Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Alert: Microsoft Security Bulletin MS04-036 - Vulnerability in NNTP Coul

from [Russ Cooper] Network Security [Permanent Link]
Subject: Alert: Microsoft Security Bulletin MS04-036 - Vulnerability in NNTP Could Allow Remote Code Execution (883935)
Date: Tue, 12 Oct 2004 13:24:27 -0400 
Microsoft Security Bulletin MS04-036:
Vulnerability in NNTP Could Allow Remote Code Execution (883935)

Bulletin URL:
<http://www.microsoft.com/technet/security/bulletin/MS04-036.mspx>

Version Number: 1.0
Issued Date: Tuesday, October 12, 2004
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: None
Caveats: None

Tested Software:
Affected Software:
------------------
* Microsoft Windows NT Server 4.0 Service Pack 6a
<http://tinyurl.com/726tm>
* Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 
Server Service Pack 4
<http://tinyurl.com/3hrlu>
* Microsoft Windows Server(tm) 2003
<http://tinyurl.com/5a6dw>
* Microsoft Windows Server 2003 64-Bit Edition Microsoft Exchange 2000 Server 
Service Pack 3 (Uses the Windows 2000 NNTP component) Microsoft Exchange Server 
2003 and Microsoft Exchange Server 2003 Service Pack 1 (Uses the Windows 2000 
or Windows Server 2003 NNTP component)
<http://tinyurl.com/4exhv>

Affected Components:
--------------------
* Microsoft Windows NT Server 4.0 Service Pack 6a NNTP component
* Microsoft Windows 2000 Server Service Pack 3 NNTP component and Microsoft 
Windows 2000 Server Service Pack 4 NNTP component
* Microsoft Windows Server 2003 NNTP Component
* Microsoft Windows Server 2003 64-Bit Edition NNTP Component

Technical Description:
----------------------
* NNTP Vulnerability - CAN-2004-0574: A remote code execution vulnerability 
exists within the Network News Transfer Protocol (NNTP) component of the 
affected operating systems. This vulnerability could potentially affect systems 
that do not use NNTP. This is because some programs that are listed in the 
affected software section require that the NNTP component be enabled before you 
can install them. An attacker could exploit the vulnerability by constructing a 
malicious request that could potentially allow remote code execution. An 
attacker who successfully exploited this vulnerability could take complete 
control of an affected system.

This email is sent to NTBugtraq automagically as a service to my subscribers. 
(v4.01.1664.40858)

Cheers,
Russ - Senior Scientist - TruSecure Corporation/NTBugtraq Editor

--
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such 
that just hitting reply is going to result in the message coming to the list, 
not to the individual who sent the message. This was done to help reduce the 
number of Out of Office messages posters received. So if you want to send a 
reply just to the poster, you'll have to copy their email address out of the 
message and place it in your TO: field.
--
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Alert: Microsoft Security Bulletin MS04-036 - Vulnerability in NNTP Could Allow Remote Code Execution (883935), Russ Cooper <=
Previous by Date:  Alert: Microsoft Security Bulletin MS04-035 - Vulnerability in SMTP Could Allow Remote Code Execution (885881), Russ Cooper
Next by Date:  Alert: Microsoft Security Bulletin MS04-037 - Vulnerability in Windows Shell Could Allow Remote Code Execution (841356), Russ Cooper
Previous by Thread:  Alert: Microsoft Security Bulletin MS04-035 - Vulnerability in SMTP Could Allow Remote Code Execution (885881), Russ Cooper
Next by Thread:  Alert: Microsoft Security Bulletin MS04-037 - Vulnerability in Windows Shell Could Allow Remote Code Execution (841356), Russ Cooper
Indexes:  [Date] [Thread] [Top] [All Lists]