| VID |
26070 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix(KB828749) for 'Buffer Overrun in the Workstation Service' has not been applied.
The Microsoft Workstation service contains a remotely exploitable buffer overflow in debug and logging code. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code with system-level privileges on Windows 2000 and Windows XP machines.
The Workstation service is enabled by default on vulnerable platforms. This service can be reached via named pipes through SMB over NetBIOS, but cannot be reached directly via the endpoint mapper on port 135. The vulnerability can be triggered via null sessions and does not require additional authentication to exploit. The vulnerability is a standard stack overflow, and therefore it may be relatively easy to exploit. Exploits written to take advantage of standard stack overflows are generally very robust, and are good candidates for use in the creation of Internet worms.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Refereces:
http://www.microsoft.com/technet/security/bulletin/ms03-049.asp
http://xforce.iss.net/xforce/alerts/id/158
http://www.securityfocus.com/archive/1/344137
http://www.eeye.com/html/Research/Advisories/AD20031111.html
* Platforms Affected:
Windows 2000 SP2, SP3, SP4
Windows XP SP1 and earlier
Windows XP 64-Bit Edition |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-049 at http://www.microsoft.com/technet/security/bulletin/ms03-049.asp
1. Open the following page :
For Windows 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2467FE46-D167-479C-9638-D4D79483F261
For Windows XP:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F02DA309-4B0A-4438-A0B9-5B67414C3833
For Windows XP 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2BE95254-4C65-4CA5-80A5-55FDF5AA2296
2. Select a different language from the drop-down list and click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch.
As a workaround, block UDP ports 138, 139, 445 and TCP ports 138, 139, 445 at your firewall. |
| Related URL |
CVE-2003-0812 (CVE) |
| Related URL |
9011 (SecurityFocus) |
| Related URL |
13638 (ISS) |
|
