| VID |
26059 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix(KB824105) for 'Information Disclosure Vulnerability in NetBIOS' has not been applied.
NetBIOS (Network basic input/output system) is an application programming interface (API) that can be used by programs on a local area network (LAN) for computer networking. Specially, NetBT(NetBIOS over TCP) is the protocol that describes how NetBIOS services are provided over a TCP/IP network. This vulnerability arises due to a flaw in NetBT that can cause arbitrary data to be used for padding instead of blank data because a large buffer, allocated for sends the response to the requesting system, is not properly initialized before it is used. By repeatedly sending a NetBT Name Service query to the target system and then examine the response, a remote attacker can gain arbitrary information from the memory of another computer system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS03-034.asp
* Platforms Affected:
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-034 at http://www.microsoft.com/technet/security/bulletin/MS03-034.asp
1. Open the following page :
for Windows Server 2003, http://www.microsoft.com/downloads/details.aspx?FamilyId=A59CC2AC-F182-4CD5-ACE7-3D4C2E3F1326&displaylang=en
for Windows Server 2003 64 bit Edition, http://www.microsoft.com/downloads/details.aspx?FamilyId=140CF7BE-0371-4D17-8F4C-951B76AC3024&displaylang=en
for Windows XP, http://www.microsoft.com/downloads/details.aspx?FamilyId=1C9D8E86-5B8C-401A-88B2-4443FFB9EDC3&displaylang=en
for Windows XP 64 bit Edition, http://www.microsoft.com/downloads/details.aspx?FamilyId=378D4B58-BF2C-4406-9D88-E6A3C4601795&displaylang=en
for Windows 2000, http://www.microsoft.com/downloads/details.aspx?FamilyId=D0564162-4EAE-42C8-B26C-E4D4D496EAD8&displaylang=en
for Windows NT 4 Server, http://www.microsoft.com/downloads/details.aspx?FamilyId=F131D63A-F74F-4CAF-95BD-D7FA37ADCF38&displaylang=en
for Windows NT 4 Terminal Server Edition, http://www.microsoft.com/downloads/details.aspx?FamilyId=22379951-64A9-446B-AC8F-3F2F080383A9&displaylang=en
2. Select a different language from the drop-down list and click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
5. Restart your system to complete the installation.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com.
Windows Update detects what version of Windows you are running and offers the appropriate patch.
-- OR --
As a workaround,
1. Block TCP and UDP on port 137(used by NetBT Name Service) at your firewall on the affected machines. If you use the Internet Connection Firewall that is included with Windows XP or Windows Server 2003 to help protect your Internet connection, it will, by default block inbound NetBT traffic from the Internet.
2. Block the affected port by using an IPSec filter on the affected machines. For more information about IPSec and how to apply filters, see the following Microsoft Knowledge Base article 313190 and 813878.
3. Disable NetBIOS over TCP/IP. |
| Related URL |
CVE-2003-0661 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
