GEN:SID | 1:2126 |
Message | MISC Microsoft PPTP Start Control Request buffer overflow attempt |
Summary | This event is generated when a remote attacker attempts to overflow Microsoft's PPTP RAS service.
|
Impact | Administrative Compromise. This attack may permit executation of arbitrary commands with the privileges of the NT SYSTEM account.
|
Detailed Information | A buffer overflow exists when a malformed SCR (Start Control Request) PPTP packet is received by the PPTP RAS service. This may permit executation of arbitrary commands with the privileges of root.
|
Affected Systems | Windows 2000 Professional Windows 2000 Server Windows 2000 Advanced Server
|
Attack Scenarios | Exploit code can be used to attack vulnerable PPTP RAS services to obtain SYSTEM level access to the remote host.
|
Ease of Attack | Difficult. Currently Sourcefire is unaware of any publicly available exploits for this vulnerability.
|
Corrective Action | Microsoft as released the following patches to correct the problem:
Microsoft Windows 2000 Professional SP3:
Microsoft Patch Q329834 http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno
Microsoft Windows 2000 Server SP3:
Microsoft Patch Q329834 http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno
Microsoft Windows 2000 Advanced Server SP3:
Microsoft Patch Q329834 http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno
Microsoft Windows 2000 Terminal Services SP3:
Microsoft Patch Q329834 http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno
Microsoft Windows 2000 Advanced Server SP2:
Microsoft Patch Q329834 http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno
Microsoft Windows 2000 Professional SP2:
Microsoft Patch Q329834 http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno
Microsoft Windows 2000 Server SP2:
Microsoft Patch Q329834 http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno
Microsoft Windows 2000 Terminal Services SP2:
Microsoft Patch Q329834 http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3Dno
Microsoft Windows XP Home SP1:
Microsoft Patch Q329834 http://download.microsoft.com/download/whistler/Patch/Q329834/WXP/EN-US/Q329834_WXP_SP2_x86_ENU.exe
Microsoft Windows XP Professional SP1:
Microsoft Patch Q329834 http://download.microsoft.com/download/whistler/Patch/Q329834/WXP/EN-US/Q329834_WXP_SP2_x86_ENU.exe
Microsoft Windows XP 64-bit Edition SP1:
Microsoft Patch Q329834 http://download.microsoft.com/download/whistler/Patch/Q329834/W64XP/EN-US/Q329834_WXP_SP2_ia64_ENU.exe
|
Additional References | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1214 http://www.securityfocus.com/bid/5807
|
Rule References | bugtraq: 5807
cve: 2002-1214
|