Microsoft Windows DHCP Client Service Remote Buffer Overflow

原创 2007年09月23日 14:29:00
 

HTML Tags and JavaScript tutorial



Microsoft Windows DHCP Client Service Remote Buffer Overflow





 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdf
)
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: Microsoft Windows DHCP Client Service Remote Buffer Overflow
==================
Vulnerability Class: Buffer Overflow
====================
Release Date: 07/11/2006
=============
Affected Platforms:
===================
* Microsoft Windows 2000 (<= SP4)
* Microsoft Windows XP (<= SP2)
* Microsoft Windows 2003 (<= SP1)
Local / Remote: Remote
===============
Severity: High
=========
Author: Mariano Nuñez Di Croce
=======
Vendor Status:
==============
* Confirmed, update released.
Reference to Vulnerability Disclosure Policy:
=============================================
http://www.cybsec.com/vulnerability_policy.pdf
Vulnerability Description:
==========================
A remote buffer overflow vulnerability has been identified in Microsoft Windows DHCP-Client service.
Technical Details:
==================
Technical details will be released 30 days after publication of this pre-advisory.
This was agreed upon with Microsoft to allow their customers to upgrade affected software prior to technical knowledge been publicly available.
Impact:
=======
Exploiting this vulnerability, an attacker would be able to execute code remotely with SYSTEM privileges over DHCP-enabled Microsoft Windows systems.
Solutions:
==========
Microsoft has released a hotfix to address this vulnerability.
Customers should apply the hotfix immediately or upgrade their systems through Microsoft Windows Update system.
Vendor Response:
================
* 12/26/2005: Initial Vendor Contact.
* 01/19/2006: Vendor Confirmed Vulnerability.
* 07/11/2006: Vendor Releases Update.
* 07/11/2006: Pre-Advisory Public Disclosure.
Contact Information:
====================
For more information regarding the vulnerability feel free to contact
the author at mnunez {at} cybsec.com.
For more information regarding CYBSEC: www.cybsec.com
(c) 2006 - CYBSEC S.A. Security Systems
- --
- ------------------------------
Mariano Nuñez Di Croce
CYBSEC S.A. Security Systems
Email: mnunez@xxxxxxxxxx
Tel/Fax: (54-11) 4382-1600
Web:
http://www.cybsec.com
PGP:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x26B20899
- ------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEs+e0bbZGNCayCJkRAtxlAJ4r6zKhP2Uv/Tq8YOoAErDXn9lc8wCfcy8W
EMk1oIYCbhnNnm1PlElLpi8=
=3ZFG
-----END PGP SIGNATURE-----


The Tao of Windows Buffer Overflow

  • 2008年11月14日 10:54
  • 64KB
  • 下载

英特尔® 硬件加速执行管理器安装指南 — Microsoft Windows*

转载这篇文章的主要目的是解决启动avd时出现这个错误 HAXM is not working and emulator runs in emulation mode 现在判断是HAXM内存设置的太小...

Microsoft Windows Kernel整数截断本地权限提升漏洞:触发原因-汇编形态

Microsoft Windows Kernel整数截断本地权限提升漏洞 http://sebug.net/vulndb/20361/上面的代码在vs2008下能直接编译 vc6.0编译错误一大堆()...

驱动开发利器Microsoft Windows Driver Kit 7.1.0下载

在Windows 2000 与Windows XP 系统采用是WINDDK来开发WINDOWS驱动程序,我手头也有WINDDK,可是从Windows Vista开始之后,一般采用Microsoft W...
  • wavemcu
  • wavemcu
  • 2012年01月17日 22:13
  • 3052

OpenGL ES 平台搭建教程(在包含Visual Studio 的Microsoft Windows 上构建)

OpenGL ES 3.0一书中第十一章讲了如何搭建OpenGL ES 平台,但是书中讲解过于简单,下面是我在搭建过程中的详细步骤。我用的是64位win7+VS2013.   第一步:  cm...

Demonstration of DB Query Analyzer 6.03 Installation and Running on Microsoft Windows 8

This essay gives a demonstration of DB Query Analyzer Installation and Running on Microsoft Windows ...

【转自mos中文文章】Microsoft Windows 环境中NLS_LANG的正确设置

Microsoft Windows 环境中NLS_LANG的正确设置 (Doc ID 1577370.1)

Microsoft Windows历史版本

Windows 1   1985年11月20日发布   微软Windows系统的第一个版本最重要的成绩就是它将图形用户界面和多任务技术引入了桌面计算领域。它用窗口替换了命令提示符,整个操作系统变得...

multicast(一) (转自network programming for microsoft windows, second edition.)

看完这个就知道IGMPV3怎么实现了,简单,容易: Multicasting with SetsockoptOriginally, the only way to join or leave a...

Install and run DB Query Analyzer 6.04 on Microsoft Windows 10

Install and run DB Query Analyzer 6.04 on Microsoft Windows 10   DB Query Analyzer is presented by M...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:Microsoft Windows DHCP Client Service Remote Buffer Overflow
举报原因:
原因补充:

(最多只允许输入30个字)