TITLE: Microsoft Windows Client Service for NetWare Buffer Overflow SECUNIA ADVISORY ID: SA17165
VERIFY ADVISORY: http://secunia.com/advisories/17165/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users, or by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the CSNW (Client Service for NetWare). This can be exploited to execute arbitrary code on a vulnerable system via a series of specially crafted network messages. Successful exploitation requires that the CSNW is installed. On Windows Server 2003 Service Pack 1, the vulnerability can only be exploited by a user with valid logon credentials. SOLUTION: Apply patches. Microsoft Windows 2000 (requires SP4): http://www.microsoft.com/downloads/details.aspx?FamilyId=261A7D4D-90FC-4529-9C4A-B630196C6A83 Microsoft Windows XP (requires SP1 or SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=4C1C2C16-99E7-4701-A3F8-65B803B8B881 Microsoft Windows Server 2003 (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=8AB86BA3-54CD-44D7-8016-DE6E3ED51021 ORIGINAL ADVISORY: MS05-046 (KB899589): http://www.microsoft.com/technet/security/Bulletin/MS05-046.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
