Lucene search

K
saintSAINT CorporationSAINT:1D7E67060955F559948FA02D8C40504D
HistoryNov 27, 2006 - 12:00 a.m.

Windows Workstation service NetpManageIPCConnect buffer overflow

2006-11-2700:00:00
SAINT Corporation
my.saintcorporation.com
36

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.964

Percentile

99.6%

Added: 11/27/2006
CVE: CVE-2006-4691
BID: 20985
OSVDB: 30263

Background

The Windows Workstation service routes network requests for file or printer resources.

Problem

A buffer overflow in the NetpManageIPCConnect function in the Windows Workstation service allows command execution when a domain join request causes communication with a malicious domain controller.

Resolution

Install the patch referenced in Microsoft Security Bulletin 06-070.

References

http://www.kb.cert.org/vuls/id/778036
http://archives.neohapsis.com/archives/bugtraq/2006-11/0245.html

Limitations

Exploit works on Windows 2000 Service Pack 4. The SAINTexploit host must be able to bind to ports 53/UDP and 389/UDP.

Exploit requires the target to be configured to use the SAINTexploit host as its DNS server. Since this situation is unlikely to exist in the real world, this exploit is probably more useful as a proof of concept than a penetration test.

Platforms

Windows

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.964

Percentile

99.6%