Microsoft Client Service for NetWare tree name buffer overflow

2006-11-16T00:00:00
ID SAINT:866F78907B0A26C8C60FB0A96361B13C
Type saint
Reporter SAINT Corporation
Modified 2006-11-16T00:00:00

Description

Added: 11/16/2006
CVE: CVE-2006-4688
BID: 20984
OSVDB: 30260

Background

The Client Service for NetWare, also known as the Gateway Service for NetWare, allows Windows users to access NetWare file, print, and directory services. It is available with Microsoft Windows operating systems but is not installed by default.

Problem

A buffer overflow vulnerability in the Client Service for NetWare allows remote attackers to execute arbitrary commands. On Windows 2000 and XP, the attacker does not need to authenticate in order to exploit this vulnerability.

Resolution

Install the update referenced in Microsoft Security Bulletin 06-066.

References

<http://www.microsoft.com/technet/security/bulletin/MS06-066.mspx>

Limitations

Exploit works on Windows 2000 SP4 if the Client Service for NetWare is installed and running.

Platforms

Windows 2000