[SECURITY-L] CAIS-Alerta: Vulnerabilidades no Windows DNS (MS08-037)
CSIRT - UNICAMP
security em unicamp.br
Sex Jul 11 16:04:50 -03 2008
----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidades no Windows DNS (MS08-037)
To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Thu, 10 Jul 2008 16:08:19 -0300 (BRT)
-----BEGIN PGP SIGNED MESSAGE-----
Prezados,
O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-037 -
Vulnerabilities in DNS Could Allow Spoofing (953230)", que trata de duas
vulnerabilidades Windows Domain Name System (DNS).
A vulnerabilidade descrita em CVE-2008-1447 permite que um atacante forje
respostas a requisicoes do protocolo DNS, incluindo "records". A
vulnerabilidade descrita em CVE-2008-1454 permite que um atacante envie
respostas a requisicoes DNS feitas por sistemas vulneraveis.
Caso um atacante consiga explorar com sucesso esta vulnerabilidade, ele
podera' redirecionar o trafego do host autentico de um site para um outro
host de interesse do atacante. As vulnerabilidades existem tanto no
cliente quanto no servidor DNS.
Sistemas afetados:
. Cliente DNS
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 com SP1 para Sistemas baseados em Itanium
- Windows Server 2003 com SP2 para Sistemas baseados em Itanium
. Servidor DNS
- Microsoft Windows 2000 Server Service Pack 4
- Windows Server 2003 Service Pack 1
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 com SP1 para Sistemas baseados em Itanium
- Windows Server 2003 com SP2 para Sistemas baseados em Itanium
- Windows Server 2008 para Sistemas 32-bit
- Windows Server 2008 para Sistemas baseados em x64
Correcoes disponiveis:
Recomenda-se fazer a atualizacao para as versoes disponiveis em:
. Cliente DNS
- Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?familyid=269c219c-9d6b-4b12-b621-c70cd07cdd22
- Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=ed989a33-7a9e-4423-93a8-b38907467cdf
- Windows XP Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=ed989a33-7a9e-4423-93a8-b38907467cdf
- Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=a2b016fa-b108-4e8e-b41b-4ca89002907b
- Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=a2b016fa-b108-4e8e-b41b-4ca89002907b
- Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=4ef5033c-9843-4e0b-bfad-fcaf05d7dab9
- Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=4ef5033c-9843-4e0b-bfad-fcaf05d7dab9
- Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=66624a1f-38bf-4af7-936d-3131474ffe1f
- Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=66624a1f-38bf-4af7-936d-3131474ffe1f
- Windows Server 2003 com SP1 para Sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=facc80da-61d6-49c5-872d-a1980b66ae3e
- Windows Server 2003 com SP2 para Sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=facc80da-61d6-49c5-872d-a1980b66ae3e
. Servidor DNS
- Microsoft Windows 2000 Server Service Pack 4
http://www.microsoft.com/downloads/details.aspx?familyid=332aa92f-a1ad-42a0-87d0-485d2d41335b
- Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=d1fcb794-e6a5-4c28-b3b3-9cd88f468a42
- Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=d1fcb794-e6a5-4c28-b3b3-9cd88f468a42
- Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=040a1ba8-21b0-439e-bf21-1acd1c43b162
- Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=040a1ba8-21b0-439e-bf21-1acd1c43b162
- Windows Server 2003 com SP1 para Sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=c63e3ee6-6055-4313-b0f1-fec7408886bb
- Windows Server 2003 com SP2 para Sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=c63e3ee6-6055-4313-b0f1-fec7408886bb
- Windows Server 2008 para Sistemas 32-bit
http://www.microsoft.com/downloads/details.aspx?familyid=1fcea8f4-b233-42e1-b913-c4fcae276c7b
- Windows Server 2008 para Sistemas baseados em x64
http://www.microsoft.com/downloads/details.aspx?familyid=1fcea8f4-b233-42e1-b913-c4fcae276c7b
Mais informacoes:
. MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)
http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx
. SANS ISC Handler's Diary 2008-07-08: July 2008 black tuesday overview
http://isc.sans.org/diary.html?storyid=4684
. Microsoft Brasil Security
http://www.microsoft.com/brasil/security
. Technet Brasil - Central de Seguranca
http://www.technetbrasil.com.br/seguranca
. Windows Live OneCare
http://safety.live.com/site/pt-BR/default.htm
Identificador CVE (http://cve.mitre.org): CVE-2008-1447, CVE-2008-1454
O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes oferecidas pelos fabricantes.
Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iQCVAwUBSHZeLekli63F4U8VAQG/QQQAm+Z5CD7AeIZ0eyZC69cwTCx9Imk5XAVE
Xu8JMyOmu6mf1/NPchb4lXonH/Xtbs3PhXtDFvPmaYCftYI78jnrhCpg7duKrxbp
FwvzvBsvoSA9WOdMlU0Yfni4JnEo6yxIDIcmnmCZdx3/2gAeBafgH8cPM/A8+YMW
53HZPyqJ6Oc=
=u/wd
-----END PGP SIGNATURE-----
--
Para SAIR da lista rnp-alerta envie uma mensagem em branco para:
<rnp-alerta-unsubscribe em cais.rnp.br>
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L