Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
Microsoft Windows
(1.1.4 x86 Windows 2000 Server SP4, 1.2.1 x86 Windows XP SP1, 1.2.2 x86 Windows XP SP2, 1.3.0 x86 Windows 2003 Server, 1.3.1 x86 Windows 2003 Server SP1, 2.2.0 x64 Windows XP, 2.3.0 x64 Windows 2003 Server, 3.3.0 i64 Windows 2003 Server , 3.3.1 i64 Windows 2003 Server SP1)
Microsoft Updates
(KB914388)
Описание
В службе клиента DHCP имеется уязвимость удаленного запуска кода, которая может позволить воспользовавшемуся ею злоумышленнику установить полный контроль над системой.
Как исправить
Используйте рекомендации производителя:
http://www.microsoft.com/technet/security/Bulletin/MS06-036.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-036.mspx
Ссылки
BUGTRAQ (20060711 CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow): http://www.securityfocus.com/archive/1/archive/1/439675/100/0/threaded
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdf
MS (MS06-036): http://www.microsoft.com/technet/security/bulletin/ms06-036.mspx
BID (18923): http://www.securityfocus.com/bid/18923
FRSIRT (ADV-2006-2754): http://www.frsirt.com/english/advisories/2006/2754
CERT (TA06-192A): http://www.us-cert.gov/cas/techalerts/TA06-192A.html
CERT-VN (VU#257164): http://www.kb.cert.org/vuls/id/257164
SECTRACK (1016468): http://securitytracker.com/id?1016468
BUGTRAQ (20060829 CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow): http://www.securityfocus.com/archive/1/archive/1/444631/100/0/threaded
OVAL (oval:org.mitre.oval:def:232): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:232
FULLDISC (20060711 CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow): http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0222.html
MILW0RM (2054): http://milw0rm.com/exploits/2054
OSVDB (27151): http://www.osvdb.org/27151
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_Microsoft_Windows_DHCP_Client_Service_Remote_Buffer_Overflow.pdf
MS (MS06-036): http://www.microsoft.com/technet/security/bulletin/ms06-036.mspx
BID (18923): http://www.securityfocus.com/bid/18923
FRSIRT (ADV-2006-2754): http://www.frsirt.com/english/advisories/2006/2754
CERT (TA06-192A): http://www.us-cert.gov/cas/techalerts/TA06-192A.html
CERT-VN (VU#257164): http://www.kb.cert.org/vuls/id/257164
SECTRACK (1016468): http://securitytracker.com/id?1016468
BUGTRAQ (20060829 CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow): http://www.securityfocus.com/archive/1/archive/1/444631/100/0/threaded
OVAL (oval:org.mitre.oval:def:232): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:232
FULLDISC (20060711 CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow): http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0222.html
MILW0RM (2054): http://milw0rm.com/exploits/2054
OSVDB (27151): http://www.osvdb.org/27151