Overview
Microsoft Windows NT 4.0 Terminal Server contains a buffer overflow that could allow an intruder to execute arbitrary code with the privileges of an administrator.
Description
There is a buffer overflow in the code that processes the username (specifically in RegAPI.DLL) in Microsoft Windows NT 4.0 Terminal Server. This allows an intruder to submit a specially crafted username in such a way as to cause Terminal Server to execute code of the intruder's choosing. The intruder does not need to have a valid username or password; anyone with access to port 3389/TCP can exploit this vulnerability. |
Impact
Intruders can execute arbitrary code with the privileges of a logged in administrator. Additionally, an intruder who can log in locally can cause Terminal Server to crash. |
Solution
Apply a patch as described in http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q277910/default.asp. |
You may also with to block access to port 3389/TCP to reduce your exposure to this vulnerability. This does not eliminate the vulnerability, but it does reduce the number of people who can exploit it. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered by Bruno Acselrad of CORE SDI S.A., Buenos Aires, Argentina.
This document was written by Shawn V. Hernan.
Other Information
| CVE IDs: | CVE-2000-1149 |
| Severity Metric: | 16.88 |
| Date Public: | 2000-11-08 |
| Date First Published: | 2001-08-15 |
| Date Last Updated: | 2001-08-15 04:29 UTC |
| Document Revision: | 6 |