[Am-info] Second Server 2003 bug!

Fred A. Miller fmiller@lightlink.com
Mon, 16 Jun 2003 15:55:56 -0400 

MickySoft just released Server 2003, and now there's already 2 major securi=
ty=20
bugs! :)

=46red

Microsoft Windows FIN-ACK Network Device Driver Frame Padding Information=20
Disclosure Vulnerability
BugTraq ID: 7849
Remote: Yes
Date Published: Jun 09 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7849
Summary:

Network device drivers for Microsoft Windows Server 2003 has been reported
to disclose potentially sensitive information to attackers.

=46rames that are smaller than the minimum frame size should have the unused
portion of the frame buffer padded with null (or other) bytes. Some device
drivers do not do this adequately, leaving the data that was stored in the
memory comprising the buffer prior to its use intact. Consequently, this
data may be transmitted within frames across ethernet segments. As the
ethernet frame buffer is allocated in kernel memory space, sensitive data
may be leaked.

An attacker can exploit this vulnerability by sending a simple TCP packet,
with the FIN-ACK flags set, to a vulnerable machine. A response to such a
query will involve a packet that has been padded to a sufficient length.
It may be that the information that is padded is of a sensitive nature. An
attacker may use the information obtained in this manner to launch other
attacks against a vulnerable system.

The following drivers were reported to be vulnerable to this issue:

VIA Rhine II Compatible network card (some motherboards have this
integrated) AMD PCNet family network cards (Used by some versions of
VMWare).

The affected drivers are signed by the vendor and are available on the
Windows Server 2003 CD. Both drivers have been reported to disclose
sensitive information, such as POP3 passwords, to attackers.

This vulnerability is similar to the issue described in BID 6535.

=2D-=20
Planet Earth - a subsidiary of Microsoft=AE.
We have no bugs in our software, Never!,=20
We do have undocumented added features,
that you will find amusing, at no added cost,=20
to you, at this time.