Microsoft Windows SMB malformed PIPE denial of service
| smb-malformed-pipe (27999) |  Low Risk |
Description:
Multiple versions of Microsoft Windows are vulnerable to a denial of service attack, caused by a NULL pointer dereference in the server driver (srv.sys). By sending a specially-crafted network packet to an affected system, a remote attacker could cause the system to crash.
Platforms Affected:
- Microsoft, Windows 2000 SP4
- Microsoft, Windows 2003
- Microsoft, Windows 2003 Server Itanium
- Microsoft, Windows 2003 Server x64
- Microsoft, Windows 2003 Server SP1
- Microsoft, Windows 2003 Server SP1 Itanium
- Microsoft, Windows XP SP1
- Microsoft, Windows XP SP2
- Microsoft, Windows XP Professional x64
Remedy:
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superceded.
Consequences:
Denial of Service
References:
- Core Security Technologies Advisory CORE-2006-0714, Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service at http://www.coresecurity.com/common/showdoc.php?idx=562&idxseccion=10.
- Internet Security Systems Protection Advisory July 28, 2006, Vulnerability in Server Driver could result in Denial of Service at http://xforce.iss.net/xforce/alerts/id/231.
- Microsoft Security Bulletin MS06-063, Vulnerability in Server Service Could Allow Denial of Service (923414) at http://www.microsoft.com/technet/security/Bulletin/MS06-063.mspx.
- Microsoft Security Bulletin MS08-063, Vulnerability in SMB Could Allow Remote Code Execution (957095) at http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx.
- Microsoft Security Bulletin MS09-001, Vulnerabilities in SMB Could Allow Remote Code Execution (958687) at http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx.
- Microsoft Security Response Center Blog, Friday, July 28, 2006 9:22 PM, Information About Public Postings Related to MS06-035 at http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx.
- ASA-2006-217: Windows Security Updates for October 2006 - (MS06-056 - MS06-065)
- BID-19215: Microsoft Windows SMB PIPE Remote Denial of Service Vulnerability
- CVE-2006-3942: The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an SMB PIPE
- OSVDB ID: 27644: Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS
- SA21276: Microsoft Windows Server Service DoS and Privilege Escalation
- SECTRACK ID: 1016606: Windows Server Service Null Pointer Comparison Lets Remote Users Deny Service
- SECTRACK ID: 1017035: Windows Server Service SMB Rename Null Pointer Dereference Lets Remote Users Deny Service
- VUPEN/ADV-2006-3037: Microsoft Windows SMB Protocol Denial of Service Vulnerability (MS06-063)
Reported:
Jul 28, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net