| VID |
26031 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q329834) for the "Unchecked Buffer in PPTP Implementation" problem is not applied.
PPTP (Point-to-Point Tunneling Protocol) is an industry standard protocol (defined in RFC 2637) that enables users to create and use virtual private networks (VPNs). Through VPN technologies such as PPTP, users can create secure connections to a remote network, even though the data may transit insecure networks like the Internet.
A buffer overflow vulnerability has been reported for Microsoft's PPTP implementation. By sending a specially-crafted PPTP packet to the PPTP service listening on TCP port 1723, a remote attacker could cause the system to crash or execute arbitrary code on the server.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Microsoft Windows 2000
Microsoft Windows XP
* References:
http://www.microsoft.com/technet/security/bulletin/ms02-063.asp
http://online.securityfocus.com/bid/5807 |
| Recommendation |
Apply the appropriate patch for your system. The Windows 2000 patch can be installed on systems running Windows 2000 Service Pack 1 or Service Pack 2, and The patch for Windows XP can be installed on systems running Windows XP Gold or Service Pack 1.
Download locations:
o Microsoft Windows 2000:
http://www.microsoft.com/downloads/Release.asp?ReleaseID=43606
o Microsoft Windows XP:
32-bit: http://www.microsoft.com/downloads/Release.asp?ReleaseID=43635
64-bit: http://www.microsoft.com/downloads/Release.asp?ReleaseID=43631 |
| Related URL |
CVE-2002-1183 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
