NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q3

[sec-adv] Windows NetMeeting Directory Traversal Vulnerability

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Jul 02 2003 - 13:08:57 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Windows NetMeeting Directory Traversal Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9170/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:

Microsoft Windows XP Professional
Microsoft Windows XP Home Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server

SOFTWARE:
Windows NetMeeting 3.x

DESCRIPTION:
A vulnerability has been identified in Windows NetMeeting, which can
be exploited by malicious people to overwrite arbitrary files on a
user's system with the privileges of the user.

The vulnerability is caused due to an input validation error in the
file transfer functionality. By specifying a filename starting with
the character sequence "..\", it is possible to traverse out of the
directory used to receive files. This could potentially overwrite
other files on a user's system, which may result in execution of
arbitrary code.

The vulnerability has been reported in version 3.01 (4.4.3385).
However, other versions may also be vulnerable.

SOLUTION:
Reportedly, the vulnerability has been fixed in Windows 2000 SP4 and
Windows XP SP1.

Windows 2000 Service Pack 4:
http://www.microsoft.com/Windows2000/downloads/servicepacks/sp4/

Windows XP (Professional and Home edition) Service Pack 1:
http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/

REPORTED BY / CREDITS:
Hernán Ochoa, Gustavo Ajzenman, Javier Garcia Di Palma, and Pablo
Rubinstein (Core Security Technologies).

ORIGINAL ADVISORY:
http://www.coresecurity.com/common/showdoc.php?idx=352&idxseccion=10

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]