Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
31323334353637383940
SAFER – Vol. 3, Issue 6 32 © 2000 The Relay Group
Microsoft Security Bulletin (MS00-036)
Released May 25, 2000
Affects Microsoft Windows NT4.0, 2000
Reference http://www.microsoft.com/technet/security/bulletin/fq00-036.asp
Problem
- Windows NT 4.0 and Windows 2000 implement the CIFS Computer Browser protocol. Two
vulnerabilities exist because of the inability of administrators to limit whether Master Browsers
respond to certain frames.
- The ResetBrowser Frame vulnerability, which affects both Windows NT 4.0 and Windows 2000.
Like most implementations, the Windows implementation provides the ability for a Master Browser
to shut down other browsers via the ResetBrowser frame. However, there is no capability to
configure a browser to ignore ResetBrowser frames. This could allow a malicious user to shut
down browsers on his subnet as a denial of service attack against the browser service, or, in the
worst case, to shut down all browsers and declare his machine the new Master Browser.
- The HostAnnouncement Flooding vulnerability, which does not affect Windows 2000. Because
there is no means of limiting the size of the browse table in Windows NT 4.0, a malicious user
could send a huge number of bogus HostAnnouncement frames to a Master Browser. The
resulting replication traffic could consume most or all of the network bandwidth and cause other
problems in processing the table as well.
- If a firewall were in place and blocking port 138 UDP, neither vulnerability could be exploited by an
external user. Even an internal user could only attack browsers on the same subnet as his
machine. Normal administrative tools would allow the administrator to determine who had
mounted the attack.
SAFER
- Microsoft has released a patch.
CERT Advisory CA-2000-07: Microsoft Office 2000 UA ActiveX Control
Released May 24, 2000
Affects Systems with Internet Explorer and Microsoft Office 2000
Reference http://www.cert.org/
Problem
- The Microsoft Office 2000 UA ActiveX control is incorrectly marked as "safe for scripting". This
vulnerability may allow an intruder to disable macro warnings in Office products and,
subsequently, execute arbitrary code. This vulnerability may be exploited by viewing an HTML
document via a web page, newsgroup posting, or email message.
SAFER
- Microsoft has produced a patch to correct this vulnerability.
Caldera Security Advisory CSSA-2000-013.0: buffer overflow in kdm
Released May 24, 2000
Affects OpenLinux Desktop 2.3, 2.4, OpenLinux eServer 2.3
Reference http://www.calderasystems.com/
Problem
- There is a buffer overflow in kdm, the KDE graphical login manager. Since the buffer variable that
is affected is NOT on the stack but in the data area, it is not clear whether this bug can be
exploited.
SAFER
- The proper solution is to upgrade to the fixed packages.