Alert GCSA-08083 - Vulnerabilita' in Microsoft Windows Event System
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08083
Data : 13 agosto 2008
Titolo : Vulnerabilita' in Microsoft Windows Event System (MS08-049)
******************************************************************
:: Descrizione del problema
Sono state riscontrate due vulnerabilita' in Microsoft Windows che
potrebbero essere sfruttate per compromettere un sistema vulnerabile.
La prima vulnerabilita' e' dovuta ad un errore nel servizio Event System
che non valida correttamente le richieste di sottoscrizione degli utenti
quando vengono create, e potrebbe essere sfruttata da attaccanti autenticati
per eseguire codice arbitrario con i privilegi SYSTEM.
La seconda vulnerabilita' e' dovuta ad un errore nel servizio Event System
che non valida correttamente il range di indici, quando viene chiamato un
array di puntatori di funzione. Tale vulnerabilita' potrebbe essere sfruttata
da attaccanti autenticati per eseguire codice arbitrario con privilegi SYSTEM.
:: Piattaforme e software interessati
- - Microsoft Windows 2000 Advanced Server
- - Microsoft Windows 2000 Datacenter Server
- - Microsoft Windows 2000 Professional
- - Microsoft Windows 2000 Server
- - Microsoft Windows Server 2003 Datacenter Edition
- - Microsoft Windows Server 2003 Enterprise Edition
- - Microsoft Windows Server 2003 Standard Edition
- - Microsoft Windows Server 2003 Web Edition
- - Microsoft Windows Server 2008
- - Microsoft Windows Storage Server 2003
- - Microsoft Windows Vista
- - Microsoft Windows XP Home Edition
- - Microsoft Windows XP Professional
:: Impatto
- - Privilege escalation
:: Soluzioni
Applicare le patch
Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1b2ad648-7dc9-407a-99f6-f39922746027
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=01a34aa4-a456-4efc-a93a-c3c682b0181c
Windows XP Professional x64 Edition (optionally with SP2)
http://www.microsoft.com/downloads/details.aspx?FamilyID=246b2686-e330-47a2-b4d4-68f218ad4021
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=92a3d08f-c117-4b24-bc78-2b913d270df6
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=6bfbb6d8-5106-4adf-83cb-35ffc6e8eaf8
Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=45356565-697f-41b3-9879-3edd11dbcb7e
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=6418c78f-f008-4028-beb1-5a5ea8e797a1
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=e03ccfb0-3ea3-4c59-adcf-9882d7086013
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=0640f95e-1eee-4dd1-b4dd-2b82b7e984b9
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=51a93538-5e94-4f81-a6e0-d497a7b4899d
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=390da130-749d-4890-aad7-be91e15b32bb
:: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-049.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2353
Secunia:
http://secunia.com/advisories/31417/
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1456
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1457
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSKLrmvOB+SpikaiRAQIwiAP8C0fD8gdBvotDuEC7t86tSbXo1YIE4zRl
DCAJw9SGOF/4r1i1J4FUO/nNJx7wMJhYMSzbF4h8WoSaO7jc9tr3uuBPKYBchU5A
a2g7kCNJHG5XN8882uA3dqMwhozl6sutJMDXsYj9HwnCDfkrdYwUnewNK1AaOMHl
HmxsJ/9o1Ik=
=AEoa
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08083
Data : 13 agosto 2008
Titolo : Vulnerabilita' in Microsoft Windows Event System (MS08-049)
******************************************************************
:: Descrizione del problema
Sono state riscontrate due vulnerabilita' in Microsoft Windows che
potrebbero essere sfruttate per compromettere un sistema vulnerabile.
La prima vulnerabilita' e' dovuta ad un errore nel servizio Event System
che non valida correttamente le richieste di sottoscrizione degli utenti
quando vengono create, e potrebbe essere sfruttata da attaccanti autenticati
per eseguire codice arbitrario con i privilegi SYSTEM.
La seconda vulnerabilita' e' dovuta ad un errore nel servizio Event System
che non valida correttamente il range di indici, quando viene chiamato un
array di puntatori di funzione. Tale vulnerabilita' potrebbe essere sfruttata
da attaccanti autenticati per eseguire codice arbitrario con privilegi SYSTEM.
:: Piattaforme e software interessati
- - Microsoft Windows 2000 Advanced Server
- - Microsoft Windows 2000 Datacenter Server
- - Microsoft Windows 2000 Professional
- - Microsoft Windows 2000 Server
- - Microsoft Windows Server 2003 Datacenter Edition
- - Microsoft Windows Server 2003 Enterprise Edition
- - Microsoft Windows Server 2003 Standard Edition
- - Microsoft Windows Server 2003 Web Edition
- - Microsoft Windows Server 2008
- - Microsoft Windows Storage Server 2003
- - Microsoft Windows Vista
- - Microsoft Windows XP Home Edition
- - Microsoft Windows XP Professional
:: Impatto
- - Privilege escalation
:: Soluzioni
Applicare le patch
Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1b2ad648-7dc9-407a-99f6-f39922746027
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=01a34aa4-a456-4efc-a93a-c3c682b0181c
Windows XP Professional x64 Edition (optionally with SP2)
http://www.microsoft.com/downloads/details.aspx?FamilyID=246b2686-e330-47a2-b4d4-68f218ad4021
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=92a3d08f-c117-4b24-bc78-2b913d270df6
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=6bfbb6d8-5106-4adf-83cb-35ffc6e8eaf8
Windows Server 2003 with SP1/SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=45356565-697f-41b3-9879-3edd11dbcb7e
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=6418c78f-f008-4028-beb1-5a5ea8e797a1
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=e03ccfb0-3ea3-4c59-adcf-9882d7086013
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=0640f95e-1eee-4dd1-b4dd-2b82b7e984b9
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=51a93538-5e94-4f81-a6e0-d497a7b4899d
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=390da130-749d-4890-aad7-be91e15b32bb
:: Riferimenti
Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS08-049.mspx
FrSirt:
http://www.frsirt.com/english/advisories/2008/2353
Secunia:
http://secunia.com/advisories/31417/
CVE Mitre:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1456
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1457
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSKLrmvOB+SpikaiRAQIwiAP8C0fD8gdBvotDuEC7t86tSbXo1YIE4zRl
DCAJw9SGOF/4r1i1J4FUO/nNJx7wMJhYMSzbF4h8WoSaO7jc9tr3uuBPKYBchU5A
a2g7kCNJHG5XN8882uA3dqMwhozl6sutJMDXsYj9HwnCDfkrdYwUnewNK1AaOMHl
HmxsJ/9o1Ik=
=AEoa
-----END PGP SIGNATURE-----