MS05-046: Client Service for Netware

By Steven
in Back Page News

 Share

Recommended Posts

Grand Master

Steven

Posted
Posted

Microsoft Security Bulletin MS05-046

Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)

Published: October 11, 2005

Version: 1.0

Summary

Who should read this document: Customers who use the Client or Gateway Service for NetWare

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should apply the update at the earliest opportunity.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

? Microsoft Windows 2000 Service Pack 4 ? Download the update

? Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 ? Download the update

? Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 ? Download the update

Non-Affected Software:

? Microsoft Windows XP Professional x64 Edition

? Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

? Microsoft Windows Server 2003 x64 Edition

? Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

? Windows Services for Netware

The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Executive Summary:

This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Client Service for NetWare (CSNW). By default, CSNW is not installed on any affected operating system version. Only customers who manually installed CSNW could be vulnerable to this issue. The vulnerability is documented in the ?Vulnerability Details? section of this bulletin. This service is also called Gateway Service for NetWare on Windows 2000 Server.

An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

We recommend that customers apply the update at the earliest opportunity.

http://www.microsoft.com/technet/security/...n/MS05-046.mspx

Link to comment
https://www.neowin.net/forum/topic/383925-ms05-046-client-service-for-netware/
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.