Microsoft Windows NNTP buffer overflow
| win-nntp-bo (17641) |  High Risk |
Description:
Microsoft Windows is vulnerable to a buffer overflow in the Network News Transfer Protocol (NNTP) Component, caused by improper bounds checking of user-supplied input. By sending a specially-crafted message to the vulnerable system, a remote attacker could overflow the buffer and execute arbitrary code on the system.
Note: By default, the NNTP component is not installed on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003, however, some systems that do not use NNTP could still be affected. Some platforms require that the NNTP component be enabled before the platform can be installed, causing the system to be vulnerable.
Consequences:
Gain Access
Remedy:
For vulnerability detection:
Enable the following checks in the ISS Protection Platform:
WinMs04036Patch
Enable the following checks in the Dynamic ISS Protection platform:
Windows_NNTP_Overflow
For Manual Protection:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-036. See References.
References:
- CIAC Information Bulletin P-012: Microsoft Vulnerability in NNTP Could Allow Remote Code Execution (883935).
- Core Security Technologies Advisory CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities.
- Microsoft Security Bulletin MS04-036: Vulnerability in NNTP Could Allow Code Execution (883935).
- BID-11379: Microsoft NNTP Component Heap Overflow Vulnerability
- CVE-2004-0574: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an unchecked buffer
- US-CERT VU#203126: Microsoft IIS contains vulnerability in NNTP service
Platforms Affected:
- Microsoft Exchange Server 2000 SP3
- Microsoft Exchange Server 2003
- Microsoft Exchange Server 2003 SP1
- Microsoft Windows 2000 SP3 Server
- Microsoft Windows 2000 SP4 Server
- Microsoft Windows 2003 Server x64
- Microsoft Windows 2003 Server
- Microsoft Windows NT 4.0 SP6a Server
Reported:
Oct 12, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net