1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. MS IIS PCT SSL Exploit Attempt

MS IIS PCT SSL Exploit Attempt

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a vulnerability in the PCT (Private Communications Transport) protocol.

Additional Information

Various Microsoft Windows operating systems are prone to a remotely exploitable buffer overrun via the PCT (Private Communications Transport) protocol. PCT is included as part of the SSL library and was developed as an alternative to SSL 2.0, though it has been largely superseded by SSL 3.0.

The source of the vulnerability is insufficient bounds checking of parameters in TCP packets that are received by an SSL-enabled service such as IIS, Exchange Server or Analysis Services 2000. When the malformed parameters are handled by the underlying operating system library, a stack-based buffer overrun may occur. Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system, resulting in full system compromise.

The vulnerability may also reportedly be exploitable by a local user who passes malicious parameters to the vulnerable component interactively or through another application.

This issue is reported to only affect systems that have SSL enabled but could also affect Windows 2000 Domain Controllers under some circumstances. For Windows Server 2003, PCT must be manually enabled in addition to enabling SSL support to be affected. Reportedly, both PCT 1.0 and SSL 2.0 must be enabled for successful exploitation.

Affected

  • Avaya DefinityOne Media Servers
  • Avaya IP600 Media Servers
  • Avaya S3400 Message Application Server
  • Avaya S8100 Media Servers
  • Microsoft Windows 2000 Advanced Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Datacenter Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Professional SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Server SP1, SP2, SP3, SP4
  • Microsoft Windows NT Enterprise Server 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows NT Server 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows NT Terminal Server 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6
  • Microsoft Windows NT Workstation 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4, 4.0 SP5, 4.0 SP6, 4.0 SP6a
  • Microsoft Windows Server 2003 Datacenter Edition
  • Microsoft Windows Server 2003 Datacenter Edition Itanium
  • Microsoft Windows Server 2003 Enterprise Edition
  • Microsoft Windows Server 2003 Enterprise Edition Itanium
  • Microsoft Windows Server 2003 Standard Edition
  • Microsoft Windows Server 2003 Web Edition
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP 64-bit Edition Version 2003 SP1
  • Microsoft Windows XP Home SP1

Response

Avaya has released an advisory to announce that Avaya System Products shipping on Microsoft platforms are also affected by this vulnerability. Avaya advise that customers follow the Microsoft recommendations for the resolution of this issue. The aforementioned advisory can be viewed at the following location:
Avaya Support ASA-2004-005

Microsoft has released fixes to address this issue.

US-CERT has released an advisory TA04-104A to address this and other issues. Please see the referenced advisory for more information.


Microsoft Windows 2000 Advanced Server SP2:
Microsoft Patch Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows 2000 Advanced Server SP3:
Microsoft Patch Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows 2000 Advanced Server SP4:
Microsoft Patch Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows 2000 Professional SP2:
Microsoft Patch Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows 2000 Professional SP3:
Microsoft Patch Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows 2000 Professional SP4:
Microsoft Patch Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows 2000 Server SP2:
Microsoft Patch Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows 2000 Server SP3:
Microsoft Patch Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows 2000 Server SP4:
Microsoft Patch Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en

Microsoft Windows NT Enterprise Server 4.0 SP6a:
Microsoft Patch Security Update for Windows NT Server 4.0 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=67A6F461-D2FC-4AA0-957E-3B8DC44F9D79&displaylang=en

Microsoft Windows NT Server 4.0 SP6a:
Microsoft Patch Security Update for Windows NT Server 4.0 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=67A6F461-D2FC-4AA0-957E-3B8DC44F9D79&displaylang=en

Microsoft Windows NT Terminal Server 4.0 SP6:
Microsoft Patch Security Update for Windows NT Server, Terminal Server Edition (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=62CBA527-A827-4777-8641-28092D3AAE4F&displaylang=en

Microsoft Windows NT Workstation 4.0 SP6a:
Microsoft Patch Security Update for Windows NT Workstation 4.0 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=7F1713FC-F95C-43E5-B825-3CF72C1A0A3E&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition:
Microsoft Patch Security Update for Windows Server 2003 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition 64-bit:
Microsoft Patch Security Update for Windows Server 2003 64 Bit Edition and Windows XP 64 Bit Edition Version 2003 (
http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft Windows Server 2003 Standard Edition:
Microsoft Patch Security Update for Windows Server 2003 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en

Microsoft Windows Server 2003 Web Edition:
Microsoft Patch Security Update for Windows Server 2003 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en

Microsoft Windows XP 64-bit Edition SP1:
Microsoft Patch Security Update for Windows XP 64 Bit Edition (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=C6B55EF2-D9FE-4DBE-AB7D-73A20C82FF73&displaylang=en

Microsoft Windows XP 64-bit Edition Version 2003:
Microsoft Patch Security Update for Windows Server 2003 64 Bit Edition and Windows XP 64 Bit Edition Version 2003 (
http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft Windows XP 64-bit Edition Version 2003 SP1:
Microsoft Patch Security Update for Windows Server 2003 64 Bit Edition and Windows XP 64 Bit Edition Version 2003 (
http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en

Microsoft Windows XP Home:
Microsoft Patch Security Update for Windows XP (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en

Microsoft Windows XP Home SP1:
Microsoft Patch Security Update for Windows XP (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube