Vulnerability Bulletins |
Desbordamiento de búfer en RPC/DNS de Microsoft Windows |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft - Windows 2000 - SP4 Microsoft - Windows 2003 - SP1 Microsoft - Windows 2003 - SP2 |
Description |
|
|
Se ha encontrado una vulnerabilidad en el interfaz RPC en el Domain Name System (DNS) Server Service en Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, y Server 2003 SP 2. La vulnerabilidad reside en el desbordamiento de búfer basado en pila. Un atacante remoto podría ejecutar código a través de vectores no especificados. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows 2000 Server Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=d9de0480-5fa9-4974-a82f-5d89056484c4 Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=dfb5eaca-788b-475c-9817-491f0b7cf295 Microsoft Windows Server 2003 Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=dfb5eaca-788b-475c-9817-491f0b7cf295 Microsoft Windows Server 2003 SP1 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=d4ce0aa8-46ac-446c-b1e3-ff76f1311610 Microsoft Windows Server 2003 SP2 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=d4ce0aa8-46ac-446c-b1e3-ff76f1311610 Microsoft Windows Server 2003 x64 Edition Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=e7a7b46b-775d-4912-8119-3ab9a95d775a Microsoft Windows Server 2003 x64 Edition Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=e7a7b46b-775d-4912-8119-3ab9a95d775a |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-1748 |
| BID | 23470 |
Other resources |
|
|
Microsoft Security Advisory (935964) http://www.microsoft.com/technet/security/advisory/935964.mspx Microsoft Security Bulletin MS07-029 http://www.microsoft.com/technet/security/bulletin/ms07-029.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-04-18 |
| 1.1 | Aviso emitido por Microsoft (MS07-029) | 2007-05-09 |