what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ms02-017

ms02-017
Posted Apr 6, 2002

Microsoft Security Advisory MS02-017 - A buffer overflow in Windows NT, 2000, and XP Multiple UNC Provider (MUP) allows local users to run code with local system privileges. Microsoft FAQ on this issue available here.

tags | overflow, local
systems | windows
SHA-256 | 0d0a190a8e1948ad828b8913add22d5cf5d74c19e00b057835d5a771346a7806

ms02-017

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

Title: Q311967: Unchecked buffer in the Multiple UNC Provider
Could Enable Code Execution
Date: 04 April 2002
Software:
- - Microsoft Windows NT 4.0 Workstation
- - Microsoft Windows NT 4.0 Server
- - Microsoft Windows NT 4.0 Server, Enterprise Edition
- - Microsoft Windows NT 4 Terminal Server Edition
- - Microsoft Windows 2000 Professional
- - Microsoft Windows 2000 Server
- - Microsoft Windows 2000 Advanced Server
- - Microsoft Windows XP Professional
Impact: Local privilege elevation and run code of attacker's
choice.
Recommendation: Administrators should consider applying the patch to
machines that allow unprivileged users to log onto them interactively
such as workstations and Terminal Servers.
Max Risk: Moderate
Bulletin: MS02-017

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-017.asp.
- -
- ----------------------------------------------------------------------

Issue:
======
The Multiple UNC Provider (MUP) is a Windows service that assists in
locating network resources that are identified via UNC (uniform
naming convention). The MUP receives commands containing UNC names from
applications and sends the name to each registered UNC provider, LAN Manager workstation, and any others that are installed. When a provider identifies a UNC name as its own, the MUP automatically redirects future instances of that name to that provider.

When MUP requests a file using the uniform naming convention (UNC), it
will allocate a buffer to store this request. There is proper input
checking in this first buffer. However, MUP stores another copy of
the file request in a buffer when it sends this request to a redirector. This second copy of the buffer does not check inputs correctly, thereby creating the possibility that a resource request to it from an unprivileged process could cause a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with Local System privileges.

Mitigating Factors:
====================
- The MUP request can only be levied by a process on the local
system. As a result, the vulnerability could only be exploited by a user who could log onto an affected system interactively.
- On Windows 2000 systems, the vulnerability could not reliably be
used to run code. This is because the attacker would need to know where the buffer was located in memory, but in Windows 2000 this is not externally discoverable or controllable.
- Best practices suggests that unprivileged users not be allow to
interactively log onto business-critical servers. If this
recommendation has been followed machines such as domain controllers, ERP servers, print and file servers, database servers, and others would not be at risk from this vulnerability.

Risk Rating:
============
- Internet systems: Low
- Intranet systems: Moderate
- Client systems: Moderate

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin at
http://www.microsoft.com/technet/security/bulletin/ms02-017.asp
for information on obtaining this patch.

Acknowledgment:
===============
- NSFOCUS at http://www.nsfocus.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQEVAwUBPKzjf40ZSRQxA/UrAQF/HQgAgmWD8RKd5W3QK8L6fCY73+vHPnKmgm+t
iYpYJoF2wFi+8AkEHZGUAHQObBwKNlbLGLV9Pejh2EBaF5Z72fR5+a7ZWzEgLGo2
SHNOSbAU8NaGSOeqxMr1bqbd2h5CevSJwsV3zuy950L/mShxDjexl+ufpBEoY2Ow
vXxbvm/l7v3YZ6Q4PhS5VXR7XBBrVoMiGtn0s2BslOgkONqeLvnT5+/6ACIrdfGE
7cTttGgLxRuYuYiqXzXI6lIs7uk/ioLmyBCpBun+YNrUDGmBgX9C1rrAIRzqiVpb
5jiAViH3j7cl4a2KXSadiD2g6KlN9gT77oa2GDqDhz9dTMILMwW8wg==
=4/uJ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close