC70A77BFA&displaylang=en
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=057D5
F0E-0E2B-47D2-9F0F-3B15DD8622A2&displaylang=en
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP):
http://www.microsoft.com/downloads/details.aspx
?FamilyId=9B302532-BFAB-489B-82DC-ED1E49A16E1C&displaylang=en
Microsoft FrontPage Server Extensions 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3
E8A21D9-708E-4E69-8299-86C49321EE25&displaylang=en
Microsoft plans to include this fix in any future Service Pack for Office
XP.
This update supercedes the security updates contained in the MS01-035 and MS02-053 security bulletins.
As part of this
fix, Microsoft has removed the remote debugging functionality, as the function is no longer supported (Terminal Server can be used
for remote debugging, the report said).
See the Microsoft advisory for a list of workarounds and a description of installation
options:
http://www.microsoft.com/technet/security/bulletin/MS03-051.asp
|
Vendor URL: www.microsoft.com/technet/security/bulletin/MS03-051.asp (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (2000), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 11 Nov 2003 13:34:36 -0500
Subject: http://www.microsoft.com/technet/security/bulletin/MS03-051.asp
|
http://www.microsoft.com/technet/security/bulletin/MS03-051.asp
Microsoft Security Bulletin MS03-051
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
Issued: November 11, 2003
Version: 1.0
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
CVE: CAN-2003-0822, CAN-2003-0824
Affected Versions:
* Microsoft FrontPage Server Extensions 2000 - Download the update
* Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000) – Download the update
* Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) – Download the update
* Microsoft FrontPage Server Extensions 2002 - Download the update
* Microsoft SharePoint Team Services 2002 (shipped with Office XP) - Download the update
Affected Operating Systems:
* Microsoft Windows 2000 Service Pack 2, Service Pack 3
* Microsoft Windows XP, Microsoft Windows XP Service Pack 1
* Microsoft Office XP, Microsoft Office XP Service Release 1
Two vulnerabilities were reported in Microsoft FrontPage Server Extensions (FPSE). A
remote user can execute arbitrary code on a target user's system.
It is reported that there is a buffer overflow in the remote debug functionality of FPSE
[CVE: CAN-2003-0822]. Due to a flaw in one of the DLL files, a remote user can send a
specially crafted packet to the FrontPage Server Extensions to execute arbitrary code with
Local System privileges.
It is also reported that there is a flaw in the SmartHTML interpreter. A remote user can
make a particular type of invalid request to FPSE to cause a target server running Front
Page Server Extensions to temporarily stop responding to requests [CVE: CAN-2003-0824].
The remote user can cause the SmartHTML interpreter to temporarily cycle, consuming all
CPU resources for a temporary period of time.
Microsoft reports that Windows 2000 SP4 is not affected by either flaw. Also, FrontPage
Server Extensions are not configured by default on Windows XP and Windows NT 4.0.
Microsoft credits Brett Moore of Security-Assessment.com with reporting these flaws.
Microsoft has issued the following fixes:
Microsoft FrontPage Server Extensions 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C84C3D10-A821-4819-BF58-D3BC70A77BFA&dis
playlang=en
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=057D5F0E-0E2B-47D2-9F0F-3B15DD8622A2&dis
playlang=en
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP):
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B302532-BFAB-489B-82DC-ED1E49A16E1C&dis
playlang=en
Microsoft FrontPage Server Extensions 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3E8A21D9-708E-4E69-8299-86C49321EE25&dis
playlang=en
Microsoft SharePoint Team Services 2002 (shipped with Office XP):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5923FC2F-D786-4E32-8F15-36A1C9E0A340&dis
playlang=en
Microsoft plans to include this fix in any future Service Pack for Office XP.
This update supercedes the security updates contained in the MS01-035 and MS02-053
security bulletins.
As part of this fix, Microsoft has removed the remote debugging functionality, as the
function is no longer supported (Terminal Server can be used for remote debugging, the
report said).
See the Microsoft advisory for a list of workarounds and a description of installation
options:
http://www.microsoft.com/technet/security/bulletin/MS03-051.asp
|
|
