Signature Detail

NNTP: XPAT Pattern Overflow

This signature detects attempts to exploit a known vulnerability in Microsoft NNTP servers. Attackers can send an xpat command with an overly long pattern to overflow the buffer in the NNTP server and gain complete control of the target system.

Extended Description

The Microsoft Network News Transfer Protocol (NNTP) Component is prone to a buffer overflow condition. Successful exploitation of this vulnerability could allow remote code execution in the context of the process accessing the vulnerable component.

Affected Products

• Avaya DefinityOne Media Servers
• Avaya IP600 Media Servers
• Avaya Modular Messaging (MSS) 1.1.0
• Avaya Modular Messaging (MSS) 2.0.0
• Avaya S3400 Message Application Server
• Avaya S8100 Media Servers
• Microsoft Exchange Server 2000 SP1
• Microsoft Exchange Server 2000 SP2
• Microsoft Exchange Server 2000 SP3
• Microsoft Exchange Server 2000
• Microsoft Exchange Server 2003 SP1
• Microsoft Exchange Server 2003
• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2000 Server
• Microsoft Windows NT Enterprise Server 4.0
• Microsoft Windows NT Enterprise Server 4.0 SP1
• Microsoft Windows NT Enterprise Server 4.0 SP2
• Microsoft Windows NT Enterprise Server 4.0 SP3
• Microsoft Windows NT Enterprise Server 4.0 SP4
• Microsoft Windows NT Enterprise Server 4.0 SP5
• Microsoft Windows NT Enterprise Server 4.0 SP6
• Microsoft Windows NT Enterprise Server 4.0 SP6a
• Microsoft Windows NT Server 4.0
• Microsoft Windows NT Server 4.0 SP1
• Microsoft Windows NT Server 4.0 SP2
• Microsoft Windows NT Server 4.0 SP3
• Microsoft Windows NT Server 4.0 SP4
• Microsoft Windows NT Server 4.0 SP5
• Microsoft Windows NT Server 4.0 SP6
• Microsoft Windows NT Server 4.0 SP6a
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition

References

• BugTraq: 11379
• CVE: CVE-2004-0574
• URL: http://www.microsoft.com/technet/security/Bulletin/MS04-036.mspx
• URL: http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10