—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgende Warnung des Microsoft Product Security
Notification Service. Wir geben diese Informationen unveraendert an Sie
weiter.
CVE-2011-1970 – Schwachstelle in Microsoft Windows DNS Server
Bei der Behandlung von Objekten im Speicher, die nicht initialisiert
wurden, existiert eine Schwachstelle. Einem entfernten Angreifer ist es
damit moeglich, einen Denial of Service-Angriff durchzufuehren, indem er
eine Anfrage fuer eine nicht existierende Domain an den Server sendet.
Zur Durchfuehrung des Angriffs ist keine Authentifizierung notwendig.
CVE-2011-1966 – Schwachstelle in Microsoft Windows DNS server
Die Verarbeitung von NAPTR-Anfragen (Naming Authority Pointer) im
Windows DNS Server ist fehlerhaft. Dadurch ist es einem entfernten
Angreifer moeglich, durch eine praeparierte Anfrage, beliebigen Code mit
den Rechten des Diensts auszufuehren.
Betroffen sind die folgenden Software Pakete und Plattformen:
Windows DNS server
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 mit SP2 fuer Itanium-basierte Systeme
Windows Server 2008 fuer 32-bit Systeme Service Pack 2
Windows Server 2008 fuer x64-basierte Systeme Service Pack 2
Windows Server 2008 R2 fuer x64-basierte
Systeme Windows Server 2008 R2 fuer x64-basierte Systeme Service Pack
1
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Timo Schulz
– —
Timo Schulz, M.Sc. (Incident Response Team)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen: https://www.cert.dfn.de/autowarn
– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.0813
Vulnerabilities in DNS Server Could Allow Remote Code Execution
10 August 2011
===========================================================================
AusCERT Security Bulletin Summary
———————————
Product: Windows DNS server
Publisher: Microsoft
Operating System: Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2011-1970 CVE-2011-1966
Original Bulletin:
http://www.microsoft.com/technet/security/bulletin/MS11-058.mspx
– – ————————–BEGIN INCLUDED TEXT——————–
Microsoft Security Bulletin MS11-058 – Critical
Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)
Published: August 09, 2011
Version: 1.0
General Information
Executive Summary
This security update resolves two privately reported vulnerabilities in
Windows DNS server. The more severe of these vulnerabilities could
allow remote code execution if an attacker registers a domain, creates
an NAPTR DNS resource record, and then sends a specially crafted NAPTR
query to the target DNS server. Servers that do not have the DNS role
enabled are not at risk.
This security update is rated Critical for 32-bit and x64-based
editions of Windows Server 2008, and x64-based editions of Windows
Server 2008 R2; and Important for all supported editions of Windows
Server 2003. For more information, see the subsection, Affected and
Non-Affected Software, in this section.
Affected Software
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Vulnerability Information
DNS NAPTR Query Vulnerability – CVE-2011-1966
A remote code execution vulnerability exists in the way that the
Windows DNS Server improperly handles a specially crafted NAPTR query
string in memory. An attacker who successfully exploited this
vulnerability could run arbitrary code in the context of the system. An
attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights.
DNS Uninitialized Memory Corruption Vulnerability – CVE-2011-1970
A denial of service vulnerability exists in the way that the DNS server
improperly handles an object in memory that has not been initialized.
An attacker that successfully exploited this vulnerability could cause
the DNS server service on the target system to stop responding.
– – ————————–END INCLUDED TEXT——————–
You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
– —–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTkHOVu4yVqjM2NGpAQIyAQ/8Cbl5CsovPf3r2ugQ0M8zDdk4w0cGou/W
MqXacK+iCqvRiDiIb3Bjbks9G/TKcGoqgfR5V4XECsiwQqDYNZ47FqOmBIp+TR3D
m70lhoPaC6WRBpxN92qyrLX5dGif1HlyIVe3y7P9yNm12FVts16343N7LWSgWHCE
J5zexL5L4mJFAgcdYxfP7e30+eEqyLZCqEiL1S2SXJZMfIUdvH0Nr0LdNOGl5scz
u7AZ+TQ2IP2jdYzIruMqbz2cKaXzmLScN087ADl0hEaf2kvVgpee/Qr545moraV1
3keMbk9HnbQSzZ8b8TYwhw1ztpDoGDr13WcB+hqsYgb9CNjYf1pVtRhmQELU3Eiv
b+QLBhP6pBVJt9Ip0orYclXm6EB9d8270lbgc9fzbEW2t78OcA80fYmEwJR4ktLN
m8ijHXhrbajEJs8/eA6usYf5S6ungaZfQOFUIxOq1NcVPwSmO+XGvyOFqYIw5+8w
X4kyYehFB1WZu57rdOjy+o/PGoZU6Ud4O1s8coqHM65utYs9uD9klbsR6/SFuAhK
KiIHVgfKX6z6gVieCn+JG0gLNcYEeIAOnGxM9ufVCpfAfa7Es58+wVy59xVA/SMS
6wvsYH9hSSDYW+uyBirUazloYCoMRLQ1OBQcqtkHDMQTqXgM4qLAHHwglkBfuMzx
V4cm4lY2348=
=Du2r
– —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.16 (GNU/Linux)
iQEcBAEBAgAGBQJOQk1AAAoJEJtyb8U7iGZBm4UH/i+OAMG9rtnnWqd0LD+eD3CC
k9CLEdz3ixDqrCeT8UKtv3BQN2mmh4u/d1KMY4aSQPKvjac3NXWv2ShjYlAmtynX
PqeImKLjK7PQVrOVznIm3Uzt7obwYcLrtEg5UM7huSOlHi2W39vZIXx0jsjVA9m+
zS4iC0gUQ7NizadwyzI2XYnq2kTxNbbzgzgyLZDqPRX7Q4McN2w87TGoKwOAS/nM
k6t12PP1cmjNcoAZdzQA30J0lR+wW/n2aRlo0U5iE3eFggSKMH71TT+lcExvRIwx
yCwtcebXGIePgz/XVqSncU5aL9g+1fmIaoXR12rxvRcSwjVJxFOb+Ed9NUtmr0M=
=vaVU
—–END PGP SIGNATURE—–
