SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#586540

Microsoft Private Communication Technology (PCT) fails to properly validate message inputs

Overview

A vulnerability exists in the Private Communications Transport (PCT) protocol, which is part of the Microsoft Secure Sockets Layer (SSL) library. Exploitation of this vulnerability may permit a remote attacker to compromise the system. An exploit for this issue currently being used to compromise vulnerable systems running SSL-enabled IIS 5.0. Note the vulnerability exists in any SSL-enabled program which is running on vulnerable Windows systems. Windows 2003 Server is not affected if PCT is disabled.

I. Description

The Private Communications Transport (PCT) protocol is part of the Microsoft Secure Sockets Layer (SSL) library. A buffer overflow vulnerability exists in the PCT that could allow a remote attacker to execute arbitrary code on the system. Only systems with SSL enabled would be vulnerable to exploitation. Microsoft has listed the following mitigating factors:
  • Only systems that have enabled SSL are affected, typically only server systems. SSL support is not enabled by default on any of the affected systems. However, SSL is generally used on Web servers to support electronic commerce programs, on-line banking, and other programs that require secure communications.
  • Windows Server 2003 is only vulnerable to this issue if an administrator has manually enabled PCT (even if SSL has been enabled).
  • In some situations, the Web Publishing features of ISA Server 2000 or Proxy Server 2.0 can successfully block attempts to exploit this vulnerability. Testing has shown that the Web publishing features of ISA Server 2000, with Packet Filtering enabled and all Packet Filtering options selected can successfully block this attack with no noticeable side effects. Proxy Server 2.0 also successfully blocks this attack. However, until the security update is applied on the Proxy Server 2.0 system, this attack causes Proxy Server 2.0 Web services to stop responding and the system must be restarted.
  • Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

The following systems may be affected by this vulnerability:
  • Windows NT 4.0
  • Windows 2000
  • Windows XP
  • Windows Server 2003

II. Impact

A remote attacker may be able to execute arbitrary code on the system.

III. Solution

Apply a patch from the vendor


Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.

Systems Affected

VendorStatusDate NotifiedDate Updated
Microsoft CorporationVulnerable13-Apr-2004

References

http://www.us-cert.gov/current/current_activity.html#pct
http://www.us-cert.gov/cas/techalerts/TA04-104A.html
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Credit

Thanks to Microsoft for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

Date Public:2004-04-13
Date First Published:2004-04-13
Date Last Updated:2004-04-22
CERT Advisory: 
CVE-ID(s):CAN-2003-0719
NVD-ID(s):CAN-2003-0719
US-CERT Technical Alerts: 
Metric:40.16
Document Revision:4

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader