Новости Security.NNOV

[RiC]

1. Переполнение буфера Novell eDirectory iMonitor для Windows (buffer overflow)
http://www.security.nnov.ru/Fnews95.html
Опубликовано: 12 августа 2005 г.
Источник: BUGTRAQ
Тип: удаленная
Опасность: 6
Описание: Переполнение буфера в процессе dhost.exe
Продукты: NOVELL: eDirectory 8.7
Документы: NGSSoftware Insight Security Research, High Risk Vulnerability in Novell eDirectory Server
http://www.security.nnov.ru/Jdocument453.html

2. Переполнение буфера в поддержке сетевой файловой системы NFS для Linux (buffer overflow)
http://www.security.nnov.ru/Fnews94.html
Опубликовано: 12 августа 2005 г.
Источник: BUGTRAQ
Тип: удаленная
Опасность: 6
Описание: Переполнение буфера при разборе данных XDR протокола nfsacl.
Продукты: LINUX: kernel 2.6
Документы: SECUNIA: [SA16406] Linux Kernel XDR Encode/Decode Buffer Overflow Vulnerability
http://www.security.nnov.ru/Jdocument452.html

3. Переполнение буфера в службе Plug and Play Microsoft Windows (buffer overflow), дополнено с 9 августа 2005 г.
http://www.security.nnov.ru/Fnews82.html
Опубликовано: 12 августа 2005 г.
Источник: MICROSOFT
Тип: удаленная
Опасность: 6
Описание: Переполнение стека при обработке запроса по именованным каналам.
Продукты: MICROSOFT: Windows 2000 Server
MICROSOFT: Windows 2000 Professional
MICROSOFT: Windows XP
MICROSOFT: Windows 2003 Server
Документы: MICROSOFT: Microsoft Security Bulletin MS05-039 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588 )
http://www.security.nnov.ru/Jdocument420.html
X-FORCE: indows Plug and Play Remote Compromise
http://www.security.nnov.ru/Jdocument431.html
Файлы: Microsoft Security Bulletin MS05-039 Vulnerability in Plug
and Play Could Allow Remote Code Execution and Elevation of
Privilege (899588 )
http://www.microsoft.com/technet/sec.../MS05-039.mspx

[RiC]

Alert: Exploits for Plug and Play Vulnerability Released

eEye Digital Security is alerting administrators to the existence of exploit code for the recently added Plug and Play Service vulnerability, which Microsoft patched this week as part of the August Security Update (security bulletin MS05-039). Specific information on this particular vulnerability can be found towards the end of this announcement. As a service to the network security community eEye has released a scanning utility, free of charge, which will identify vulnerable systems and provide remediation instructions. This tool can be downloaded immediately at:
http://www.eeye.com/html/resources/d...its/index.html

About the Exploit
Today, several instances of exploit code targeting the vulnerability discussed in MS05-039 were released to the world. The eEye Research Team, upon discovering two instances of exploit code online, conducted thorough testing to confirm that both present a legitimate threat to Windows 2000 systems (completely patched SP 4 with all hotfixes). One exploit, released by an anonymous author, will bind a command prompt to TCP port 8721.

eEye reiterates our original position that users should consider this patch highly critical, and that it should be installed as soon as possible. For networks with multiple versions of Windows operating systems, eEye recommends allocating resources to remediate systems in this order:
° Windows 2000 (All Service Packs)
° Windows NT
° Windows XP
° Windows 2003

As a refresher, the vulnerability is an unchecked buffer in the Plug and Play service that can be exploited as a privilege escalation or to run remote code as SYSTEM. Users running Windows 2000 are vulnerable to a potential worm attack that would take advantage of this flaw. The Microsoft patch updates the Plug and Play service code to validate the length of a message before it passes it to the allocated buffer.

MS05-039
Vulnerability in Plug and Play Could Allow Remote code Execution and Elevation of Privilege ( 899588 )

Microsoft Severity Rating: Critical
http://www.microsoft.com/technet/sec.../MS05-039.mspx

Резюме - Идём стройными рядами на Wundows Update