Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
BID:21023
Info
Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
| Bugtraq ID: | 21023 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-4688 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2006 12:00AM |
| Updated: | Nov 29 2006 10:00PM |
| Credit: | Discovery is credited to Peter Winter-Smith of NGS Software and Sam Arun Raj of McAfee. |
| Vulnerable: |
Nortel Networks Centrex IP Element Manager 9.0 Nortel Networks Centrex IP Element Manager 8.0 Nortel Networks Centrex IP Element Manager 7.0 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP Gold 0 Microsoft Windows XP Embedded SP1 Microsoft Windows XP Embedded Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server HP Storage Management Appliance 2.1 Avaya S8100 Media Servers R9 Avaya S8100 Media Servers R8 Avaya S8100 Media Servers R7 Avaya S8100 Media Servers R6 Avaya S8100 Media Servers R12 Avaya S8100 Media Servers R11 Avaya S8100 Media Servers R10 Avaya S8100 Media Servers 0 Avaya Messaging Application Server 0 |
| Not Vulnerable: | |
Discussion
Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
Microsoft Client Service for Netware is prone to a remote code-execution vulnerability.
A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the user running the affected service.
Note that the Client Service for Netware is not installed by default on any affected operating system.
Microsoft Client Service for Netware is prone to a remote code-execution vulnerability.
A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the user running the affected service.
Note that the Client Service for Netware is not installed by default on any affected operating system.
Exploit / POC
Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
The following proof-of-concept and full exploits are available to members of the Immunity Partner's program:
https://www.immunityinc.com/downloads/immpartners/ms06_066-1.tar
https://www.immunityinc.com/downloads/immpartners/ms06_066-2.tar
https://www.immunityinc.com/downloads/immpartners/ms06_066-3.tar
https://www.immunityinc.com/downloads/immpartners/ms06_066-4.tar
The following proof-of-concept and full exploits are available to members of the Immunity Partner's program:
https://www.immunityinc.com/downloads/immpartners/ms06_066-1.tar
https://www.immunityinc.com/downloads/immpartners/ms06_066-2.tar
https://www.immunityinc.com/downloads/immpartners/ms06_066-3.tar
https://www.immunityinc.com/downloads/immpartners/ms06_066-4.tar
Solution / Fix
Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
Solution:
Microsoft has released updates to address this vulnerability on supported platforms. Please see the referenced bulletin for more information.
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1 Beta 1
Microsoft Windows Server 2003 Web Edition SP1 Beta 1
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1
Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows XP Professional SP2
Microsoft Windows 2000 Server SP4
Solution:
Microsoft has released updates to address this vulnerability on supported platforms. Please see the referenced bulletin for more information.
Microsoft Windows Server 2003 Datacenter Edition SP1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Enterprise Edition SP1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Standard Edition SP1 Beta 1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Web Edition SP1 Beta 1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Enterprise Edition
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows XP Tablet PC Edition SP2
-
Microsoft Security Update for Windows XP (KB923980)
http://www.microsoft.com/downloads/details.aspx?familyid=2f54258f-1071 -467b-80a2-e4dbfc050667&displaylang=en
Microsoft Windows Server 2003 Web Edition
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Web Edition SP1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Standard Edition SP1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Standard Edition
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows XP Professional SP2
-
Microsoft Security Update for Windows XP (KB923980)
http://www.microsoft.com/downloads/details.aspx?familyid=2f54258f-1071 -467b-80a2-e4dbfc050667&displaylang=en
Microsoft Windows 2000 Server SP4
-
Microsoft Security Update for Windows 2000 (KB923980)
http://www.microsoft.com/downloads/details.aspx?familyid=3cf0b0d1-ff07 -40ac-a6ac-44dc4a54f91e&displaylang=en
References
Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
References:
References:
- Microsoft Windows Services for NetWare Web Site (Microsoft)
- Vendor Home Page (Microsoft)
- Vulnerabilities in Client Service for NetWare ([email protected])
- Avaya: Microsoft Security Bulletin Summary for November 2006 MS06-66 - MS06-71 (Avaya)
- CENTREX IP CLIENT MANAGER (CICM) RESPONSE TO MICROSOFT (Nortel Networks)
- Microsoft Security Bulletin MS06-066 (Microsoft)