Microsoft Windows DHCP Client Service Remote Buffer Overflow
来源:互联网 发布:埃及艳后哪个版本 知乎 编辑:程序博客网 时间:2024/05/16 06:43
HTML Tags and JavaScript tutorial
Microsoft Windows DHCP Client Service Remote Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: Microsoft Windows DHCP Client Service Remote Buffer Overflow
==================
Vulnerability Class: Buffer Overflow
====================
Release Date: 07/11/2006
=============
Affected Platforms:
===================
* Microsoft Windows 2000 (<= SP4)
* Microsoft Windows XP (<= SP2)
* Microsoft Windows 2003 (<= SP1)
Local / Remote: Remote
===============
Severity: High
=========
Author: Mariano Nuñez Di Croce
=======
Vendor Status:
==============
* Confirmed, update released.
Reference to Vulnerability Disclosure Policy:
=============================================
http://www.cybsec.com/vulnerability_policy.pdf
Vulnerability Description:
==========================
A remote buffer overflow vulnerability has been identified in Microsoft Windows DHCP-Client service.
Technical Details:
==================
Technical details will be released 30 days after publication of this pre-advisory.
This was agreed upon with Microsoft to allow their customers to upgrade affected software prior to technical knowledge been publicly available.
Impact:
=======
Exploiting this vulnerability, an attacker would be able to execute code remotely with SYSTEM privileges over DHCP-enabled Microsoft Windows systems.
Solutions:
==========
Microsoft has released a hotfix to address this vulnerability.
Customers should apply the hotfix immediately or upgrade their systems through Microsoft Windows Update system.
Vendor Response:
================
* 12/26/2005: Initial Vendor Contact.
* 01/19/2006: Vendor Confirmed Vulnerability.
* 07/11/2006: Vendor Releases Update.
* 07/11/2006: Pre-Advisory Public Disclosure.
Contact Information:
====================
For more information regarding the vulnerability feel free to contact
the author at mnunez {at} cybsec.com.
For more information regarding CYBSEC: www.cybsec.com
(c) 2006 - CYBSEC S.A. Security Systems
- --
- ------------------------------
Mariano Nuñez Di Croce
CYBSEC S.A. Security Systems
Email: mnunez@xxxxxxxxxx
Tel/Fax: (54-11) 4382-1600
Web:
http://www.cybsec.com
PGP:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x26B20899
- ------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEs+e0bbZGNCayCJkRAtxlAJ4r6zKhP2Uv/Tq8YOoAErDXn9lc8wCfcy8W
EMk1oIYCbhnNnm1PlElLpi8=
=3ZFG
-----END PGP SIGNATURE-----
- Microsoft Windows DHCP Client Service Remote Buffer Overflow
- Microsoft Windows DHCP Client Service Remote Buffer Overflow
- Microsoft IIS FTP Service Remote Buffer Overflow Vulnerability
- Microsoft Windows NetDDE Remote Buffer Overflow Exploit (MS04-031)
- Microsoft Windows NetDDE Remote Buffer Overflow Exploit (MS04-031)
- Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code
- Microsoft Windows DNS RPC Buffer Overflow
- MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4)
- 【例子】windows 2000 wmi service buffer overflow expolit
- Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server
- Microsoft Word Buffer Overflow (Exploit 2)
- Microsoft Word Buffer Overflow (Exploit 2)
- remote query windows service
- Sasser Worm FTPD Remote Buffer Overflow Exploit on Port 5554
- BarCodeAx.dll v. 4.9 ActiveX Control Remote Stack Buffer Overflow
- Oracle mod_wl HTTP POST Request Remote Buffer Overflow Vulnerability
- Embedthis Appweb 3.0b.2-4 Remote Buffer Overflow
- Zeus Web Server 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Vulnerability
- 浅谈软件度量
- 男人的正确洁面方式
- OpenGL教程之ZEUS教程第一课:什么是OpenGL
- 如何循序渐进向DotNet架构师发展
- SQL*PLUS命令的使用
- Microsoft Windows DHCP Client Service Remote Buffer Overflow
- 在VBA中获取“我的文档”的目录路径
- tomcat 5.5 整合 apache 2
- Java 新手入门推荐读物
- 关于Int 2E
- Windows 2003分区魔术师:Diskpart
- linux skills(pending)
- 指针声明的右左法则
- 气质类型测试!!!