HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-163
Microsoft Windows IPP Service Integer Overflow Vulnerability

Original Issue Date:October 16, 2008

Severity Rating: Medium

Systems Affected

  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2003 Datacenter Edition
  • Microsoft Windows Server 2003 Enterprise Edition
  • Microsoft Windows Server 2003 Standard Edition
  • Microsoft Windows Server 2003 Web Edition
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional

Overview

A vulnerability has been reported in Microsoft Windows that could be exploited by a remote attacker to disclose potentially sensitive information in the context of logged in user.

Description

 Internet Printing Protocol (IPP) is an Internet protocol that allows universal solutions to print documents and learn the status of print jobs from the Internet via HTTP. IPP will be transferred using the HTTP/1.1 protocol because it has the ability to perform multiple transfers over a single TCP connection. The IPP function is implemented as an ISAPI extension for IIS.

ISAPI (Internet Services Application Programming Interface) is a technology that enables web developers to extend the functionality of their web servers by writing custom code that provides new services for a web server.

This vulnerability is caused due to an integer overflow error in the Microsoft Internet Printing Protocol (IPP) when processing IPP responses. An attacker could exploit this vulnerability by creating specially crafted HTTP “POST” response and send request to a vulnerable web server that would cause the server to connect to a machine controlled by the attacker acting as a printer using IPP. Successful exploitation could allow an authenticated attacker to perform remote code execution in user context on affected IIS servers.

Workarounds

  • Disable the IPP Service
  • Run the IIS Lockdown Tool 2.1

For detailed steps and impact of applying these workarounds refer to Microsoft security Bulletin MS08-062

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-062

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-062.mspx

References

 FrSIRT
http://www.frsirt.com/english/advisories/2008/2813

SecurityFocus
http://www.securityfocus.com/bid/31682

Secunia
http://secunia.com/advisories/32248/

SecurityTracker
http://securitytracker.com/alerts/2008/Oct/1021048.html

CVE Name
CVE-2008-1446

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003