TITLE: Microsoft Windows NT DHCP Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA13463 VERIFY ADVISORY: http://secunia.com/advisories/13463/ CRITICAL: Moderately critical IMPACT: System access, DoS WHERE: >From local network OPERATING SYSTEM: Microsoft Windows NT 4.0 Server http://secunia.com/product/18/ Microsoft Windows NT 4.0 Server, Terminal Server Edition http://secunia.com/product/19/ DESCRIPTION: Kostya Kortchinsky has reported two vulnerabilities in Microsoft Windows NT, allowing malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) The vulnerability is caused due to an unchecked buffer during logging of a certain value from specific network packets. This can be exploited to cause the DHCP service to stop responding. 2) The vulnerability is caused due to an unchecked buffer in the handling of DHCP request traffic. This can be exploited to cause a buffer overflow and allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft Windows NT Server 4.0 (requires Service Pack 6a): http://www.microsoft.com/downloads/details.aspx?FamilyId=7CC7F82D-F2A2-49AA-BF33-897498898EAD Microsoft Windows NT Server 4.0 Terminal Server Edition (requires Service Pack 6): http://www.microsoft.com/downloads/details.aspx?FamilyId=69F3259F-3004-462C-B2A8-37F65EB78A2D PROVIDED AND/OR DISCOVERED BY: Kostya Kortchinsky, CERT Renater ORIGINAL ADVISORY: MS04-042 (KB885249): http://www.microsoft.com/technet/security/bulletin/ms04-042.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------