|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Windows SMB Buffer Overflow Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Jul 09 2003 - 14:46:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Windows SMB Buffer Overflow Vulnerability
READ ONLINE:
http://www.secunia.com/advisories/9225/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, DoS, System access
WHERE:
From local network
OPERATING SYSTEM:
Microsoft Windows 2000 Datacenter Server
Microsoft Windows XP Professional
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows NT 4.0 Server
Microsoft Windows XP Home Edition
Microsoft Windows 2000 Professional
DESCRIPTION:
A vulnerability has been identified in some versions of Windows,
which can be exploited by malicious users to cause a DoS (Denial of
Service) on a vulnerable system and potentially compromise it.
The vulnerability is caused due to a boundary error when validating
parameters of a SMB packet. When a client sends a SMB packet to a
server, it includes various parameters. On of these parameters is a
size parameter, which the server doesn't check in any way. This can
be exploited to cause a buffer overflow by sending a specially
crafted SMB packet containing a size parameter, which is too small.
This will result in arbitrary data being overwritten leading to data
corruption, a crash, or execution of arbitrary code. However,
successful exploitation requires that a user has been authenticated
by the SMB service.
SOLUTION:
Apply Service Pack 4 or the patch via WindowsUpdate or manually.
-- Service Pack 4 --
http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp
-- Patch --
Windows NT 4.0 Server (requires SP6a installed):
http://microsoft.com/downloads/details.aspx?FamilyId=1CA9A59A-3074-4D73-82C8-68A37B3BBB80&displaylang=en
Windows NT 4.0, Terminal Server Edition (requires SP6 installed):
http://microsoft.com/downloads/details.aspx?FamilyId=19C2A999-AAD4-44A6-B608-0178874387AB&displaylang=en
Windows 2000 Server (requires SP3 installed):
http://microsoft.com/downloads/details.aspx?FamilyId=8290DBEC-6072-45B9-A91D-E4C1FD93E3E1&displaylang=en
Windows XP 32 bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=8F407A78-646C-4F82-BF74-12298ED5D8CF&displaylang=en
Windows XP 64 bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=2644E2F3-92F2-40B3-8887-72FEB81CA58D&displaylang=en
REPORTED BY / CREDITS:
Jeremy Allison and Andrew Tridgell (Samba Team).
ORIGINAL ADVISORY:
http://www.microsoft.com/technet/security/bulletin/MS03-024.asp
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]