Microsoft Windows NT/2000/XP SMB packet request buffer overflow
| win-smb-packet-bo (9933) |
Description:
Microsoft Windows NT, Windows 2000, and Windows XP are vulnerable to a denial of service attack, caused by a buffer overflow in the Server Message Block (SMB) protocol service. By sending a specially-crafted SMB_CON_TRANSACTION packet that requests the NetServerEnum2, NetServerEnum3, or NetShareEnum function, a remote attacker could overflow a buffer and cause the system to crash. This vulnerability could be exploited by both an attacker with a legitimate user account and an attacker with anonymous access to the system.
Note: This vulnerability also affects multiple Cisco products that use one of the vulnerable versions of Microsoft Windows.
Consequences:
Gain Access
Remedy:
For vulnerability detection:
Enable the following checks in the ISS Protection Platform:
WinSmbPacketBo
MS02-045
Enable the following checks in the ISS Protection Platform:
SMB_Transact_Bo
Block or restrict the following in the ISS Protection Platform as appropriate to the environment:
Port 445
For Manual Protection:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-045. See References.
For Cisco CallManager 3.0.x, 3.1.x, and 3.2.x:
Upgrade to the latest software version, as listed in Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045. See References.
For Cisco ICS 7750 1.x and 2.x:
Upgrade to the latest software version, as listed in Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045. See References.
For all other affected Cisco products:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-045. See References.
References:
- Cisco Systems Inc. Security Advisory, 2002 September 18 16:00 (UTC -0400): Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045.
- Core Security Technologies Advisory CORE-20020618: Denial of Service Vulnerabilities in Windows SMB implementation .
- Internet Security Systems Security Alert, August 29, 2002: Microsoft Windows SMB Denial of Service Vulnerability.
- Microsoft Knowledge Base Article 326830: MS02-045: Unchecked Buffer in Network Share Provider May Lead to Denial-of-Service.
- Microsoft Security Bulletin MS02-045: Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830).
- BID-5556: Microsoft Network Share Provider SMB Request Buffer Overflow Vulnerability
- CVE-2002-0724: Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka Unchecked Buffer in Network Share Provider Can Lead to Denial of Service.
- US-CERT VU#250635: Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum2 transaction
- US-CERT VU#311619: Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum3 transaction
- US-CERT VU#342243: Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetShareEnum transaction
Platforms Affected:
- Cisco ACS Solution Engine
- Cisco Broadband Troubleshooter
- Cisco Building Broadband Service Manager
- Cisco CiscoWorks 2000 Service Management Solution
- Cisco CNS Network Registrar
- Cisco Collaboration Server
- Cisco DOCSIS CPE Configurator
- Cisco Dynamic Content Adapter
- Cisco E-Mail Manager
- Cisco Intelligent Contact Manager
- Cisco Media Blender (CMB)
- Cisco Secure Policy Manager
- Cisco TrailHead
- Cisco Transport Manager
- Cisco Unified CallManager 3.0
- Cisco Unified CallManager 3.1
- Cisco Unified CallManager 3.2
- Cisco Unity Server
- Cisco uOne Enterprise Edition
- Cisco User Registration Tool
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000
- Microsoft Windows 2003 Server
- Microsoft Windows NT 4.0 Terminal Server
- Microsoft Windows NT 4.0
- Microsoft Windows XP Professional
Reported:
Aug 22, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
