(Cisco CallManager is Affected) Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges
|
|
SecurityTracker Alert ID: 1008883 |
|
SecurityTracker URL: http://securitytracker.com/id/1008883
|
|
CVE Reference:
CAN-2003-0812
(Links to External Site)
|
Updated: Jan 29 2004
|
Original Entry Date: Jan 29 2004
|
Impact:
Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Cisco reported that Cisco CallManager appliances are affected by the Windows 2000 Workstation Service vulnerability. A remote user can execute arbitrary code with System privileges on the target system.
It is reported that a remote user can send a specially crafted message to the Workstation service to cause the service to crash or execute arbitrary code with System level privileges. Other attack vectors can reportedly be used. For example, a remote authenticated user can login and send malformed messages to the service or an application that passes messages to the service can be exploited.
The flaw exists in the Wkssvc.dll file.
The Workstation service is used to route local file system requests and remote file or print network requests and is enabled by default, according to the report.
Microsoft indicates that if you have blocked inbound UDP ports 138, 139, 445 and TCP ports 138, 139, 445 with a firewall, a remote user cannot send messages to the Workstation service.
Microsoft credits eEye Digital Security with reporting this flaw.
|
Impact:
A remote user can execute arbitrary code on the target system with System privileges.
|
Solution:
Cisco has issued a fix for affected Cisco IP Telephony Applications: for all versions of Cisco CallManager and all compatible versions of Cisco IP Interactive Voice Response (IP IVR), Cisco IP Call Center Express (IPCC Express), Cisco Personal Assistant (PA), Cisco Emergency Responder (CER), Cisco Conference Connection (CCC), and Cisco Internet Service Node (ISN). The vendor advises customers to apply the win-OS-Upgrade-k9.2000-2-5sr4.exe or later package located at the following URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des?psrtdcat20e2
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 29 Jan 2004 13:44:47 -0500
Subject: http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml
|
http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml
> Cisco Security Advisory: Buffer Overrun in Microsoft Windows 2000 Workstation
> Service (MS03-049)
> Document ID: 48161
> Revision 1.0 - FINAL
Cisco reported that Cisco products that run on Microsoft Windows 2000 are affected by the
previously reported Microsoft Windows security vulnerability described in Microsoft
security bulletin MS03-049:
http://www.microsoft.com/technet/security/bulletin/MS03-049.asp
The following appliances are affected, according to the vendor:
Cisco CallManager
Cisco Building Broadband Service Manager (BBSM)
BBSM Version 5.2
HotSpot 1.0
Cisco Customer Response Application Server (CRA)
Cisco Personal Assistant (PA)
Cisco Conference Connection (CCC)
Cisco Emergency Responder (CER)
Cisco IP Call Center Express (IPCC Express)
Cisco Internet Service Node (ISN)
Other applications that run on Windows 2000 may also be affected, including but not
limited to the following:
Cisco Unity
Cisco Building Broadband Service Manager (BBSM) versions 5.1 and prior
Cisco uOne Enterprise Edition
Cisco Latitude products
Cisco Network Registrar (CNR)
Cisco Internet Service Node (ISN)
Cisco Intelligent Contact Manager (ICM) (Hosted and Enterprise)
Cisco IP Contact Center (IPCC) (Express and Enterprise)
Cisco E-mail Manager (CEM)
Cisco Collaboration Server (CCS)
Cisco Dynamic Content Adapter (DCA)
Cisco Media Blender (CMB)
TrailHead (Part of the Web Gateway solution)
Cisco Networking Services for Active Directory (CNS/AD)
Cisco SN 5400 Series Storage Routers (driver to interface to Windows server)
CiscoWorks
- CiscoWorks VPN/Security Management Solution (CWVMS)
- User Registration Tool
- Lan Management Solution
- Routed WAN Management
- Service Management
- VPN/Security Management Solution
- IP Telephony Environment Monitor
- Small Network Management Solution
- QoS Policy Manager
- Voice Manager
Cisco Transport Manager (CTM)
Cisco Broadband Troubleshooter (CBT)
DOCSIS CPE Configurator
Cisco Secure Applications
- Cisco Secure Scanner
- Cisco Secure Policy Manager (CSPM)
- Access Control Server (ACS)
Videoconferencing Applications
- IP/VC 3540 Video Rate Matching Module
- IP/VC 3540 Application Server
Cisco IP/TV Server
Cisco has issued a fix for affected Cisco IP Telephony Applications: for all versions of
Cisco CallManager and all compatible versions of Cisco IP Interactive Voice Response (IP
IVR), Cisco IP Call Center Express (IPCC Express), Cisco Personal Assistant (PA), Cisco
Emergency Responder (CER), Cisco Conference Connection (CCC), and Cisco Internet Service
Node (ISN). The vendor advises customers to apply the win-OS-Upgrade-k9.2000-2-5sr4.exe
or later package located at the following URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des?psrtdcat20e2
For Cisco Building Broadband Service Manager Version 5.2, apply BBSM52SP2.exe found at the
following URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsm52
Patch installation instructions for BBSM are available at:
http://cco.cisco.com/en/US/products/sw/netmgtsw/ps533/products_user_guide_chapter09186a00801da1bc.html
For Cisco HotSpot1.0, apply Service Pack 1 available at:
http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsmhs10
|
|
