SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#489397

Microsoft Server Message Block vulnerable to buffer overflow

Overview

Microsoft Server Message Block (SMB) is vulnerable to a buffer handling flaw when processing incoming SMB packets that may lead to remote code execution.

I. Description

Server Message Block is a protocol which allows sharing of files, printers, serial ports, and other abstractions. The SMB protocol is supported on many platforms and architectures, including many Microsoft products.

The Microsoft Server Message Block implementation contains a flaw in incoming SMB packet validation that may result in a buffer receiving inappropriate data. An attacker may send a specially-crafted packet to the vulnerable host and be able to execute arbitrary code on the host after exploiting the incoming packet processing flaw.

II. Impact

A remote unauthenticated attacker with the ability to send specially-crafted SMB packets to a vulnerable host may be able to execute arbitrary code on that system. The attacker-supplied code would be run in the context of Local System, resulting in a complete compromise of the system.

III. Solution

Apply An Update


Please see Microsoft Security Bulletin MS05-027 for more information, such as workarounds and patches.

Utilize Workarounds

Microsoft recommends the following workarounds in Microsoft Security Bulletin MS05-027:

    Block TCP ports 139 and 445. This will disallow attackers the ability to contact the vulnerable SMB service on the affected host(s).

    Use a firewall to block unsolicited or malicious traffic.

    Use IPsec to protect network communications between hosts.

Systems Affected
VendorStatusDate Updated
Microsoft CorporationVulnerable14-Jun-2005

References


http://www.microsoft.com/technet/security/bulletin/MS05-027.mspx
http://xforce.iss.net/xforce/alerts/id/195

Credit

Thanks to Microsoft for providing information on this issue, who in turn thank Qualys for reporting the vulnerability.

This document was written by Ken MacInnis.

Other Information

Date Public06/14/2005
Date First Published06/14/2005 05:43:49 PM
Date Last Updated06/14/2005
CERT Advisory 
CVE NameCAN-2005-1206
US-CERT Technical Alerts 
Metric33.08
Document Revision12

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader