[prev in list] [next in list] [prev in thread] [next in thread]
List: ntbugtraq
Subject: Alert: Microsoft Security Bulletin - MS03-016
From: Russ <Russ.Cooper () RC ! ON ! CA>
Date: 2003-04-30 17:01:21
[Download RAW message or body]
http://www.microsoft.com/technet/security/bulletin/MS03-016.asp
Cumulative Patch for BizTalk Server (815206)
Originally posted: April 30, 2003
Summary
Who should read this bulletin: Systems Administrators using Microsoft BizTalk 2000 \
Server and BizTalk 2002 Server
Impact of vulnerability: Two vulnerabilities, the most serious of which could allow \
an attacker to run code of their choice
Maximum Severity Rating: Important
Recommendation: Systems Administrators using Microsoft BizTalk should consider \
applying the patch.
Affected Software:
- Microsoft BizTalk Server 2000
- Microsoft BizTalk Server 2002
Technical description:
Microsoft BizTalk Server is an Enterprise Integration product that allows \
organizations to integrate applications, trading partners, and business processes. \
BizTalk is used in intranet environments to transfer business documents between \
different back-end systems as well as extranet environments to exchange structured \
messages with trading partners. This patch addresses two newly reported \
vulnerabilities in BizTalk Server.
The first vulnerability affects Microsoft BizTalk Server 2002 only. BizTalk Server \
2002 provides the ability to exchange documents using the HTTP format. A buffer \
overrun exists in the component used to receive HTTP documents - the HTTP receiver - \
and could result in an attacker being able to execute code of their choice on the \
BizTalk Server.
The second vulnerability affects both Microsoft BizTalk Server 2000 and BizTalk \
Server 2002. BizTalk Server provides the ability for administrators to manage \
documents via a Document Tracking and Administration (DTA) web interface. A SQL \
injection vulnerability exists in some of the pages used by DTA that could allow an \
attacker to send a crafted URL query string to a legitimate DTA user. If that user \
were to then navigate to the URL sent by the attacker, he or she could execute a \
malicious embedded SQL statement in the query string.
Mitigating factors:
HTTP Receiver Buffer Overflow
- The HTTP Receiver is only present in Microsoft BizTalk Server 2002. BizTalk Server \
2000 is not affected by this vulnerability.
- The HTTP receiver is not enabled by default. HTTP must be explicitly enabled as a \
receive transport during the setup of a BizTalk site.
- If the vulnerability was exploited to run arbitrary code, the code would run in the \
security context of the IIS Server. If the IIS Server is running under a user \
account, the attacker's permissions will be limited to those of this user account.
DTA SQL Injection
- DTA users by default are not highly privileged SQL users such as database owners, \
since they are only required to be members of "BizTalk Server Report Users" security \
group in order to use DTA web interface. In this case, a successful attacker's \
permissions on the SQL Server will be restricted.
Vulnerability identifiers:
- HTTP Receiver Buffer Overflow: CAN-2003-0117
- DTA SQL Injection: CAN-2003-0118
This email is sent to NTBugtraq automatically as a service to my subscribers. (v1.18)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Have you discovered a security vulnerability related to Windows or a
commercial product which runs on Windows?
Need assistance crafting the format or translating your advisory to English?
Need to verify it, or having problems contacting the Vendor?
Contact mailto:Advisories@NTBugtraq.com
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic