CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2009-22

Microsoft Telnet NTLM Credential Reflection Vulnerability

Original Issue Date: August 13, 2009

Severity Rating: High

Affected Softwares

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Vista x64 Edition Service Pack 2 and prior
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 (including server core)
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 (including server core)
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 (including server core)

Overview

A remote code execution vulnerability has been identified in Microsoft Telnet service which could allow remote attackers to execute arbitrary code with the privileges of the currently logged-on user.

Description

NTLM is an authentication protocol based on a challenge/response mechanism used to determine the authenticity of the supplied credentials.

This vulnerability is caused due to an error in the Windows Telnet service while handling NTLM authentication. The Telnet protocol does not correctly opt in to NTLM credential-reflection protections to ensure that a user's credentials are not reflected back. This issue could be exploited by attackers to execute arbitrary code by tricking a user into connecting to a specially crafted Telnet server and subsequently gaining access to the system with the privileges of the logged-on user.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS09-042

CVE Name

CVE-2009-1930

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS09-042.mspx

References

Microsoft Corporation
http://support.microsoft.com/kb/960859

CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=18763

SecurityTracker
http://www.securitytracker.com/alerts/2009/Jun/1022357.html

Secunia
http://secunia.com/advisories/36222/

VUPEN
http://www.vupen.com/english/advisories/2009/1545