Reported November 1, 2000 by Microsoft

VERSIONS AFFECTED
  • Network Monitor Software
  • Windows NT 4.0 Server
  • Windows NT 4.0 Workstation
  • Windows NT 4.0 Terminal Server
  • Windows 2000 Server
  • Windows 2000 Advanced Server
  • Windows 2000 Datacenter Server
  • Systems Management Server 1.2
  • Systems Management Server 2.0

DESCRIPTION

Microsoft has released a security bulletin and patch to address a security vulnerability that could allow a malicious user to gain control of an affected server.

Network Monitor, shipped with SMS Server 1.2, 2.0 and Windows 2000 Server versions, contains a protocol parser that aids in interpreting and analyzing previously captured network data.  If a malicious user was to send a specially crafted frame to a server that was monitoring network traffic it would cause an overflow that would cause Network Monitor to crash and allow the malicious user to launch arbitrary commands. 

VENDOR RESPONSE

Microsoft has released a security bulletin, MS00-0083.  Multiple patches are also available; 

Microsoft Windows NT 4.0 Server and Windows NT 4.0 Server,

Enterprise Edition:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25487

Microsoft Windows NT 4.0 Server, Terminal Server Edition:

To be released shortly.

- Microsoft Windows 2000 Server, Advanced Server and

Datacenter Server:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25485

Microsoft Systems Management Server 1.2:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25505

Microsoft Systems Management Server 2.0:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25514

CREDIT
Discovered by NAI Labs, and ISS X-Force