Microsoft KB Archive/329209

= MS02-057: Flaw in Services for UNIX 3.0 Interix SDK Can Allow Code Execution =

Article ID: 329209

Article Last Modified on 3/29/2007

-

APPLIES TO


 * Microsoft Windows Services for UNIX 3.0 Standard Edition

-



This article was previously published under Q329209



SYMPTOMS
All three vulnerabilities that are discussed in this article involve the inclusion of the Sun remote procedure call (RPC) library in Microsoft's Services for UNIX 3.0 on the Interix Software Development Kit (SDK). Developers who created applications or utilities by using the Sun RPC library from the Interix SDK must evaluate three vulnerabilities.

Windows Services for UNIX 3.0 provides a full range of cross-platform services to integrate Windows into existing UNIX environments. In version 3.0, the Interix subsystem technology is built in so that Windows Services for UNIX 3.0 can provide platform interoperability and application migration in one fully integrated and supported product from Microsoft. Developers who have integrated Windows into their existing UNIX environments may have used the Interix SDK to develop custom applications and utilities so that applications that only ran on the UNIX platform can now run in a Windows environment. Developers who used the Interix SDK to develop applications or utilities should read the bulletin that is referenced later in this article.

The first vulnerability is an integer overflow in the XML-Data Reduced (XDR) library that is included with the Sun RPC library on the Interix SDK for Microsoft's Services for Unix 3.0. An attacker can send a malicious RPC request to the RPC server from a remote computer and cause corruption in the server program. This can cause the server to fail and potentially allow the attacker to run code of his or her choice in the context of the server program.

The second vulnerability is a buffer overrun. An attacker can send a malicious RPC request to the RPC server with an incorrect parameter size check. This can lead to a buffer overrun, causing the server to fail and preventing it from servicing any more requests from clients.

The third vulnerability is an RPC implementation error. An application that uses the Sun RPC library does not correctly determine the size of client Transmission Control Protocol (TCP) requests. This can result in a denial of service to a server application that uses the Sun RPC library. The RPC library expects client TCP requests to specify the size of the record that follows. Because there is a flaw in the way RPC detects client packets, an attacker can send a malformed RPC request to the RPC server from a remote computer and cause the server to fail by not servicing any more client requests.

After you apply the patch, you must recompile any Interix application that is statically linked with the Interix SDK Sun RPC library.



RESOLUTION
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that you determine are at risk of attack. Evaluate the computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to the computer. See the associated Microsoft Security Bulletin to help determine the degree of risk. This hotfix may receive additional testing. If the computer is sufficiently at risk, we recommend that you apply this hotfix now.

To resolve this problem immediately, download the hotfix by following the instructions later in this article or contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Download Information
The following file is available for download from the Microsoft Download Center:

All languages: Download the Q329209 package now

Release Date: October 2, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation Information
This update can be installed on computers that are running Microsoft Windows XP, Windows 2000, or Microsoft Windows NT 4.0 Service Pack 6a (SP6a). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack

You do not have to restart your computer after you apply this update. This update supports the following Setup switches:
 * /y: Perform uninstall (only with -m or -q).
 * /f: Force programs to be closed at shutdown.
 * /n: Do not create an Uninstall folder.
 * /z: Do not restart when update completes.
 * /q: Run in Quiet or Unattended mode with no user interface (this switch is a superset of -m).
 * /m: Run in Unattended mode with a user interface.
 * /l: List installed hotfixes.
 * /x: Extract the files without running Setup.

For example, to install the update without any user intervention, and then to not force the computer to restart, use the following command line:

q329209_sfu_3_x86_en /q /z

WARNING: Your computer is vulnerable until you restart it.

File Information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

  Date         Time   Size    File name --  09-Aug-2002  18:56  82,338  Librpclib.a   09-Aug-2002  18:56  69,991  Librpclib.so.3 NOTE: Because of file dependencies, this update may contain additional files.



STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
For more information about these vulnerabilities, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS02-057.mspx

Additional query words: security_patch

Keywords: kbhotfixserver kbqfe kbdswsfu2003swept kbbug kbfix kbqfe KB329209

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.