[Am-info] Windows NetMeeting Directory Traversal Vulnerability

Fred A. Miller fmiller@lightlink.com
Wed, 2 Jul 2003 23:39:17 -0400 

I think we're going to see more alerts, as '2000 and XP is hammered on=20
remotely. Real shame, eh? :)

=46red

Windows NetMeeting Directory Traversal Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9170/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
=46rom remote

OPERATING SYSTEM:

Microsoft Windows XP Professional
Microsoft Windows XP Home Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server

SOFTWARE:
Windows NetMeeting 3.x


DESCRIPTION:
A vulnerability has been identified in Windows NetMeeting, which can
be exploited by malicious people to overwrite arbitrary files on a
user's system with the privileges of the user.

The vulnerability is caused due to an input validation error in the
file transfer functionality. By specifying a filename starting with
the character sequence "..\", it is possible to traverse out of the
directory used to receive files. This could potentially overwrite
other files on a user's system, which may result in execution of
arbitrary code.

The vulnerability has been reported in version 3.01 (4.4.3385).
However, other versions may also be vulnerable.

SOLUTION:
Reportedly, the vulnerability has been fixed in Windows 2000 SP4 and
Windows XP SP1.

Windows 2000 Service Pack 4:
http://www.microsoft.com/Windows2000/downloads/servicepacks/sp4/

Windows XP (Professional and Home edition) Service Pack 1:
http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/

REPORTED BY / CREDITS:
Hern=E1n Ochoa, Gustavo Ajzenman, Javier Garcia Di Palma, and Pablo
Rubinstein (Core Security Technologies).

ORIGINAL ADVISORY:
http://www.coresecurity.com/common/showdoc.php?idx=3D352&idxseccion=3D10

=2D-=20
Planet Earth - a subsidiary of Microsoft=AE.
We have no bugs in our software, Never!,=20
We do have undocumented added features,
that you will find amusing, at no added cost,=20
to you, at this time.