Secure Sockets Layer PCT1 buffer overflow
| ssl-pct1-bo (12380) |  High Risk |
Description:
Multiple vendor applications are vulnerable to a buffer overflow in the Private Communications Transport (PCT) protocol of the Secure Sockets Layer (SSL) library. PCT is a legacy protocol and is no longer commonly used. If SSL is enabled, a remote attacker could send a specially-crafted TCP message to the vulnerable system, to overflow a buffer and execute arbitrary code on the system.
Note: Microsoft Windows Server 2003 and Internet Information Services are only affected by this issue if PCT is also enabled.
Platforms Affected:
- Microsoft, Exchange Server 2000
- Microsoft, Exchange Server 2003
- Microsoft, Exchange Server 5.5
- Microsoft, IIS 4.0
- Microsoft, IIS 5.0
- Microsoft, IIS 5.1
- Microsoft, IIS 6.0
- Microsoft, NetMeeting
- Microsoft, Windows 2000 SP2
- Microsoft, Windows 2000 SP4
- Microsoft, Windows 2000 SP3
- Microsoft, Windows 2003 Server
- Microsoft, Windows 2003 Server x64
- Microsoft, Windows NT 4.0 SP6a Server
- Microsoft, Windows NT 4.0 SP6a Workstation
- Microsoft, Windows NT 4.0 SP6 Terminal Server
- Microsoft, Windows XP 2003 64-bit
- Microsoft, Windows XP SP1
Remedy:
For vulnerability detection:
Enable the following checks in the ISS Protection Platform:
WinMs04011Patch
SSLPCTEnabled
ssl-pct-enable
Enable the following checks in the ISS Protection Platform:
SSL_PCT1_Overflow
For Manual Protection:
Apply the appropriate patch for your system, as listed in the Microsoft Security Bulletin MS04-011. See References.
Consequences:
Gain Access
References:
- CIAC Information Bulletin O-114, Microsoft Security Update for Microsoft Windows at http://www.ciac.org/ciac/bulletins/o-114.shtml.
- CIAC Information Bulletin O-114, Microsoft Security Update for Microsoft Windows [REVISED 25 Jun 2004] at http://www.ciac.org/ciac/bulletins/o-114.shtml.
- Internet Security Systems Security Advisory, April 13, 2004, Microsoft SSL Library Remote Compromise Vulnerability at http://xforce.iss.net/xforce/alerts/id/168.
- Internet Security Systems Security Alert, April 13, 2004, Multiple Vulnerabilities in Microsoft Products at http://xforce.iss.net/xforce/alerts/id/169.
- Microsoft Security Bulletin MS04-011, Security Update for Microsoft Windows (835732) at http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx.
- SecuriTeam Mailing List, Windows focus 22 Apr 2004, Microsoft SSL Library Remote Compromise Vulnerability (MS04-011, Exploit) at http://www.securiteam.com/windowsntfocus/5CP0L0KCKO.html.
- BID-10116: Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability
- CVE-2003-0719: Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
- US-CERT VU#586540: Microsoft Private Communication Technology (PCT) fails to properly validate message inputs
Reported:
Apr 13, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net