exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ms02-051

ms02-051
Posted Sep 20, 2002
Site microsoft.com

Microsoft Security Advisory MS02-051 - A cryptographic flaw in the RDP protocol allows attackers who can sniff terminal sessions to recover the session traffic. Another vulnerability allows remote attackers who can not authenticate to deny service.

tags | remote, protocol
SHA-256 | 041acd9968b4d3e825371d30c8c1bf5eab2329f913cf49e3e95dd5808f2bcc50

ms02-051

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title: Cryptographic Flaw in RDP Protocol can Lead to
Information Disclosure (Q324380)
Released: 18 September 2002
Software: Microsoft Windows 2000
Microsoft Windows XP
Impact: Two vulnerabilities: information disclosure, denial of
service
Max Risk: Moderate
Bulletin: MS02-051

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-051.asp.
- ----------------------------------------------------------------------
Issue:
======
The Remote Data Protocol (RDP) provides the means by which Windows
systems can provide remote terminal sessions to clients. The protocol
transmits information regarding a terminal sessions' keyboard, mouse
and video to the remote client, and is used by Terminal Services in
Windows NT 4.0 and Windows 2000, and by Remote Desktop in Windows XP.
Two security vulnerabilities, both of which are eliminated by this
patch, have been discovered in various RDP implementations.

The first involves how session encryption is implemented in certain
versions of RDP. All RDP implementations allow the data in an RDP
session to be encrypted. However, in the versions in Windows 2000 and
Windows XP, the checksums of the plaintext session data are sent
without being encrypted themselves. An attacker who was able to
eavesdrop on and record an RDP session could conduct a straight-
forward cryptanalytic attack against the checksums and recover
the session traffic.

The second involves how the RDP implementation in Windows XP handles
data packets that are malformed in a particular way. Upon receiving
such packets, the Remote Desktop service would fail, and with it
would fail the operating system. It would not be necessary for an
attacker to authenticate to an affected system in order to deliver
packets of this type to an affected system.

Mitigating Factors:
====================
Cryptographic Flaw in RDP Protocol:
- - An attacker would need the ability to capture an RDP session in
order to exploit this vulnerability. In most cases, this would re-
quire that the attacker have physical access to the network media.
- - Because encryption keys are negotiated on a per-session basis, a
successful attack would allow an attacker to decrypt only a single
session and not multiple sessions. Thus, the attacker would need to
conduct a separate cryptanalytic attack against each session he or
she wished to compromise.

Denial of Service in Remote Desktop:
- - Remote Desktop service in Windows XP is not enabled by default.
- - Even if Remote Desktop service were enabled, a successful attack
would require that the attacker be able to deliver packets to the
Remote Desktop port on an affected system. Customers who block port
3389 at the firewall would be protected against attempts to exploit
this vulnerability. (By default Internet Connection Firewall does
block port 3389).

Maximum Risk Rating:
====================
- Internet systems: Moderate
- Intranet systems: Moderate
- Client systems: Moderate

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin at
http://www.microsoft.com/technet/security/bulletin/ms02-051.asp
for information on obtaining this patch.

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQEVAwUBPYj4Qo0ZSRQxA/UrAQGwjgf/R2clh7I4tA+v9gHq3It1ZCkiVb32bgS1
KcId2B0dXdBfobEPLidKwra+jFKVBNYilUEi7jA5OHsJ9tdr48blaKMp9UrvsQeL
/ea7yWnKJ/gRBGK+Qaxx2pgoVl8AVFGwd3rDzZQ43vRBMQmfNQAAqd9Y2dCr6Sro
2iIq19By+0OZYxqBuCRjPOif7w7ViIGsUyk2vXp6GJCTMOtDZWSCedGEYCrJ7que
xud9dwezKkzGhjsmuqSFIoysBd2LsTMvkgTMMcwpVCwewvqQm+McdpXcv6rEBrEp
NLoiqUwlp/27vP3OeEC6/qWPi/cxoarAyRnJ3YYZ7BXL4NLQXXzcbw==
=wabA
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close