View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

Microsoft Windows DNS Server RPC interface remote code execution vulnerability

Date Discovered:
12 Apr 2007

Date Published:
13 Apr 2007

Last Updated:
14 Nov 2007

Threat Assessment

Overall Risk:  Critical
Popularity : Critical
Impact:  Critical
Simplicity:  High

Characteristics

Vulnerability ID:  35234
Discovered By:  Mark Hofman and Bill O'Malley

Exploitable Locally:  No
Exploitable Remotely:  Yes

Impact:  A remote attacker can execute arbitrary code.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

Microsoft Windows contains a vulnerability that can allow a remote attacker to execute arbitrary code. The vulnerability is due to the existance of stack based buffer overflow in Windows DNS Server's RPC interface implementation. An attacker can send a specially crafted RPC packet to the affected system to execute arbitrary code.

Back to top

Recommendations



-------------------------------------------------------------------------------
For: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 IT
Apply: Windows2000-KB941672-x86
If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 EN

Download:
http://download.microsoft.com/download/0/3/f/03f6c957-38e3-4bff-9d66-6664f9eee8ee/Windows2000-KB941672-x86-ENU.EXE


-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN
Apply: WindowsServer2003-KB941672-x86
If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN

Download:
http://download.microsoft.com/download/2/e/4/2e4fc140-e6ec-4307-8f97-e6de598fbe32/WindowsServer2003-KB941672-x86-ENU.exe


-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN
Apply: Windowsserver2003-kb935966-x86
If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN

Download:
http://download.microsoft.com/download/d/b/5/db563979-2299-48f4-8815-ebccc521e3b8/WindowsServer2003-KB935966-x86-ENU.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 ES, Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES

Download:
http://download.microsoft.com/download/f/2/6/f26c5776-0f47-4e07-9a90-cd4b3ae9c892/WindowsServer2003-KB935966-x86-ESN.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT

Download:
http://download.microsoft.com/download/d/5/0/d502a8a8-0304-4a8c-95eb-10fe64fe4d86/WindowsServer2003-KB935966-x86-ITA.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 FR, Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR

Download:
http://download.microsoft.com/download/2/4/9/24926b99-df39-421c-9eca-9b5f7ae2c755/WindowsServer2003-KB935966-x86-FRA.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE

Download:
http://download.microsoft.com/download/3/d/1/3d1a47bc-81dd-4019-ab8a-c8aa4c559aa1/WindowsServer2003-KB935966-x86-DEU.exe


-------------------------------------------------------------------------------
For: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN

The following workarounds can be applied to block known attack vectors:- 1. Disabling remote management over RPC capability for DNS Servers through the registry key setting: 1. Click on Start->Run and type regedt32. 2. Expand the hive:“HKEY_LOCAL_MACHINE. Expand the CurrentControlSet\Services\DNS\Parameters. 3. On top of the registry window, click on the Edit Menu -> New->DWORD Value. 4. Where 'New Value #1' is highlighted type 'RpcProtocol' for the name. 5. Double click on newly created value->Set Value to ‘4’ (without the commas).6. Restart DNS. 2. Blocking at the firewall: Following TCP and UDP port number 445 and 139 as well as ports greater than 1024 should be blocked at the firewall. 3. Enabling advanced TCP/IP filtering: Enable advanced TCP/IP filtering to block all unsolicited inbound traffic. 4. Blocking using IPsec: Following TCP and UDP port number 445 and 139 as well as ports greater than 1024 should be blocked using IPsec on the affected systems.



-------------------------------------------------------------------------------
For: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 IT
Apply: Windows2000-KB935966-x86
If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 ES

Download:
http://download.microsoft.com/download/7/6/7/7677699f-ffc6-42ca-b7f6-6f366514d653/Windows2000-KB935966-x86-ESN.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 DE

Download:
http://download.microsoft.com/download/d/5/8/d58fc1eb-42c5-4a04-8426-6a720b305b9d/Windows2000-KB935966-x86-DEU.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 EN

Download:
http://download.microsoft.com/download/2/c/8/2c841492-8c0f-4273-b2c6-7072595731da/Windows2000-KB935966-x86-ENU.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 IT

Download:
http://download.microsoft.com/download/3/f/a/3fa873cf-35b6-4a7e-ac72-d16c6daa52fa/Windows2000-KB935966-x86-ITA.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 FR

Download:
http://download.microsoft.com/download/f/3/3/f33a5841-c3ec-4f14-b32b-c349ff9f9615/Windows2000-KB935966-x86-FRA.EXE

Back to top

Affected Technologies

Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 EN
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 ES
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 FR
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 IT
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 DE
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 EN
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 ES
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 FR
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Standard Edition SP2 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Standard Edition SP2 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Standard Edition SP2 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN

Back to top

References

Microsoft: 935964
Microsoft: ms07-029
Mitre CVE: CVE-2007-1748

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare