Alert GCSA-09098 - Vulnerabilita' in Microsoft Local Authority
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09098
Data : 15 Ottobre 2009
Titolo : Vulnerabilita' in Microsoft Local Authority Subsystem
(MS09-059)
******************************************************************
:: Descrizione del problema
E' stata identificata una vulnerabilita' in Microsoft Windows, che
potrebbe essere sfruttata per causare Denial of Service.
La vulnerabilita' e' dovuta ad errori di integer underflow
nell'implementazione Windows di NTLM del servizio LSASS (Local Authority
Subsystem Service) nell'elaborare pacchetti malformati durante la
procedura di autenticazione e potrebbe permettere ad un attaccante di
causare il blocco della macchina che ne sia affetta.
:: Software interessato
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2008 R2 (x64)
Microsoft Windows Server 2008 R2 (Itanium)
Microsoft Windows 7 for (32-bit)
Microsoft Windows 7 for (x64-based Systems)
:: Impatto
Denial of Service
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-059
http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx
Secunia
http://secunia.com/advisories/37002
VuPEN
http://www.vupen.com/english/advisories/2009/2894
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2524
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSthpjPOB+SpikaiRAQIUGAQAyfSHYAuDRLdEJ3JPmJXGoRpw8H6GQLxF
1CmEbmT+RT1n3/6HDdqsJZ+pORM5mYIFq21nz3roZn1BiveHG3niIYOfy/g5Dj+e
l0uOpkKu8EDk1Kp1sKbqiP0auxdchlwiRQAvY5D2npA/qw7lvhsb4E1iOtfo7gCB
0A8Mwfd5rrQ=
=lqmG
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09098
Data : 15 Ottobre 2009
Titolo : Vulnerabilita' in Microsoft Local Authority Subsystem
(MS09-059)
******************************************************************
:: Descrizione del problema
E' stata identificata una vulnerabilita' in Microsoft Windows, che
potrebbe essere sfruttata per causare Denial of Service.
La vulnerabilita' e' dovuta ad errori di integer underflow
nell'implementazione Windows di NTLM del servizio LSASS (Local Authority
Subsystem Service) nell'elaborare pacchetti malformati durante la
procedura di autenticazione e potrebbe permettere ad un attaccante di
causare il blocco della macchina che ne sia affetta.
:: Software interessato
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2008 R2 (x64)
Microsoft Windows Server 2008 R2 (Itanium)
Microsoft Windows 7 for (32-bit)
Microsoft Windows 7 for (x64-based Systems)
:: Impatto
Denial of Service
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-059
http://www.microsoft.com/technet/security/Bulletin/MS09-059.mspx
Secunia
http://secunia.com/advisories/37002
VuPEN
http://www.vupen.com/english/advisories/2009/2894
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2524
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSthpjPOB+SpikaiRAQIUGAQAyfSHYAuDRLdEJ3JPmJXGoRpw8H6GQLxF
1CmEbmT+RT1n3/6HDdqsJZ+pORM5mYIFq21nz3roZn1BiveHG3niIYOfy/g5Dj+e
l0uOpkKu8EDk1Kp1sKbqiP0auxdchlwiRQAvY5D2npA/qw7lvhsb4E1iOtfo7gCB
0A8Mwfd5rrQ=
=lqmG
-----END PGP SIGNATURE-----