Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow
BID:1924
Info
Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow
| Bugtraq ID: | 1924 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 08 2000 12:00AM |
| Updated: | Nov 08 2000 12:00AM |
| Credit: | This vulnerability was discovered by Bruno Acselrad of CORE-SDI and post to the BUGTRAQ mailing list on November 8, 2000. This advisory was drafted with the help of the SecurityFocus.com Vulnerability Help Team. For more information or assistance drafting |
| Vulnerable: |
Microsoft Windows NT Terminal Server 4.0 |
| Not Vulnerable: | |
Discussion
Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow
GINA stands for Graphical Identification aNd Authorization and describes an interface for the validation of logon credentials. The default implementation is MSGINA.DLL.
The MSGINA.DLL in Microsoft Windows 4.0 is responsable of performing the authentication policy of the interactive logon model, and is expected to perform all identification and authentication user interactions Microsoft Windows NT 4.0 Terminal Server ships with a remotely and locally exploitable buffer overflow in a Dynamically Linked Library (RegAPI.DLL) that MSGINA.DLL uses.
It could be exploited by entering a long string in the username field. This buffer overflow when being triggered will result in a system crash (if triggered locally) or a connection drop (if triggered remotely). By providing a specially crafted username an attacker has the ability to obtain access to the Terminal Server and execute arbitrary commands as user SYSTEM.
GINA stands for Graphical Identification aNd Authorization and describes an interface for the validation of logon credentials. The default implementation is MSGINA.DLL.
The MSGINA.DLL in Microsoft Windows 4.0 is responsable of performing the authentication policy of the interactive logon model, and is expected to perform all identification and authentication user interactions Microsoft Windows NT 4.0 Terminal Server ships with a remotely and locally exploitable buffer overflow in a Dynamically Linked Library (RegAPI.DLL) that MSGINA.DLL uses.
It could be exploited by entering a long string in the username field. This buffer overflow when being triggered will result in a system crash (if triggered locally) or a connection drop (if triggered remotely). By providing a specially crafted username an attacker has the ability to obtain access to the Terminal Server and execute arbitrary commands as user SYSTEM.
Exploit / POC
Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow
Solution:
Microsoft has released a patch which eliminates the vulnerability:
Microsoft Windows NT Terminal Server 4.0
Solution:
Microsoft has released a patch which eliminates the vulnerability:
Microsoft Windows NT Terminal Server 4.0
References
Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow
References:
References: