Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] [AppSecInc Team SHATTER Security Advisory] Microsoft W

from [Team SHATTER (Application Security, Inc.)] Network Security [Permanent Link]
Subject: [Full-Disclosure] [AppSecInc Team SHATTER Security Advisory] Microsoft Windows LPC heap overflow
Date: Mon, 10 Jan 2005 17:12:24 -0500 
Microsoft Windows LPC heap overflow

AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/general/07-0001.html
January 10, 2005

Credit: This vulnerability was discovered and researched by Cesar Cerrudo of Application Security, Inc.

Risk Level: High

Summary:
A local privilege elevation vulnerability exists on the Windows operating systems. This vulnerability allows any user to take complete control over the system and affects Windows NT, Windows 2000, Windows XP, and Windows 2003 (all service packs).

Versions Affected:
Microsoft Windows NT, Windows 2000, Windows XP, and Windows 2003 (all service packs).

Details:
The LPC (Local Procedure Call) mechanism is a type of interprocess communication used by the Windows operating systems. LPC is used to communicate between processes running on the same system while RPC (Remote Procedure Call) is used to communicate between processes on remote systems.

When a client process communicates with a server using LPC, the kernel fails to check that the server process has allocated enough memory before copying data sent by the client process. The native API used to connect to the LPC port is NtConnectPort. A parameter of the NtConnectPort API allows a buffer of up 260 bytes. When using this function the buffer is copied by the kernel from the client process to the server process memory ignoring the buffer size restriction which the server process set when calling NtCreatePort (the native API used to create LPC ports). This causes a heap corruption in the server process allowing arbitrary memory to be overwritten and can lead to arbitrary code execution.

Workaround:
None.


Fix:
http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx

----------------------------------------------------------------------
Application Security, Inc.
www.appsecinc.com

AppSecInc is the leading provider of database security solutions for
the enterprise. AppSecInc products proactively secure enterprise
applications at more than 200 organizations around the world by
discovering, assessing, and protecting the database against rapidly
changing security threats. By securing data at its source, we enable
organizations to more confidently extend their business with
customers, partners and suppliers. Our security experts, combined
with our strong support team, deliver up-to-date application
safeguards that minimize risk and eliminate its impact on business. ----------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] [AppSecInc Team SHATTER Security Advisory] Microsoft Windows LPC heap overflow, Team SHATTER (Application Security, Inc.) <=
Previous by Date:  [Full-Disclosure] [AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token Validation, Team SHATTER (Application Security, Inc.)
Next by Date:  [Full-Disclosure] Windows Improper Token Validation -Exploit-, Cesar
Previous by Thread:  [Full-Disclosure] [AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token Validation, Team SHATTER (Application Security, Inc.)
Next by Thread:  [Full-Disclosure] Windows Improper Token Validation -Exploit-, Cesar
Indexes:  [Date] [Thread] [Top] [All Lists]