[MS] Buffer Overflow beim Entpacken von ZIP-Archiven - MS04-034

win-sec-ssc at dfn-cert.de win-sec-ssc at dfn-cert.de
Wed Oct 13 14:56:01 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung des Microsoft Product Security
Notification Service. Wir geben diese Informationen unveraendert an Sie
weiter.

CAN-2004-0575 - Buffer Overflow beim Entpacken von ZIP-Archiven

  Die Bibliothek DUNZIP32.DLL ermoeglicht die transparente Verwendung
  von ZIP-Archiven im Windows Explorer. Aufgrund von Fehlern in der
  Bibliothek kann ein langer Dateiname innerhalb eines Archivs einen
  Buffer Overflow ausloesen. Bei erfolgreicher Ausnutzung kann
  beliebiger Programm-Code mit den Rechten des Benutzers ausgefuehrt
  werden. Ein entfernter Angreifer kann die Schwachstelle ausnutzen z.B.
  durch die Bereitstellung eines entsprechend manipulierten Archivs auf
  einer Webseite oder innerhalb einer Mail.

  Arbeitet der Benutzer mit den Rechten des Administrators, so kann ein
  Angreifer bei erfolgreicher Ausnutzung der Schwachstelle die komplette
  Kontrolle ueber das System erlangen. Dies ist oft die
  Default-Einstellung.

Betroffen ist die Bibliothek DUNZIP32.DLL zum entpacken von ZIP-Archiven
unter Microsoft Windows XP und Microsoft Windows 2003. Laut dem Advisory
von eEye Security ist auch Microsoft Windows ME betroffen:

  http://www.eeye.com/html/research/advisories/AD20041012A.html

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Das DFN-CERT stellt einen FTP-Spiegel von Inhalten der Microsoft
FTP-Servers und der aktuellen Service-Packs und Patches fuer die
verschiedenen Windows Versionen und Produkte (32 und 64Bit, deutsch
und us-amerikanisch) bereit:

Microsoft Windows XP mit oder ohne Service Pack 1 (englisch)
ftp://ftp.cert.dfn.de/pub/vendor/microsoft/winxp/Security_Bulletins/WindowsXP-KB873376-x86-enu.exe

Microsoft Windows XP mit oder ohne Service Pack 1 (deutsch)
ftp://ftp.cert.dfn.de/pub/vendor/microsoft/winxp/Security_Bulletins/WindowsXP-KB873376-x86-deu.exe

Microsoft Windows XP 64 Bit Service Pack 1 (englisch)
ftp://ftp.cert.dfn.de/pub/vendor/microsoft/winxp/Security_Bulletins/WindowsXP-KB873376-ia64-enu.exe
(Eine deutsche Version des Patches lag noch nicht vor.)

Microsoft Windows XP 64 Bit Version 2003 (englisch)
ftp://ftp.cert.dfn.de/pub/vendor/microsoft/winxp/Security_Bulletins/WindowsServer2003-KB873376-ia64-enu.EXE

Microsoft Windows XP 64 Bit Version 2003 (deutsch)
ftp://ftp.cert.dfn.de/pub/vendor/microsoft/winxp/Security_Bulletins/WindowsServer2003-KB873376-ia64-deu.EXE

Microsoft Windows Server 2003 (englisch)
ftp://ftp.cert.dfn.de/pub/vendor/microsoft/win2003/Security_Bulletins/WindowsServer2003-KB873376-x86-enu.EXE

Microsoft Windows Server 2003 (deutsch)
ftp://ftp.cert.dfn.de/pub/vendor/microsoft/win2003/Security_Bulletins/WindowsServer2003-KB873376-x86-deu.EXE

Microsoft Windows Server 2003 64-Bit Edition (englisch)
ftp://ftp.cert.dfn.de/pub/vendor/microsoft/win2003/Security_Bulletins/WindowsServer2003-KB873376-ia64-enu.EXE

Microsoft Windows Server 2003 64-Bit Edition (deutsch)
ftp://ftp.cert.dfn.de/pub/vendor/microsoft/win2003/Security_Bulletins/WindowsServer2003-KB873376-ia64-deu.EXE

Der Hersteller empfiehlt als Workaround die Verknuepfung von ZIP-Archiven
aufzuheben, um eine Ausnutzung zu verhindern. Um weiterhin ZIP-Archive
entpacken zu koennen, bietet es sich an, ein Programm von Drittanbietern
zu verwenden.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
   Andreas Bunten, DFN-CERT

- -- 
Andreas Bunten (CSIRT), DFN-CERT Services GmbH
https://www.dfn-cert.de/, +49 40 808077-617


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Bulletin Summary for October 2004
Issued: October 12, 2004
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=35989
********************************************************************

Summary:
========
This advisory contains information about all security updates
released this month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

    MS04-032  - Security Update for Microsoft Windows (840987)

              - Affected Software:
                - Windows NT Server 4.0 Service Pack 6a
                - Windows NT Server 4.0 Terminal Server Edition
                   Service Pack 6
                - Windows 2000 Service Pack 3
                - Windows 2000 Service Pack 4
                - Windows XP and Windows XP Service Pack 1
                - Windows XP 64-Bit Edition Service Pack 1
                - Windows XP 64-Bit Edition Version 2003
                - Windows Server 2003
                - Windows Server 2003 64-Bit Edition

              - Review the FAQ section of bulletin MS04-O32 for
                information about these operating systems:
                - Microsoft Windows 98
                - Microsoft Windows 98 Second Edition (SE)
                - Microsoft Windows Millennium Edition (ME)

              - Impact: Remote Code Execution
              - Version Number: 1.0

    MS04-033  - Vulnerability in Microsoft Excel Could Allow
                Remote Code Execution (886836)

              - Affected Software:
                - Microsoft Office 2000 Software Service Pack 3
                - Microsoft Office XP Software Service Pack 2
                - Microsoft Office 2001 for Mac
                - Microsoft Office v. X for Mac

              - Impact: Remote Code Execution
              - Version Number: 1.0

    MS04-034  - Vulnerability in Compressed (zipped) Folders
                Could Allow Remote Code Execution (873376)

              - Affected Software:
                - Windows XP and Windows XP Service Pack 1
                - Windows XP 64-Bit Edition Service Pack 1
                - Windows XP 64-Bit Edition Version 2003
                - Windows Server 2003
                - Windows Server 2003 64-Bit Edition

              - Impact: Remote Code Execution
              - Version Number: 1.0

    MS04-035  - Vulnerability in SMTP Could Allow Remote
                Code Execution (885881)

              - Affected Software:
                - Windows XP 64-Bit Edition Version 2003
                - Windows Server 2003
                - Windows Server 2003 64-Bit Edition

                - Exchange Server 2003 when installed on
                  Windows Server 2003
                - Exchange Server 2003 Service Pack 1 when
                   installed on Microsoft Windows Server 2003
                - Exchange Server 2003 when installed on
                   Windows 2000 Service Pack 3
                - Exchange Server 2003 when installed on
                   Windows 2000 Service Pack 4

              - Impact: Remote Code Execution
              - Version Number: 1.0

    MS04-036  - Vulnerability in NNTP Could Allow
                Remote Code Execution (883935)

              - Affected Software:
                - Windows NT Server 4.0 Service Pack 6a
                - Windows 2000 Service Pack 3
                - Windows 2000 Service Pack 4
                - Windows Server 2003
                - Windows Server 2003 64-Bit Edition

                - Exchange 2000 Server Service Pack 3
                   (Uses the Windows 2000 NNTP component)
                - Exchange Server 2003
                   (Uses the Windows 2000 or Windows Server
                    2003 NNTP component)
                - Exchange Server 2003 Service Pack 1
                   (Uses the Windows 2000 or Windows Server
                    2003 NNTP component)

              - Impact: Remote Code Execution
              - Version Number: 1.0

    MS04-037  - Vulnerability in Windows Shell Could Allow
                Remote Code Execution (841356)

              - Affected Software:
                - Windows NT Server 4.0 Service Pack 6a
                - Windows NT Server 4.0 Terminal Server Edition
                   Service Pack 6
                - Windows 2000 Service Pack 3
                - Windows 2000 Service Pack 4
                - Windows XP and Windows XP Service Pack 1
                - Windows XP 64-Bit Edition Service Pack 1
                - Windows XP 64-Bit Edition Version 2003
                - Windows Server 2003
                - Windows Server 2003 64-Bit Edition

              - Review the FAQ section of bulletin MS04-O37 for
                information about these operating systems:
                - Microsoft Windows 98
                - Microsoft Windows 98 Second Edition (SE)
                - Microsoft Windows Millennium Edition (ME)

              - Impact: Remote Code Execution
              - Version Number: 1.0

    MS04-038  - Cumulative Security Update for
                Internet Explorer (834707)

              - Affected Software:
                - Windows NT Server 4.0 Service Pack 6a
                - Windows NT Server 4.0 Terminal Server Edition
                   Service Pack 6
                - Windows 2000 Service Pack 3
                - Windows 2000 Service Pack 4
                - Windows XP
                - Windows XP Service Pack 1
                - Windows XP Service Pack 2
                - Windows XP 64-Bit Edition Service Pack 1
                - Windows XP 64-Bit Edition Version 2003
                - Windows Server 2003
                - Windows Server 2003 64-Bit Edition

              - Review the FAQ section of bulletin MS04-O38 for
                information about these operating systems:
                - Microsoft Windows 98
                - Microsoft Windows 98 Second Edition (SE)
                - Microsoft Windows Millennium Edition (ME)

              - Impact: Remote Code Execution
              - Version Number: 1.0


Important Security Bulletins
============================

    MS04-029  - Vulnerability in RPC Runtime Library Could Allow
                Information Disclosure and
                Denial of Service (873350)

              - Affected Software:
                - Windows NT Server 4.0 Service Pack 6a
                - Windows NT Server 4.0 Terminal Server Edition
                  Service Pack 6

              - Impact: Information Disclosure and
                        Denial of Service
              - Version Number: 1.0

    MS04-030  - Vulnerability in WebDAV XML Message Handler Could
                Lead to a Denial of Service (824151)

              - Affected Software:
                - Windows 2000 Service Pack 3
                - Windows 2000 Service Pack 4
                - Windows XP and Windows XP Service Pack 1
                - Windows XP 64-Bit Edition Service Pack 1
                - Windows XP 64-Bit Edition Version 2003
                - Windows Server 2003
                - Windows Server 2003 64-Bit Edition

              - Impact: Denial of Service
              - Version Number: 1.0

    MS04-031  - Vulnerability in NetDDE Could Allow Remote
                Code Execution (841533)

              - Affected Software:
                - Windows NT Server 4.0 Service Pack 6a
                - Windows NT Server 4.0 Terminal Server Edition
                  Service Pack 6
                - Windows 2000 Service Pack 3
                - Windows 2000 Service Pack 4
                - Windows XP and Windows XP Service Pack 1
                - Windows XP 64-Bit Edition Service Pack 1
                - Windows XP 64-Bit Edition Version 2003
                - Windows Server 2003
                - Windows Server 2003 64-Bit Edition

              - Review the FAQ section of bulletin MS04-O31 for
                information about these operating systems:
                - Microsoft Windows 98
                - Microsoft Windows 98 Second Edition (SE)
                - Microsoft Windows Millennium Edition (ME)

              - Impact: Remote Code Execution
              - Version Number: 1.0


Update Availability:
====================
An update is available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=35989

PGP Key Update:
===============
Please note the Microsoft Security Response Center has
generated a new PGP key. We use this key to sign all security
bulletin notifications and encourage others to use this key when
sending sensitive information to us. If you use PGP to verify the
digital signature on these bulletin notifications or to send
sensitive information to us, please update your copy of our key.

Our new key is available at:
https://www.microsoft.com/technet/security/bulletin/pgp.mspx

You can verify the fingerprint of our key at:
https://www.microsoft.com/technet/security/bulletin/pgp.mspx

A revoked copy of our former key is available at:
ldap://keyserver.pgp.com/

Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with security updates
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
  valuable information to help you protect your network. This
  newsletter provides practical security tips, topical security
  guidance, useful resources and links, pointers to helpful
  community resources, and a forum for you to provide feedback
  and ask security-related questions.
  You can sign up for the newsletter at:

  http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
  serves as a supplement to the Security Notification Service
  (this e-mail). It provides timely notification of any minor
  changes or revisions to previously released Microsoft Security
  Bulletins. This new service provides notifications that are
  written for IT professionals and contain technical information
  about the revisions to security bulletins.
  Visit http://www.microsoft.com to subscribe to this service:

  - Click on Subscribe at the top of the page.
  - This will direct you via Passport to the Subscription center.
  - Under Newsletter Subscriptions you can sign up for the
    "Microsoft Security Notification Service: Comprehensive Version".

* Join Microsoft's webcast for a live discussion of the technical
  details of these security bulletins and steps you can take
  to protect your environment. Details about the live webcast
  can be found at:
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032259702&
Culture=en-US
  The on-demand version of the webcast will be available 24 hours
  after the live webcast at:
http://msevents.microsoft.com/cui/eventdetail.aspx?EventID=1032259702&
Culture=en-US

* Protect your PC: Microsoft has provided information on how you
  can help protect your PC at the following locations:

  http://www.microsoft.com/security/protect/

  If you receive an e-mail that claims to be distributing a
  Microsoft security update, it is a hoax that may be distributing a
  virus. Microsoft does not distribute security updates through
  e-mail. You can learn more about Microsoft's software distribution
  policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:

* BindView
     (http://www.bindview.com)
     for reporting an issue described in MS04-029.

* Amit Klein and Sanctum Inc.
     (http://www.sanctuminc.com)
     for reporting an issue described in MS04-030.

* John Heasman of Next Generation Security Software Ltd.
     (http://www.nextgenss.com)
     for reporting an issue described in MS04-031.

* Brett Moore of Security-Assessment.com
     (http://www.security-assessment.com)
     for reporting an issue described in MS04-032.

* eEye Digital Security
     (http://www.eeye.com)
     for reporting an issue described in MS04-032.

* Patrick Porlan
     (porlan at free.fr) working with
  Mark Russinovich of Winternals Software
     (http://www.winternals.com)
     for reporting an issue described in MS04-032.

* hlt
     (hlt at dgap.mipt.ru)
     for reporting an issue described in MS04-032.

* Brett Moore of Security-Assessment.com
     (http://www.security-assessment.com)
     for reporting an issue described in MS04-033.

* eEye Digital Security
     (http://www.eeye.com)
     for reporting an issue described in MS04-034.

* Lucas Lavarello and Juliano Rizzo of Core Security Technologies
     (http://www.coresecurity.com)
     for reporting an issue described in MS04-036.

* Yorick Koster of ITsec Security Services
     (http://www.itsec-ss.nl) for working with us responsibly
     on an issue described in MS04-037.

* Roozbeh Afrasiabi
     (http://www.persiax.com) for working with us responsibly
     on an issue described in MS04-037.

* Greg Jones of KPMG UK
     (http://www.kpmg.co.uk) and
  Peter Winter-Smith of Next Generation Security Software Ltd.
     (http://www.nextgenss.com)
     for reporting an issue described in MS04-038.

* Mitja Kolsek of ACROS Security
     (http://www.acrossecurity.com)
     for reporting an issue described in MS04-038.

* John Heasman of Next Generation Security Software Ltd.
     (http://www.nextgenss.com)
     for reporting an issue described in MS04-038.

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************


- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQWwR34reEgaqVbxmAQIpdQ/+Ka9AQeYo0Xt6k+nZKpIQUu6uC4zfc0Bw
tWI0qHQhdwCoOUrCItpyPlxE4WTOSPErA5dlPcQV9CQeJYFD/ZrRO56Hv3K4b/N/
MKrJv9HNOR4xbepIwFHWrvb8ZC+ncwawmS/jSJTWjFcvUtfXmV9Y8LF7ALzyU/SX
afN2nYumyhqfWjS2Y6ePHUtT+bmUB5HNfmwQVYswnzRfXX/mxsW2QqFJ4jQHTrwG
5e7hjLqqrD8NKyF/ygBEwXAr1L8YBhQF1+6QaxN5T0DNtIvPf7YdzXTc3JuopGCR
FHN/3IwsxQX+fEL7Va4EgPK8KVWE5mLKgTuPMjT7ZU0ixwdI0wLpRmw6BMKjsOFS
9uH6Vi/fhK4dS/dm1dio2lqcDpQ7wdXwWYn8yUNmJuD8CzyVyIz9P1HCyb9dvo/j
dThrBjrdC2J8tZEDp1myMo/7fGMDDqNZpLHrtQb+GAcFgUE6QL6z6erXy0CsEQA0
w8m8DhfxGWsHNebYc7D681OiXDWLuWz5v+l7twkqTscS4Pur66rwWop+YCZHSttO
HQF3keMnHR+23kmDI3y/vm+EmfrbrtMEK3uIOUmHb264X0z3MqkqrUhU2w7QQat4
K1jIsDa5CIs81szYXJ+9gfgWBQwST+4MCY9X9xhddEqgWBvxjk3espUEZc9uiIhe
MtLklBRKWWg=
=2t9i
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBQW0lGCgU04YpslABAQH8GQf+MWauLwOhxzg0adM/TGDTUY66jwNyleSH
4eI7LaBxdS+V8BwA/d5exQFQ9Dbrr1n7axiIOz4jNwPpqsvyoTkO5T6R65Pnxknd
J90vGFyWw1v6UxbFrwzOa6/Ho99/8udMng2EiGTyXVKzkNIoq+hgdwS1eAQyfvj1
kfQGnVht8nRFlG9Tkz/EGI/3/aoEZDTgKzn1kfYo3cSuTm8khySuCIWiqSUQsI5F
XoGq/miQUHZ+E6zBQ77c02zTpe1XnetvYlkKfS7FVSl5QhEgTczQEFhsQD7m45rL
/lBMkEY2a0Xb1xLkuZJz5Ba7ETuENWoqor95ctCV84NXr26zX9yQnw==
=micw
-----END PGP SIGNATURE-----






More information about the Security-Announce mailing list