Alert: Microsoft Security Bulletin - MS02-045
From: Russ (Russ.Cooper@RC.ON.CA)Date: 08/23/02
- Previous message: Steve: "Re: [VulnDiscuss] Re: Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Aug 2002 20:10:58 -0400 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
http://www.microsoft.com/technet/security/bulletin/MS02-045.asp
Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)
Originally posted: August 22, 2002
Summary
Who should read this bulletin: Customers using Microsoft® Windows NT®, Windows® 2000 and Windows XP.
Impact of vulnerability: Denial of service.
Maximum Severity Rating: Moderate
Recommendation: Administrators should consider installing the patch.
Affected Software:
- Microsoft Windows NT 4.0 Workstation
- Microsoft Windows NT 4.0 Server
- Microsoft Windows NT 4.0 Server, Terminal Sever Edition
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Windows XP Professional
Technical description:
SMB (Server Message Block) is the protocol Microsoft uses to share files, printers, serial ports, and also to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources and servers make SMB responses in what described as a client server, request-response protocol.
By sending a specially crafted packet request, an attacker can mount a denial of service attack on the target server machine and crash the system. The attacker could use both a user account and anonymous access to accomplish this. Though not confirmed, it may be possible to execute arbitrary code.
Mitigating factors:
- An administrator can block this attack by turning off anonymous access. However, this does not prevent legitimate users from exploiting this vulnerability.
- An administrator can block access to SMB ports from untrusted networks. By blocking TCP ports 445 and 139 at the network perimeter, administrators can prevent this attack from untrusted parties. In a file and printing environment, this may not be a practical solution for legitimate users.
- An administrator can stop the Lanman server service which prevents the attack, but again may not be suitable on a file and print sharing server.
Vulnerability identifier: CAN-2002-0724
This email is sent to NTBugtraq automatically as a service to my subscribers. Since its programmatically created, and since its been a long time since anyone paid actual money for my programming skills, it may or may not look that good...;-]
I can only hope that the information it does contain can be read well enough to serve its purpose.
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
- Previous message: Steve: "Re: [VulnDiscuss] Re: Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
