[SECURITY-L] CAIS-Alerta: Vulnerabilidades no Microsoft PGM (MS08-036)
CSIRT - UNICAMP
security em unicamp.br
Qui Jun 12 09:42:57 -03 2008
----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Vulnerabilidades no Microsoft PGM (MS08-036)
To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Wed, 11 Jun 2008 11:54:48 -0300 (BRT)
-----BEGIN PGP SIGNED MESSAGE-----
Prezados,
O CAIS esta' repassando o alerta da Microsoft, intitulado "MS08-036 -
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of
Service (950762)", que trata de duas vulnerabilidades reportadas no
protocolo Pragmatic General Multicast (PGM).
O PGM e' um protocolo multicast escalavel, que permite ao receptor dos
pacotes controlar a confiabilidade da comunicacao. As vulnerabilidades
reportadas afetam o modo como o protocolo valida pacotes especialmente
criados e processa pacotes fragmentados. Ambas vulnerabilidades fazem com
que o computador atacado pare de responder e precise ser reiniciado.
Sistemas afetados:
. Windows XP Service Pack 2
. Windows XP Service Pack 3
. Windows XP Professional x64 Edition
. Windows XP Professional x64 Edition Service Pack 2
. Windows Server 2003 Service Pack 1
. Windows Server 2003 Service Pack 2
. Windows Server 2003 x64 Edition
. Windows Server 2003 x64 Edition Service Pack 2
. Windows Server 2003 com SP1 para sistemas baseados em Itanium
. Windows Server 2003 com SP2 para sistemas baseados em Itanium
. Windows Vista
. Windows Vista Service Pack 1
. Windows Vista x64 Edition
. Windows Vista x64 Edition Service Pack 1
. Windows Server 2008 para sistemas 32 bits
. Windows Server 2008 para sistemas 64 bits
. Windows Server 2008 para sistemas baseados em Itanium
Correcoes disponiveis:
Recomenda-se fazer a atualizacao para as versoes disponiveis em :
. Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=36b14a81-5979-4e38-9ba3-ed83dfc17adf
. Windows XP Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=36b14a81-5979-4e38-9ba3-ed83dfc17adf
. Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=9e9d24ee-8183-428c-8067-168a8d85eaa1
. Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=9e9d24ee-8183-428c-8067-168a8d85eaa1
. Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=1e8e2faf-009f-403b-a5fe-a47cf014db3a
. Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=1e8e2faf-009f-403b-a5fe-a47cf014db3a
. Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=78bf92d8-63c4-4596-8425-8fcfea7f5582
. Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=78bf92d8-63c4-4596-8425-8fcfea7f5582
. Windows Server 2003 com SP1 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=5b7e94fa-22ed-4f7c-b452-647b2e620113
. Windows Server 2003 com SP2 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=5b7e94fa-22ed-4f7c-b452-647b2e620113
. Windows Vista
http://www.microsoft.com/downloads/details.aspx?familyid=ef2d2a4b-4831-41be-b5d0-8df5b01fd205
. Windows Vista Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=ef2d2a4b-4831-41be-b5d0-8df5b01fd205
. Windows Vista x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=0839fcf4-85ca-445e-896b-f634b10b6700
. Windows Vista x64 Edition Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=0839fcf4-85ca-445e-896b-f634b10b6700
. Windows Server 2008 para sistemas 32 bits
http://www.microsoft.com/downloads/details.aspx?familyid=0466a6e7-fdca-4647-af62-449e5f20d1e4
. Windows Server 2008 para sistemas 64 bits
http://www.microsoft.com/downloads/details.aspx?familyid=304898e6-21a7-476f-b9ed-7ac0d88a91e2
. Windows Server 2008 para sistemas baseados em Itanium
http://www.microsoft.com/downloads/details.aspx?familyid=8907783b-e3fe-40b2-9fc8-4937e7d58b7e
Mais informacoes:
. MS08-036 - Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
http://www.microsoft.com/technet/security/Bulletin/MS08-036.mspx
. SANS ISC Handler's Diary 2008-06-10: June 2008 Black Tuesday Overview
http://isc.sans.org/diary.html?storyid=4552
. Microsoft Brasil Security
http://www.microsoft.com/brasil/security
. Technet Brasil - Central de Seguranca
http://www.technetbrasil.com.br/seguranca
. Windows Live OneCare
http://safety.live.com/site/pt-BR/default.htm
Identificador CVE (http://cve.mitre.org): CVE-2008-1440, CVE-2008-1441
O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes oferecidas pelos fabricantes.
Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) #
# Rede Nacional de Ensino e Pesquisa (RNP) #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iQCVAwUBSE/nPOkli63F4U8VAQHO8wQAtdJP1VCLUMYKH8XaQo0qX70uZoXNznZ2
JNazEckqDBgXCCyCXvV9iYLTT0/QAhvbaFMEKJCocIP1JAttJl29kY5rwd275oTr
G/rRceWgxOUNLqJo4uzPhOv55qEDckpHLwB8XxiQmE2EB6/P3BqU9ppjzX7luTc7
BWHhOF1d+dk=
=3vld
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L