search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum3 transaction

Vulnerability Note VU#311619

Original Release Date: 2002-08-23 | Last Revised: 2002-08-26

Overview

Microsoft Server Message Block (SMB) may crash upon receipt of a crafted SMB_COM_TRANSACTION packet requesting a NetServerEnum3 transaction. Attackers can use this vulnerability to cause a denial of service.

Description

SMB is a protocol for sharing data and resources between computers, included in many versions of Microsoft Windows.

SMB may crash if it receives a crafted SMB_COM_TRANSACTION packet requesting a NetServerEnum2 transaction. If either the 'Max Param Count' field or 'Max Data Count' field of the packet is set to zero (0), the destination SMB host will crash with a blue screen. This vulnerability can be exploited by both local and remote attackers.

Impact

Remote attackers can cause a denial of service. Attackers may also be able to execute arbitrary code, though this has not been demonstrated or proven.

Solution

Apply a patch

For more information, see:

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-045.asp

Vendor Information

311619
 
Affected   Unknown   Unaffected

Microsoft Corporation

Notified:  July 15, 2002 Updated:  August 23, 2002

Status

  Vulnerable

Vendor Statement

See: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-045.asp

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Ivan Arce of CORE Security Technologies for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs: None
Severity Metric: 0.87
Date Public: 2002-08-22
Date First Published: 2002-08-23
Date Last Updated: 2002-08-26 18:22 UTC
Document Revision: 9

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.