Alert GCSA-10136 - Vulnerabilita' in Microsoft Local Security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10136
Data : 21 Settembre 2010
Titolo : Vulnerabilita' in Microsoft Local Security Authority
Subsystem Service (LSASS) (MS10-068 - 983539)
******************************************************************
:: Descrizione del problema
E' stata riscontrata una vulnerabilita' in Microsoft Windows,
che potrebbe essere sfruttata da attaccanti per eseguire escalation di
privilegi.
La vulnerabilita' e' dovuta ad un errore di heap oveflow nel Locan
Security Authority Subsystem Service (LSASS), nell'elaborazione di
messaggi LDAP in alcune implementazioni di Active Directory, Active
Directory Application Mode (ADAM e Active Directory Lightweight
Directory Service (AD LDS), e potrebbe essere sfruttata da un attaccante
remoto autenticato con il server LSASS per eseguire codice arbitrario
con privilegi di SYSTEM.
:: Software interessato
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows 7 (32-bit)
Microsoft Windows 7 (x64)
Microsoft Windows Server 2008 R2 (x64)
:: Impatto
Escalation di privilegi
Possibile compromissione del sistema
:: Soluzioni
Applicare la patch:
http://www.microsoft.com/technet/security/bulletin/ms10-068.mspx
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms10-068.mspx
Secunia:
http://secunia.com/advisories/41419/
VuPen:
http://www.vupen.com/english/advisories/2010/2389
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0820
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTJiTU/OB+SpikaiRAQKp7wQAm042OO7iD46ycY976JAbjVL7POV7ks2+
WA+vcuWwG9Q/2yaGeJjUYb0LMgyPoU6nJCtWokxmSOlEJssH5kiUtI0ADx2er2rK
VbwIjScMTuCjxjixliI9VMXVVAHg7R0r56xZvLjZvc+XMx9zc3xYKf4R2CP2VnJC
SY3lZDGAvQk=
=AaaK
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10136
Data : 21 Settembre 2010
Titolo : Vulnerabilita' in Microsoft Local Security Authority
Subsystem Service (LSASS) (MS10-068 - 983539)
******************************************************************
:: Descrizione del problema
E' stata riscontrata una vulnerabilita' in Microsoft Windows,
che potrebbe essere sfruttata da attaccanti per eseguire escalation di
privilegi.
La vulnerabilita' e' dovuta ad un errore di heap oveflow nel Locan
Security Authority Subsystem Service (LSASS), nell'elaborazione di
messaggi LDAP in alcune implementazioni di Active Directory, Active
Directory Application Mode (ADAM e Active Directory Lightweight
Directory Service (AD LDS), e potrebbe essere sfruttata da un attaccante
remoto autenticato con il server LSASS per eseguire codice arbitrario
con privilegi di SYSTEM.
:: Software interessato
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows 7 (32-bit)
Microsoft Windows 7 (x64)
Microsoft Windows Server 2008 R2 (x64)
:: Impatto
Escalation di privilegi
Possibile compromissione del sistema
:: Soluzioni
Applicare la patch:
http://www.microsoft.com/technet/security/bulletin/ms10-068.mspx
:: Riferimenti
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms10-068.mspx
Secunia:
http://secunia.com/advisories/41419/
VuPen:
http://www.vupen.com/english/advisories/2010/2389
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0820
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTJiTU/OB+SpikaiRAQKp7wQAm042OO7iD46ycY976JAbjVL7POV7ks2+
WA+vcuWwG9Q/2yaGeJjUYb0LMgyPoU6nJCtWokxmSOlEJssH5kiUtI0ADx2er2rK
VbwIjScMTuCjxjixliI9VMXVVAHg7R0r56xZvLjZvc+XMx9zc3xYKf4R2CP2VnJC
SY3lZDGAvQk=
=AaaK
-----END PGP SIGNATURE-----