File: 2126.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (129 lines) | stat: -rw-r--r-- 3,709 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
Rule:

--

Sid:
2126

--

Summary:
This event is generated when a remote attacker attempts to overflow Microsoft's
PPTP RAS service.  

--

Impact:
Administrative Compromise.  This attack may permit executation of arbitrary
commands with the privileges of the NT SYSTEM account.

--

Detailed Information:
A buffer overflow exists when a malformed SCR (Start Control Request) PPTP 
packet is received by the PPTP RAS service.  This may permit executation of
arbitrary commands with the privileges of root. 

--
Affected Systems:
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server

--

Attack Scenarios:
Exploit code can be used to attack vulnerable PPTP RAS services to obtain
SYSTEM level access to the remote host.

--

Ease of Attack:
Difficult.  Currently Sourcefire is unaware of any publicly available 
exploits for this vulnerability.

--

False Positives:
PPTP clients that violate RFC2637 by generating overly long Host Name and
Vendor Strings could potentially trigger this rule inadvertently.

--

False Negatives:
None Known.

--

Corrective Action:
Microsoft as released the following patches to correct the problem:

Microsoft Windows 2000 Professional SP3:

    Microsoft Patch Q329834
    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno

Microsoft Windows 2000 Server SP3:

    Microsoft Patch Q329834
    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno

Microsoft Windows 2000 Advanced Server SP3:

    Microsoft Patch Q329834
    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno

Microsoft Windows 2000 Terminal Services SP3:

    Microsoft Patch Q329834
    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno

Microsoft Windows 2000 Advanced Server SP2:

    Microsoft Patch Q329834
    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno

Microsoft Windows 2000 Professional SP2:

    Microsoft Patch Q329834
    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno

Microsoft Windows 2000 Server SP2:

    Microsoft Patch Q329834
    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno

Microsoft Windows 2000 Terminal Services SP2:

    Microsoft Patch Q329834
    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno

Microsoft Windows XP Home SP1:

    Microsoft Patch Q329834
    http://download.microsoft.com/download/whistler/Patch/Q329834/WXP/EN-US/Q329834_WXP_SP2_x86_ENU.exe

Microsoft Windows XP Professional SP1:

    Microsoft Patch Q329834
    http://download.microsoft.com/download/whistler/Patch/Q329834/WXP/EN-US/Q329834_WXP_SP2_x86_ENU.exe

Microsoft Windows XP 64-bit Edition SP1:

    Microsoft Patch Q329834
    http://download.microsoft.com/download/whistler/Patch/Q329834/W64XP/EN-US/Q329834_WXP_SP2_ia64_ENU.exe

--

Contributors:
Sourcefire Research Team
Matthew Watchinski (matt.watchinski@sourcefire.com)

--

Additional References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1214
http://www.securityfocus.com/bid/5807


--