Description

Download Security Update 2 Release Notes (PDF)

This security update can only be downloaded using the LiveUpdate feature of Symantec NetRecon 3.6.

SU2 is a content update for Symantec NetRecon 3.6 that introduces 9 new vulnerability checks and one new exposure. Symantec NetRecon checks for the Windows 2000 ntdll.dll buffer overflow vulnerability, four additional Microsoft SQL Server vulnerabilities, as well as the sendmail header processing buffer overflow. Several SQL Server vulnerability checks have also been renamed.

For more information on the sendmail header processing buffer overflow, please refer to http://securityresponse.symantec.com/avcenter/security/Content/3.3.2003.html.

New Vulnerability Checks

• Microsoft Windows 2000 ntdll.dll Buffer Overflow Vulnerability
  
  The Windows ntdll.dll system component is vulnerable to a buffer overrun when passed data from certain functions; remote code execution is possible. The Windows 2000 library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the RtlDosPathNameToNtPathName_U function and may be exploited through other programs that use the library if an attack vector permits it. One of these programs is the implementation of WebDAV that ships with IIS. The vector allows for the vulnerability in ntdll.dll to be exploited by a remote attacker.
  
  
• Microsoft Data Access Components RDS Buffer Overflow Vulnerability
  
  MDAC contains a buffer overflow that could lead to arbitrary code execution in MSIE and on vulnerable IIS servers.
  
  
• Microsoft Windows Locator Service Buffer Overflow Vulnerability
  
  The Locator service for Windows domain controller systems is prone to a buffer overflow condition. Arbitrary code execution is possible.
  
  
• Microsoft SQL Server SQLXML Buffer Overflow Vulnerability
  
  Attackers can initiate SQL Server 2000 buffer overflows by connecting to a host through HTTP, then submitting malformed data directly to the SQLXML HTTP component. The overflow condition occurs when an overly long value is given to the contenttype=parameter.
  
  
• Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
  
  SQLXML components are prone to script injection attacks via an unchecked parameter in XML tags. Under some circumstances it is possible to inject arbitrary script code in XML tags. This lets an attacker execute script code in the context of the Internet Explorer Security Zone associated with the IIS server running the vulnerable components.
  
  
• Microsoft SQL Server 2000 lets remote users mount a DoS
  
  SQL Server 2000 lets remote attackers mount a denial-of-service attack through a malformed 0x08 packet that is missing a colon separator.
  
  
• Microsoft SQL Server 2000 OpenDataSource buffer overflow
  
  Buffer overflow in the OpenDataSource function of the Jet engine on SQL Server 2000 lets remote attackers execute arbitrary code.
  
  
• Sendmail Header Processing Buffer Overflow Vulnerability
  
  Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 lets remote attackers execute arbitrary code.
  
  

New Features and Enhancements

• In SU2, 10 SQL Server vulnerability checks have been renamed. See the release notes for more information.