[MS] Schwachstellen im Windows SMB Client – MS11-020

[MS] Schwachstellen im Windows SMB Client - MS11-020

Von

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung des Microsoft Product Security
Notification Service. Wir geben diese Informationen unveraendert an Sie
weiter.

CVE-2011-0661 – Schwachstellen im Windows SMB Client

Die in Microsoft Windows enthaltene Unterstuetzung fuer das SMB
Protokoll filtert erhaltene Requests nur unzureichend auf unzulaessige
Inhalte. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen,
indem er speziell praepariertes Anfragen an ein betroffenes System
schickt. Gelingt ihm das, so kann er beliebige Befehle mit
Administratorrechten ausfuehren.

Betroffen sind die folgenden Software Pakete und Plattformen:

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 mit SP2 fuer Itanium-basierte Systeme
Windows Vista Service Pack 1
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1
Windows Vista x64 Edition Service
Windows Server 2008 fuer 32-bit Systeme
Windows Server 2008 fuer 32-bit Systeme Service Pack 2
Windows Server 2008 fuer x64-basierte Systeme
Windows Server 2008 fuer x64-basierte Systeme Service Pack 2
Windows Server 2008 fuer Itanium-basierte Systeme
Windows Server 2008 fuer Itanium-basierte Systeme Service Pack 2
Windows 7 fuer 32-bit Systeme
Windows 7 fuer 32-bit Systeme Service Pack 1
Windows 7 fuer x64-basierte Systeme
Windows 7 fuer x64-basierte Systeme Service Pack 1
Windows Server 2008 R2 fuer x64-basierte Systeme
Windows Server 2008 R2 fuer x64-basierte Systeme Service Pack 1
Windows Server 2008 R2 fuer Itanium-basierte Systeme
Windows Server 2008 R2 fuer Itanium-basierte Systeme Service Pack 1
Microsoft Server Message Block (SMB) Protocol software handles
specially

Windows, Windows XP, Windows Server 2003, Windows Server 2008, Windows
Vista

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Michael Groening, DFN-CERT
– —

Michael Groening (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen https://www.cert.dfn.de/autowarn

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2011.0409
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
13 April 2011

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Microsoft Windows
Publisher: Microsoft
Operating System: Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2011-0661

Original Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS11-020.mspx

– – ————————–BEGIN INCLUDED TEXT——————–

Microsoft Security Bulletin MS11-020 – Critical
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
Version: 1.0

General Information

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft
Windows. The vulnerability could allow remote code execution if an attacker
created a specially crafted SMB packet and sent the packet to an affected
system. Firewall best practices and standard default firewall configurations
can help protect networks from attacks originating outside the enterprise
perimeter that would attempt to exploit these vulnerabilities.

This security update is rated Critical for all supported releases of Microsoft
Windows. For more information, see the subsection, Affected and Non-Affected
Software, in this section.

The security update addresses the vulnerability by correcting the way that SMB
validates fields in malformed SMB requests. For more information about the
vulnerability, see the Frequently Asked Questions (FAQ) subsection for the
specific vulnerability entry under the next section, Vulnerability Information.
Affected Software

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service

Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit
Systems Service Pack 2*
Windows Server 2008 for x64-based Systems and Windows Server 2008 for
x64-based Systems Service Pack 2*
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for
Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems*
Windows Server 2008 R2 for x64-based Systems Service Pack 1*
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

*Server Core installation affected. This update applies, with the same
severity rating, to supported editions of Windows Server 2008 or Windows
Server 2008 R2 as indicated, whether or not installed using the Server Core
installation option.

SMB Transaction Parsing Vulnerability – CVE-2011-0661

An unauthenticated remote code execution vulnerability exists in the way that
Microsoft Server Message Block (SMB) Protocol software handles specially
crafted SMB packets. An attempt to exploit the vulnerability would not
require authentication, allowing an attacker to exploit the vulnerability by
sending a specially crafted SMB packet to a computer running the Server
service. An attacker who successfully exploited this vulnerability could take
complete control of the system.

– – ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
– —–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFNpNV2/iFOrG6YcBERAkCsAJ9OjSo+ebwaK3bB2V9lsj3Zu98msQCeLenl
HrPCNmFErPdcuqJ12BOGGd8=
=nGz1
– —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.9 (GNU/Linux)

iQEcBAEBAgAGBQJNpXg7AAoJEJtyb8U7iGZB+rYH/1m4fA+NCWG1OL5qnRy5JA5O
vk09oHOZPlr1+QBDIszXQ/Faz7dSs7baLG9w+mbW/2oOM+Fp8k0QrKRygqYBzzCh
HE1dC4LAsx2rNnhT/QOjTBBBFcFo5/1pRiFWkTbQ6DXxd2ztrq1Fb7zT4z4PkwSO
vkCwasK/g7KJtRJ2+MP2SIkbO32OLrgSTlcXsnh9Os9fyL8WPzq/b2XC1h8Ud7q3
5v76phf/22uIRUM+yze5sVgsys91EqinFp9x9fUq15wsmX3gAQ8JeXMnicQ+UGN1
Akt90Bvd90TsI1le4Bu8gCadUJKQKbT55dSUFj8tXzV/PMyg2dJfOYJndKEvBJ4=
=QIc2
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben