Microsoft Home
   Alle Produkte   |   Support   |   Suche   |   Microsoft.com Guide  
Microsoft.com Home Page
  Home     Knowledge Base Suche     Produktauswahl     Downloads     Newsgroups     Kontakt  
  Seite empfehlen   
  Drucken   
  Hilfe   


An Unchecked Buffer in the SNMP Service May Allow Code to Run (Q314147)


The information in this article applies to:

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows versions 2000 , 2000 SP1 , 2000 SP2 , Professional
  • Microsoft Windows versions 2000 , 2000 SP1 , 2000 SP2 , Server
  • Microsoft Windows versions 2000 , 2000 SP1 , 2000 SP2 , Advanced Server
  • Microsoft Windows NT Server versions 4.0 , 4.0 SP1 , 4.0 SP2 , 4.0 SP3 , 4.0 SP4 , 4.0 SP5 , 4.0 SP6a
  • Microsoft Windows NT Server, Enterprise Edition versions 4.0 , 4.0 SP4 , 4.0 SP5 , 4.0 SP6a
  • Microsoft Windows NT Workstation versions 4.0 , 4.0 SP1 , 4.0 SP2 , 4.0 SP3 , 4.0 SP4 , 4.0 SP5 , 4.0 SP6a
  • Microsoft Windows NT Server versions 4.0 , 4.0 SP4 , 4.0 SP5 , 4.0 SP6 , , Terminal Server Edition
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows 98
  • Microsoft Windows 95



SYMPTOMS

If you install the Simple Network Management Protocol (SNMP) service and the service is running on your computer, a malicious user may be able to cause a denial-of-service attack on your computer and the malicious user may be able to run code on your computer.

NOTES :

  • The SNMP service is neither installed nor running by default in any version of Windows.


  • Standard firewall hardware and software products and practices recommend that you block the port over which SNMP runs (User Datagram Protocol [UDP] ports 161 and 162). If you use these practices or recommendations, this vulnerability may only occur if the malicious user and computer are on an intranet.


  • Standard security practices recommend that you do not use SNMP except on trusted networks because the SNMP protocol, by design, provides minimal security.



CAUSE

This vulnerability occurs because the component of the SNMP agent service that parses incoming commands contains an unchecked buffer. If a malicious user sends a specific request, the malicious user could cause a buffer overrun attack on the type of computer that is described in the "Symptoms" section in this article.


RESOLUTION

To resolve this vulnerability, view one of the following sections, depending on your operating system.

Windows XP Professional and Windows XP Home Edition

A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems that are determined to be at risk of attack. Please evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. Please see the associated Microsoft Security Bulletin to help make this determination. This fix may receive additional testing at a later time, to further ensure product quality. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now. Otherwise, wait for the next Windows XP service pack that contains this fix.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp
NOTE : In special cases, charges that are normally incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. Normal support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following file is available for download from the Microsoft Download Center:
[GRAPHIC: 
Download
] Download Q314147_wxp_sp1_x86_enu.exe now
Release Date: February 15, 2002

For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

The English-language version of this fix should have the following file attributes or later:
   Date         Time   Version      Size    File name
   ----------------------------------------------------
   12-Feb-2002  22:02  5.1.2600.28  29,696  Snmp.exe
   12-Feb-2002  22:03  5.1.2600.28  16,896  Snmpapi.dll
   02-Nov-2001  16:50  5.1.2600.17   3,584  Spmsg.dll
   12-Feb-2002  22:02  5.1.2600.28  39,424  Wsnmp32.dll

back to the top

Windows 2000 Professional, Windows 2000 Server, and Windows 2000 Advanced Server

A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems that are determined to be at risk of attack. Please evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. Please see the associated Microsoft Security Bulletin to help make this determination. This fix may receive additional testing at a later time, to further ensure product quality. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now. Otherwise, wait for the next Windows 2000 service pack that contains this fix.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp
NOTE : In special cases, charges that are normally incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. Normal support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following file is available for download from the Microsoft Download Center:
[GRAPHIC: 
Download
] Download Q314147_w2k_sp3_x86_en.exe now
Release Date: February 15, 2002

For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

The English-language version of this fix should have the following file attributes or later:
   Date         Time   Version        Size    File name
   ------------------------------------------------------
   25-Jan-2002  13:02  5.0.2195.4874  90,384  Evntwin.exe
   09-Feb-2002  11:56  5.0.2195.4919  30,480  Snmp.exe

back to the top

Windows NT 4.0; Windows NT Server 4.0, Terminal Server Edition; Windows 98 Second Edition; Windows 98; Windows 95

This article will be updated when patches for these products are available.

back to the top


WORKAROUND

The following file is available for download from the Microsoft Download Center:

[GRAPHIC: 
Download
] Download the Windows 2000 and Windows XP Group Policy Object tool now
Release Date: Feb-15-2002

For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

NOTE : The Windows 2000 and Windows XP Group Policy Object tool is automatically installed in the location of the default domain Group Policy object (GPO), \\ Volume \Domain\Policies\ GPO_GUID \Machines\Scripts\Startup. For the installation to work correctly, you must install this tool on the domain controller. This tool applies a policy so that individual computers in the domain do not automatically start the SNMP service.


STATUS

Windows XP Professional and Windows XP Home Edition

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Windows XP Professional and Windows XP Home Edition.

Windows 2000 Professional, Windows 2000 Server, and Windows 2000 Advanced Server

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Windows 2000 Professional, Windows 2000 Server, and Windows 2000 Advanced Server.

Windows NT 4.0

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft Windows NT 4.0.

Windows NT Server 4.0, Terminal Server Edition

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft Windows NT Server 4.0, Terminal Server Edition.

Windows 98 Second Edition

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft Windows 98 Second Edition.

Windows 98

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft Windows 98.

Windows 95

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft Windows 95.


MORE INFORMATION

For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms02-006.asp


Published Feb 14 2002 5:32PM Issue Type kbbug
Last Modifed Feb 15 2002 3:25PM Additional Query Words security_patch
Keywords kbSecurity kbWinNT400PreSP7Fix kbWin2000PreSP3Fix kbWinXPpreSP1fix

COMMENTS?

If you would like to briefly comment on this article, you can enter your remarks in the space below (up to 255 characters).


Submit Comments

Seite empfehlen  | Drucken  | Hilfe 
 © 2002 Microsoft Corporation. Alle Rechte vorbehalten. Rechtliche Hinweise.  Informationen zur Datensicherheit