Vulnerability Note VU#570330
MS Windows NT Terminal Server 4.0 buffer overflow in regapi.dll allows remote code execution or DoS
OverviewMicrosoft Windows NT 4.0 Terminal Server contains a buffer overflow that could allow an intruder to execute arbitrary code with the privileges of an administrator.
I. DescriptionThere is a buffer overflow in the code that processes the username (specifically in RegAPI.DLL) in Microsoft Windows NT 4.0 Terminal Server. This allows an intruder to submit a specially crafted username in such a way as to cause Terminal Server to execute code of the intruder's choosing. The intruder does not need to have a valid username or password; anyone with access to port 3389/TCP can exploit this vulnerability. II. ImpactIntruders can execute arbitrary code with the privileges of a logged in administrator. Additionally, an intruder who can log in locally can cause Terminal Server to crash. III. SolutionApply a patch as described in http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q277910/default.asp.
You may also with to block access to port 3389/TCP to reduce your exposure to this vulnerability. This does not eliminate the vulnerability, but it does reduce the number of people who can exploit it.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| Microsoft | Vulnerable | 15-Aug-2001 |
References
http://www.securityfocus.com/bid/1924
http://www.microsoft.com/technet/security/bulletin/ms00-087.asp
http://www.microsoft.com/technet/security/bulletin/fq00-087.asp
Credit
This vulnerability was discovered by Bruno Acselrad of CORE SDI S.A., Buenos Aires, Argentina.
This document was written by Shawn V. Hernan.
Other Information
| Date Public | 11/08/2000 |
| Date First Published | 08/15/2001 12:29:52 AM |
| Date Last Updated | 08/15/2001 |
| CERT Advisory | |
| CVE Name | CAN-2000-1149 |
| Metric | 16.87 |
| Document Revision | 5 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
