Vulnerability Bulletins |
Múltiple vulnerabilidades en Microsoft Windows Server Service |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Principiante |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Microsoft Windows 2000 SP4 Microsoft Windows XP SP1 Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 x64 |
Description |
|
Se han descubierto múltiples vulnerabilidades en Microsoft Windows Server Service: - CVE-2006-1314: La vulnerabilidad reside en un desbordamiento de heap en Mailslot en el driver Server. Un atacante remoto podría ejecutar código arbitrario. - CVE-2006-1315: La vulnerabilidad reside en la revelación de información de SMB en el servicio Server. Un atacante remoto podría ver fragmentos de memoria usados para almacenar tráfico SMB durante el transporte. |
|
Solution |
|
Actualización de software Microsoft Microsoft Windows 2000 SP4 http://www.microsoft.com/downloads/details.aspx?FamilyId=b207020d-90f7-4c41-8304-06af0ded6467 Microsoft Windows XP SP1 Microsoft Windows XP SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=2592a44c-82fb-4ccd-82a6-fcac7ca33172 Microsoft Windows XP Professional x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=b0f67167-7ede-4355-af6f-50c6615f6bbd Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=48f03ad7-38f9-48f4-bbfc-14c52e9c942a Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 Itanium SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=41a4a07f-bea3-48d6-b8d2-d7a5600d7179 Microsoft Windows Server 2003 x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=dfbf3fa6-9e11-48b4-894d-5436693d17f7 |
|
Standar resources |
|
Property | Value |
CVE |
CVE-2006-1314 CVE-2006-1315 |
BID | |
Other resources |
|
Microsoft Security Bulletin (MS06-035) http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-07-12 |
2.0 | Exploit público disponible | 2006-07-24 |