Vulnerability Bulletins |
Ejecución de código mediante SNMP en Microsoft Windows |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 |
Description |
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en el servicio SNMP de Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1 y posiblemente otras versiones. La vulnerabilidad reside en que no se comprueba correctamente el tamaño de algunos datos SNMP al ser copiados en un búfer. Un atacante remoto podría ejecutar código arbitrario mediante paquetes SNMP especialmente construidos. |
|
Solution |
|
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=ecc1e691-626b-405c-87d1-15931d1e4258 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=2b57e00f-0f47-4567-b40f-f630ba5a29cb Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=65ab5876-7c9a-4add-8b6d-0fd7d617397a Microsoft Windows Server 2003 Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=7856ee11-4f3a-4138-bfce-1b97fb25be69 Microsoft Windows Server 2003 / Itanium-based Systems Microsoft Windows Server 2003 SP1 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=c1b01b91-c565-4d1f-90ec-f57a70fa012e Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=5b61249a-dba7-4fd5-85f3-b918044bbc92 Hewlett-Packard MS03-001 - MS03-051 / Security Bulletin HPSBST02146 MS04-001 - MS04-045 / Security Bulletin HPSBST02147 MS05-001 - MS05-055 / Security Bulletin HPSBST02148 MS06-001 - MS06-051 / Security Bulletin HPSBST02140 http://itrc.hp.com/ |
|
Standar resources |
|
Property | Value |
CVE | CVE-2006-5583 |
BID | |
Other resources |
|
Microsoft Security Bulletin MS06-074 http://www.microsoft.com/technet/security/bulletin/ms06-074.mspx HP SECURITY BULLETIN (HPSBST02180) http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=c00828603 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-12-13 |
1.1 | Aviso actualizado por HP (HPSBST02180) | 2006-12-20 |