Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS05-046 Client Service for NetWare Vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS05-046 Client Service for NetWare Vulnerability
MS05-046 affects "Customers who use the Client or Gateway Service for NetWare" using Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 1, XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1.

The update "resolves a newly-discovered, privately-reported vulnerability", MS rates it Important, and MS says update at your "earliest opportunity".

I rate it "Critical", test and deploy this update ASAP. One reason is that Microsoft notes "CSNW is commonly associated with the Internetwork Packet Exchange (IPX) and Sequenced Packet Exchange (SPX) protocols. However, CSNW could be exploited by using any installed protocol".

In the MS list of workarounds, one reasonable workaround is "Block TCP ports 139 and 445 at the firewall" and "use a personal firewall". An unreasonable workaround is that MS says you can remove CSNW.

CVE CAN-2005-1985 is "(under review)" and "Reserved" so far.

NOT AFFECTED - Microsoft Windows XP Professional x64 Edition, Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with SP1 for Itanium-based Systems, Windows Server 2003 x64 Edition, Windows 98, Windows 98 Second Edition (SE), and Windows Millennium Edition (ME).

http://www.microsoft.com/technet/security/Bulletin/MS05-046.mspx
Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!