-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief April 13, 2004
Microsoft SSL Library Remote Compromise Vulnerability Synopsis: ISS X-Force has discovered a remotely exploitable buffer overflow condition in the Microsoft Secure Sockets Layer (SSL) library. SSL is an encryption technology commonly used to secure Web and email communications. A buffer overflow condition occurs when processing PCT 1.0 handshake packets that can lead to remote, privileged compromise of affected Windows installations. Impact: If any SSL-enabled services are present, and both the PCT 1.0 and SSL 2.0 protocols are enabled, remote attackers may exploit the buffer overflow condition to execute arbitrary code on vulnerable Windows server installations. This code would run with local system privileges. The protocols necessary for remote exploitation are enabled by default in Windows 2000 and Windows NT version 4. Common vectors for exploitation might include Internet Information Server (IIS), Exchange Server, Active Directory, and potentially any software making use of the Microsoft SSL library including unlisted third-party software. The severity of this vulnerability is compounded by the fact that SSL is most often used to secure communications involving confidential or valuable financial information, and that Firewalls and packet filtering alone will not be able to stop attacks. X-Force believes that hackers will aggressively target this vulnerability given the high-value nature of Web sites protected by SSL. Affected Versions: Microsoft Windows 2000 up to and including SP4 Microsoft Windows NT version 4 up to and including SP6a Microsoft Windows XP up to SP1 Note: The SSL library included in Windows Server 2003 contains the vulnerability. However, the PCT 1.0 protocol is disabled by default. For the complete ISS X-Force Security Advisory, please visit: http://xforce.iss.net/xforce/alerts/id/168 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2004 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email [EMAIL PROTECTED] for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force [EMAIL PROTECTED] of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBQHwhGjRfJiV99eG9AQG/KgP/TFTJjzZg/5lrX52D67Rh2JMrjSC4Sp5F Qst/LElSiE0jFaZDFDWLMJnpovZOvzDknH0U+4Hy7FrYiUSvNz+2F4ktBsFwjjFs F0sGJ1u/97MWbViRpPLY6iaw+N27RY5jmoa2E2pq57Ys/piQGY3Cvj/7/Xky1HTx Qh/gD9Z4iKs= =X1Px -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
