| VID |
26005 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q311967) for the 'Unchecked buffer in the Multiple UNC Provider' has not been applied. Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
The Multiple UNC Provider (MUP) is a Windows service that assists in locating network resources that are identified via UNC (uniform naming convention). The MUP receives commands containing UNC names from applications and sends the name to each registered UNC provider, LAN Manager workstation, and any others that are installed. When a provider identifies a UNC name as its own, the MUP automatically redirects future instances of that name to that provider.
When MUP receives a file request, it allocates a buffer in which to store it. There is proper input checking in this first buffer. However, MUP stores another copy of the file request in a buffer when it sends this request to a redirector. This second copy of the buffer does not check inputs correctly, thereby creating the possibility that a resource request to it from an unprivileged process could cause a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with Local System privileges.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms02-017.asp
http://www.iss.net/security_center/static/8752.php
* Platforms Affected:
Microsoft Windows NT 4.0 Workstation
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows NT 4 Terminal Server Edition
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows XP Professional |
| Recommendation |
Apply the appropriate patch for your system immeditely from the following download locations:
o Windows NT 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37630
o Windows NT 4.0 Terminal Server Edition: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37652
o Windows 2000: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37555
o Windows XP: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37583
o Windows XP 64-bit Edition: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37672 |
| Related URL |
CVE-2002-0151 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
