The OpenNET Project / Index page
BSD, Linux, Cisco, Web, Palm, other unix
RUSSIAN version

Search
Новость: Включаем поддержку S/MIME в Pine и Mutt.
SOFT - Unix Software catalog
LINKS - Unix resources
TOPIC - Articles from usenet
DOCUMENTATION - Unix guides
News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 3 Jul 2002 16:22:28 +0100
From: NGSSoftware Insight Security Research <nisr@nextgenss.com>
To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org
Subject: Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)

NGSSoftware Insight Security Research Advisory

Name:    Microsoft Commerce Server 2000 & Commerce Server 2002
Systems Affected:  WinNT, Win2K, XP
Severity:  High Risk
Category:               Buffer Overrun & Command Execution
Vendor URL:   http://www.microsoft.com/
Authors:  Mark Litchfield (mark@ngssoftware.com) & David Litchfield
(david@ngssoftware.com)
Advisory URL: http://www.ngssoftware.com/advisories/ms-comsrvr.txt
Date:   3rd July 2002
Advisory number: #NISR03062002
VNA Reference:  http://www.ngssoftware.com/vna/ms-comsrvr.txt


Description
***********
Microsoft's Commerce Server 2000 and 2002 are web server products for
building e-commerce sites. These products provide tools and features that
simplify the development and deployment of e-commerce solutions and
analyzing site usage and performance. There are several remotely exploitable
buffer overruns in Commerce Server in disparate locations and a CGI
executable that allows the execution of arbitrary commands.


Details
*******
The Profile Service of Microsoft Commerce Server 2000 allows remote
attackers to cause the server to fail or run arbitrary attacker supplied
code in the security context of the Local SYSTEM account. Several areas in
this service contain vulnerable code.

The Office Web Components (OWC) package installer used by Microsoft Commerce
Server 2000 allows remote attackers to cause the process to run arbitray
code in the LocalSystem security context by via input to the OWC package
installer. By default users have to authenticate to access this executable
so the risk posed is less severe in nature.

Again, the Office Web Components (OWC) package installer for Microsoft
Commerce Server 2000 allows remote attackers to execute commands by passing
the commands as input to the OWC package installer with a '/C' option.


Fix Information
***************
NGSSoftware alerted Microsoft to these problems on the 6th March 2002. The
patches are available from:
Microsoft Commerce Server 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39591
Microsoft Commerce Server 2002:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39550

A check for these issues has been added to Typhon II, of which more
information is available from the NGSSite, http://www.ngssoftware.com.

Further Information
*******************

For further information about the scope and effects of buffer overflows,
please see

http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf
http://www.ngssoftware.com/papers/ntbufferoverflow.html
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/unicodebo.pdf









<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Закладки
Добавить в закладки
Created 1996-2003 by Maxim Chirkov  
ДобавитьРекламаВебмастеруЦУПГИД  
SpyLOG TopList
RB2 Network. RB2 Network.