Microsoft Windows NT/2000/XP SMB packet request buffer overflow

win-smb-packet-bo (9933) The risk level is classified as HighHigh Risk

Description:

Microsoft Windows NT, Windows 2000, and Windows XP are vulnerable to a denial of service attack, caused by a buffer overflow in the Server Message Block (SMB) protocol service. By sending a specially-crafted SMB_CON_TRANSACTION packet that requests the NetServerEnum2, NetServerEnum3, or NetShareEnum function, a remote attacker could overflow a buffer and cause the system to crash. This vulnerability could be exploited by both an attacker with a legitimate user account and an attacker with anonymous access to the system.

Note: This vulnerability also affects multiple Cisco products that use one of the vulnerable versions of Microsoft Windows.


Consequences:

Gain Access

Remedy:

For vulnerability detection:

Enable the following checks in the ISS Protection Platform:
WinSmbPacketBo
MS02-045

For Virtual Patch:

Enable the following checks in the ISS Protection Platform:
SMB_Transact_Bo

Block or restrict the following in the ISS Protection Platform as appropriate to the environment:
Port 445

For Manual Protection:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-045. See References.

For Cisco CallManager 3.0.x, 3.1.x, and 3.2.x:
Upgrade to the latest software version, as listed in Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045. See References.

For Cisco ICS 7750 1.x and 2.x:
Upgrade to the latest software version, as listed in Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045. See References.

For all other affected Cisco products:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-045. See References.

References:

Platforms Affected:

  • Cisco ACS Solution Engine
  • Cisco Broadband Troubleshooter
  • Cisco Building Broadband Service Manager
  • Cisco CiscoWorks 2000 Service Management Solution
  • Cisco CNS Network Registrar
  • Cisco Collaboration Server
  • Cisco DOCSIS CPE Configurator
  • Cisco Dynamic Content Adapter
  • Cisco E-Mail Manager
  • Cisco Intelligent Contact Manager
  • Cisco Media Blender (CMB)
  • Cisco Secure Policy Manager
  • Cisco TrailHead
  • Cisco Transport Manager
  • Cisco Unified CallManager 3.0
  • Cisco Unified CallManager 3.1
  • Cisco Unified CallManager 3.2
  • Cisco Unity Server
  • Cisco uOne Enterprise Edition
  • Cisco User Registration Tool
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000
  • Microsoft Windows 2003 Server
  • Microsoft Windows NT 4.0 Terminal Server
  • Microsoft Windows NT 4.0
  • Microsoft Windows XP Professional

Reported:

Aug 22, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page