Vulnerability Note VU#311619

Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum3 transaction

Overview

Microsoft Server Message Block (SMB) may crash upon receipt of a crafted SMB_COM_TRANSACTION packet requesting a NetServerEnum3 transaction. Attackers can use this vulnerability to cause a denial of service.

I. Description

SMB is a protocol for sharing data and resources between computers, included in many versions of Microsoft Windows.

SMB may crash if it receives a crafted SMB_COM_TRANSACTION packet requesting a NetServerEnum2 transaction. If either the 'Max Param Count' field or 'Max Data Count' field of the packet is set to zero (0), the destination SMB host will crash with a blue screen. This vulnerability can be exploited by both local and remote attackers.

II. Impact

Remote attackers can cause a denial of service. Attackers may also be able to execute arbitrary code, though this has not been demonstrated or proven.

III. Solution

Apply a patch

For more information, see:

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-045.asp

Systems Affected

Vendor	Status	Date Notified	Date Updated
Microsoft Corporation	Vulnerable	23-Aug-2002

References

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-045.asp

Credit

Thanks to Ivan Arce of CORE Security Technologies for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

Date Public:	2002-08-22
Date First Published:	2002-08-23
Date Last Updated:	2002-08-26
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	0.87
Document Revision:	9

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader