OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: Wed Jul 24 2002 - 19:00:23 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    http://www.microsoft.com/technet/security/bulletin/MS02-036.asp

    Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138)

    Originally posted: July 24, 2002

    Summary

    Who should read this bulletin: System administrators running Microsoft® Metadirectory Services 2.2

    Impact of vulnerability: Elevation of privilege.

    Maximum Severity Rating: Moderate

    Recommendation: MMS administrators should apply the patch immediately.

    Affected Software:
    - Microsoft Metadirectory Services 2.2

    Technical description:

    Microsoft Metadirectory Services (MMS) is a centralized metadirectory service that provides connectivity, management, and interoperability functions to help unify fragmented directory and database environments. It enables enterprises to link together disparate data repositories such as Exchange directory, Active Directory, third-party directory services, and proprietary databases, for the purpose of ensuring that the data in each is consistent, accurate, and can be centrally managed

    A flaw exists that could enable an unprivileged user to access and manipulate data within MMS that should, by design, only be accessible to MMS administrators. Specifically, it is possible for an unprivileged user to connect to the MMS data repository via an LDAP client in such a way as to bypass certain security checks. This could enable an attacker to modify data within the MMS data repository, either for the purpose of changing the MMS configuration or replicating bogus data to the other data repositories.

    Mitigating factors:
    - If normal security practices have been followed, the vulnerability could not be exploited from the Internet.
    - The vulnerability could only be exploited by an attacker who had significant technical expertise at a protocol level. The vulnerability does not provide access to MMS itself, but rather to the MMS data repository. Determining what data to change - and how to change it - in order to cause a desired effect could be quite difficult
    - A successful attack would require a detailed understanding of the specific way MMS had been configured, as well as information about all of the other directories and database it was being used to manage. It is likely that the vulnerability could only be exploited by an attacker who had insider knowledge about the enterprise.

    Vulnerability identifier: CVE-CAN-2002-0697

    This email is sent to NTBugtraq automatically as a service to my subscribers. Since its programmatically created, and since its been a long time since anyone paid actual money for my programming skills, it may or may not look that good...;-]

    I can only hope that the information it does contain can be read well enough to serve its purpose.

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor