Vulnerability Bulletins |
Desbordamiento de búfer en RRAS de Microsoft Windows |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium Microsoft Windows Server 2003 x64 Edition |
Description |
|
|
Se han descubierto múltiples vulnerabilidades de tipo desbordamiento de búfer en Microsoft Windows. Las vulnerabilidades son descritas a continuación: - CVE-2006-2370: La vulnerabilidad reside en el servicio Routing and Remote Access Service (RRAS). Un atacante remoto podría ejecutar código arbitrario. - CVE-2006-2371: La vulnerabilidad reside en el servicio Remote Access Connection Manager service (RASMAN). Un atacante remoto podría ejecutar código arbitrario mediante peticiones relacionadas con RPC. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=c1af96b2-2807-444b-82df-b6b61ec63715 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=74838e2b-bd5f-4584-81f1-3250e6b69728 Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=09d1a284-6a16-44a5-a95e-8eb566401ce9 Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=b4264cb9-8979-40e8-b903-bc8deda00fec Microsoft Windows Server 2003 Itanium, Microsoft Windows Server 2003 SP1 Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=890535c9-98cf-49a9-ae50-178e3c5fac6b Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=bf9cef95-89fd-4ec3-be0a-93902f2bb768 |
|
Standar resources |
|
| Property | Value |
| CVE |
CVE-2006-2370 CVE-2006-2371 |
| BID |
18325 18358 |
Other resources |
|
|
Microsoft Security Bulletin (MS06-025) http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx Microsoft Security Advisory (921923) http://www.microsoft.com/technet/security/advisory/921923.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-06-14 |
| 1.1 | Exploit público disponible | 2006-06-22 |
| 1.2 | Aviso publicado por Microsoft (921923) | 2006-06-26 |