Microsoft Windows NT/2000/XP SMB packet request buffer overflow

win-smb-packet-bo (9933) The risk level is classified as HighHigh Risk

Description:

Microsoft Windows NT, Windows 2000, and Windows XP are vulnerable to a denial of service attack, caused by a buffer overflow in the Server Message Block (SMB) protocol service. By sending a specially-crafted SMB_CON_TRANSACTION packet that requests the NetServerEnum2, NetServerEnum3, or NetShareEnum function, a remote attacker could overflow a buffer and cause the system to crash. This vulnerability could be exploited by both an attacker with a legitimate user account and an attacker with anonymous access to the system.

Note: This vulnerability also affects multiple Cisco products that use one of the vulnerable versions of Microsoft Windows.

Platforms Affected:

  • Cisco, ACS Solution Engine
  • Cisco, Broadband Troubleshooter
  • Cisco, Building Broadband Service Manager
  • Cisco, CiscoWorks 2000 Service Management Solution
  • Cisco, CNS Network Registrar
  • Cisco, Collaboration Server
  • Cisco, DOCSIS CPE Configurator
  • Cisco, Dynamic Content Adapter
  • Cisco, E-Mail Manager
  • Cisco, Intelligent Contact Manager
  • Cisco, Media Blender (CMB)
  • Cisco, Secure Policy Manager
  • Cisco, TrailHead
  • Cisco, Transport Manager
  • Cisco, Unified CallManager 3.0
  • Cisco, Unified CallManager 3.1
  • Cisco, Unified CallManager 3.2
  • Cisco, Unity Server
  • Cisco, uOne Enterprise Edition
  • Cisco, User Registration Tool
  • Microsoft, Windows 2000
  • Microsoft, Windows 2000 Professional
  • Microsoft, Windows 2000 Server
  • Microsoft, Windows 2000 Advanced Server
  • Microsoft, Windows 2003 Server
  • Microsoft, Windows NT 4.0
  • Microsoft, Windows NT 4.0 Terminal Server
  • Microsoft, Windows XP Professional

Remedy:

For vulnerability detection:

Enable the following checks in the ISS Protection Platform:
WinSmbPacketBo
MS02-045

For Virtual Patch:

Enable the following checks in the ISS Protection Platform:
SMB_Transact_Bo

Block or restrict the following in the ISS Protection Platform as appropriate to the environment:
Port 445

For Manual Protection:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-045. See References.

For Cisco CallManager 3.0.x, 3.1.x, and 3.2.x:
Upgrade to the latest software version, as listed in Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045. See References.

For Cisco ICS 7750 1.x and 2.x:
Upgrade to the latest software version, as listed in Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045. See References.

For all other affected Cisco products:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-045. See References.

Consequences:

Gain Access

References:

Reported:

Aug 22, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page