Microsoft Windows Knowledge Base Article 870763 update is not installed
| win-ms04kb870763-update (18394) |  High Risk |
Description:
Microsoft Knowledge Base Article 870763 is not installed, which could allow a remote attacker to exploit the following two vulnerabilities:
Microsoft Windows NT 4.0 Server, Microsoft Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Server, and Windows Server 2003 running WINS (Windows Internet Name Service) are vulnerable to a buffer overflow. The Windows Internet Name Service (WINS) provides a distributed database for registering and querying dynamic NetBIOS names to IP address mappings in a routed network. A remote attacker could send a specially-crafted packet, which would be parsed by the UpdateVersionRequest function, to overflow a buffer and possibly execute arbitrary code on the system.
Microsoft Windows NT 4.0 Server, Microsoft Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Server, and Windows Server 2003 running WINS (Windows Internet Name Service) are vulnerable to a buffer overflow that could allow a remote attacker to hijack a memory pointer and execute arbitrary code. The Windows Internet Name Service (WINS) provides a distributed database for registering and querying dynamic NetBIOS names to IP address mappings in a routed network. WINS contains a feature, called WINS replication, used to transfer information about computers on participating networks. A memory pointer is sent from the server to the client during WINS replication. A remote attacker could send a specially-crafted packet, to hijack the memory pointer and overflow a buffer, allowing the attacker to execute arbitrary code on the system.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-045. See References.
References:
- CIAC Information Bulletin P-054: Microsoft WINS Vulnerability.
- IBM Internet Security Systems X-Force Database: WINS memory pointer hijack.
- IBM Internet Security Systems X-Force Database: WINS UpdateVersionRequest buffer overflow.
- Microsoft Security Bulletin MS04-045: Vulnerability in WINS Could Allow Remote Code Execution (870763).
- BID-11922: Microsoft Windows WINS Name Value Handling Remote Buffer Overflow Vulnerability
- CVE-2004-0567: The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an unchecked buffer and possibly triggers a buffer overflow, aka the Name Validation Vulnerability.
- CVE-2004-1080: The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the Association Context Vulnerability.
Platforms Affected:
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2003 Server
- Microsoft Windows NT 4.0 Terminal Server
- Microsoft Windows NT 4.0 Server
Reported:
Dec 14, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net