Security experts say they don't yet know the full scope of two recently discovered Win 2000 vulnerabilities. Microsoft released patches to correct both flaws last week.
By Mathew Schwartz
Security Wire Digest
Information Security Magazine
An attacker can crash a Windows 2000 Active Directory server by sending an LDAP search request with more than 1,000 "AND" statements and cause a denial of service. According to software provider Core Security Technologies, which discovered the vulnerabilities, anyone with network access can launch the attack. The server reboots within 30 seconds, but when it's down no users can log on to the network.
"What we haven't proved, given the time we had, is [if] you can also take control or execute your own code on the domain controller," says Core CTO Ivan Arce. Regardless, the potential attack is "serious enough" to warrant immediate upgrading, he says.
The other vulnerability affects Windows NetMeeting software for audio and video conferencing running on Windows 2000/XP. NetMeeting's file transfer feature allows users to swap files during a conference. An attacker, however, can insert commands to place files outside of the designated directory and possibly execute arbitrary code. Worse, while the program alerts users of file transfers, it doesn't allow users to accept or reject files.
Active Directory:
http://www.microsoft.com/Windows2000/downloads/ser
NetMeeting:
http://www.microsoft.com/Windows2000/downloads/ser
http://www.microsoft.com/WindowsXP/pro/downloads/s
Source: SECURITY WIRE DIGEST, VOL. 5, NO. 50, JULY 3, 2003
http://www.infosecmag.com/2003/jul/digest03.shtml#
