Microsoft Windows Server 2003 WINS /GS flag denial of service
| win-wins-gsflag-dos (15037) |  Medium Risk |
Description:
Microsoft Windows Server 2003 running Windows Internet Naming Service (WINS) is vulnerable to a denial of service attack, caused by the /GS flag security feature. The /GS flag is a security feature used to shut the service down if malicious code is detected, in order to prevent code execution. A remote attacker can send specially-crafted packets to the WINS server, causing the /GS flag to activate, resulting in a denial of service.
The denial of service does not occur on Windows NT and Windows 2000 platforms, nor is there a possibility of remote code execution. The Microsoft security update also corrects vulnerable code on these additional nonvulnerable platforms to protect against potential future attack vectors that may allow code execution.
Platforms Affected:
- Microsoft, Windows 2000 SP2
- Microsoft, Windows 2000 SP3
- Microsoft, Windows 2000 SP4
- Microsoft, Windows 2003 Server
- Microsoft, Windows 2003 Server x64
- Microsoft, Windows NT 4.0 SP6a Server
- Microsoft, Windows NT 4.0 SP6 Terminal Server
Remedy:
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Consequences:
Denial of Service
References:
- CIAC Information Bulletin O-077, Microsoft Vulnerability in the Windows Internet Naming Service (WINS) at http://www.ciac.org/ciac/bulletins/o-077.shtml.
- Microsoft Security Bulletin MS04-006, Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352) at http://www.microsoft.com/technet/security/bulletin/ms04-006.mspx.
- Microsoft Security Bulletin MS04-045, Vulnerability in WINS Could Allow Remote Code Execution (870763) at http://www.microsoft.com/technet/security/bulletin/ms04-045.mspx.
- Microsoft Security Bulletin MS08-034, Vulnerability in WINS Could Allow Elevation of Privilege (948745) at http://www.microsoft.com/technet/security/Bulletin/MS08-034.mspx.
- Microsoft Security Bulletin MS09-008, Vulnerabilities in DNS and WINS server could allow Spoofing (962238) at http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx.
- BID-9624: Microsoft Windows Internet Naming Service Buffer Overflow Vulnerability
- CVE-2003-0825: The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
- OSVDB ID: 3903: Microsoft Windows WINS Server Remote Overflow
- US-CERT VU#445214: Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets
Reported:
Feb 10, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net