Title: Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow
Severity: HIGH
Description:
GINA stands for Graphical Identification aNd Authorization and describes an interface for the validation of logon credentials. The default implementation is MSGINA.DLL.
The MSGINA.DLL in Microsoft Windows 4.0 is responsable of performing the authentication policy of the interactive logon model, and is expected to perform all identification and authentication user interactions Microsoft Windows NT 4.0 Terminal Server ships with a remotely and locally exploitable buffer overflow in a Dynamically Linked Library (RegAPI.DLL) that MSGINA.DLL uses.
It could be exploited by entering a long string in the username field. This buffer overflow when being triggered will result in a system crash (if triggered locally) or a connection drop (if triggered remotely). By providing a specially crafted username an attacker has the ability to obtain access to the Terminal Server and execute arbitrary commands as user SYSTEM.
Affected Products:
- Microsoft Windows NT Terminal Server 4.0
References:
- CORE: CORE SDI Homepage
- Microsoft: Frequently Asked Questions:Microsoft Security Bulletin MS00-087
- Microsoft: Q277910: Patch Available for "Terminal Server Login Buffer Overflow" Vulnerabili
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
