| VID |
12003 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows platform has a denial of service vulnerability in Network Share Provider.
Microsoft Server Message Block (SMB) is a protocol for sharing data and resources between computers. Buffer overflow in SMB protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows an attacker to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3. The attacker could use both a user account and anonymous access to accomplish this. Though not confirmed, it may be possible to execute arbitrary code.
Platforms Affected:
- Windows NT 4.0 Workstation/Server
- Windows 2000 Professional/Advanced Server
- Windows XP Professional
* Note: The target windows system seems to be crashed and restarted by this test.
* References:
http://www.microsoft.com/technet/security/bulletin/ms02-045.asp
http://www.corest.com/common/showdoc.php?idx=262&idxseccion=10 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-037, http://www.microsoft.com/technet/security/bulletin/ms02-045.asp
As workarounds:
- Disable anonymous access (NULL connections)
This will not prevent legitimate users from abusing the vulnerability.
- Block access to the SMB ports from untrusted networks.
Blocking access to ports tcp/445 and tcp/139 at the network perimeter
will prevent attacks from untrusted parties. However, this is not
a viable solution for environment were file and printing services
are needed for legitimate users.
- Shutdown the Lanman server (net stop lanmanserver)
This prevents exploitation from any attacker but removes all file
and print sharing functionality from the vulnerable server. It might
not be a viable solution in many environments. |
| Related URL |
CVE-2002-0724 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
