Microsoft Windows Mailslot Server driver buffer overflow
| win-mailslot-bo (26818) |  High Risk |
Description:
Microsoft Windows is vulnerable to a heap-based buffer overflow in the Mailslot Server driver (srv.sys). By sending a specially-crafted network packet to an affected system, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
Platforms Affected:
- Microsoft, Windows 2000 SP4
- Microsoft, Windows 2003
- Microsoft, Windows 2003 Server Itanium
- Microsoft, Windows 2003 Server x64
- Microsoft, Windows 2003 Server SP1
- Microsoft, Windows 2003 Server SP1 Itanium
- Microsoft, Windows XP SP1
- Microsoft, Windows XP SP2
- Microsoft, Windows XP Professional x64
Remedy:
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superceded.
Consequences:
Gain Access
References:
- Microsoft Security Bulletin MS06-035, Vulnerability in Server Service Could Allow Remote Code Execution (917159) at http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx.
- Microsoft Security Bulletin MS06-063, Vulnerability in Server Service Could Allow Denial of Service and Remote Code Execution (923414) at http://www.microsoft.com/technet/security/bulletin/ms06-063.mspx.
- Microsoft Security Bulletin MS08-063, Vulnerability in SMB Could Allow Remote Code Execution (957095) at http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx.
- Microsoft Security Bulletin MS09-001, Vulnerabilities in SMB Could Allow Remote Code Execution (958687) at http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx.
- Tipping Point Security Research Advisory TSRT-06-02, Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability at http://www.tippingpoint.com/security/advisories/TSRT-06-02.html.
- ASA-2006-135: Windows Security Updates for July 2006 - (MS06-033 - MS06-039)
- BID-18863: Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow Vulnerability
- CVE-2006-1314: Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
- OSVDB ID: 27154: Microsoft Windows Server Service SRV.SYS First-class Mailslot Message Remote Overflow
- SA21007: Microsoft Windows Server Service Two Vulnerabilities
- US-CERT VU#189140: Microsoft Server Service Mailslot vulnerable to heap overflow
- VUPEN/ADV-2006-2753: Microsoft Windows Heap Overflow and Information Disclosure Vulnerabilities (MS06-035)
Reported:
Jul 11, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net