[Am-info] Here's another one! Bill Gates lied! Security ISN'T "job one" at MickySoft!!
Fred A. Miller
fmiller@lightlink.com
Fri, 12 Sep 2003 15:14:02 -0400
Isn't this the "latest and greatest" from MickySoft? Isn't it supposed=20
to be stable and secure?! Yeah right - business as usual at MickySoft.=20
Bad designs are bad designs, and bad code is bad code.
=46red
________________
Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
=46rom remote
OPERATING SYSTEM:
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
DESCRIPTION:
A security issue has been identified in Windows 2003 Server, which
can be exploited to bypass the security mechanism included for
detecting and protecting against exploitation of stack based buffer
overflows.
The problem is that it is possible to cause stack based buffer
overflows without overwriting the canary or cookie placed on the
stack to detect possible exploitation.
See the original paper for a detailed description.
SOLUTION:
Don't rely solely on the protection mechanism to prevent exploitation
of stack based buffer overflows. Make sure that systems are patched
or apply workarounds when new vulnerabilities are reported and follow
best security practises to lessen impact and threat.
REPORTED BY / CREDITS:
David Litchfield, NGSSoftware.
ORIGINAL ADVISORY:
http://www.nextgenss.com/papers/defeating-w2k3-stack-protection.pdf
=2D-=20
"...Linux, MS-DOS, and Windows XP (also known as the Good, the Bad, and
the Ugly)."