OSVDB ID: 5250

Title: Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow

Info

Disclosure
Apr 13, 2004

Discovery
Unknown

Dates

Exploit
Apr 23, 2004

Solution
Unknown

Description

 A remote overflow exists in the Microsoft Windows SSL library. The library fails to verify a field length during PCT 1.0 protocol negotiation. Any application which negotiates SSL using the Windows API may be vulnerable to this attack. With a specially crafted request, an attacker can execute arbitrary code with LocalSystem privileges, resulting in a loss of integrity.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Solution

 Apply the appropriate patch for your operation system. It is also possible to correct the flaw by implementing the following workaround(s): 1. Open the Registry Editor. 2. Locate the following key: HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server 3. In the Edit menu, click Add Value. 4. In the Data Type drop-down list, choose REG_BINARY. 5. In the Value Name text box, type "Enabled" (without the quotation marks) and click OK. 6. In the Binary Editor, set the new keys value to equal 0 by entering the following string: 00000000. 7. Click OK and then restart the computer.

Products

Microsoft Corporation

Windows

 2000
2003
95
98
ME
NT 4.0
XP

References

Credit
  • Mark Dowd - Avertavertlabs.com - McAfee Avert(tm) Labs
  • Neel Mehta -   -


Direct URL: http://osvdb.org/5250