CERTVU:378160Microsoft Windows Internet Naming Service (WINS) contains a buffer overflow
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.902 High
EPSS
Percentile
98.8%
Overview
A buffer overflow in the WINS service may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Description
The Microsoft WINS service maps IP addresses to NETBIOS computer names.The WINS protocol contains a vulnerability that may allow a remote attacker to compromise a WINS server. Insufficient validation on the name parameter within incoming WINS packets allows a buffer overflow to occur. If a remote attacker supplies a specially crafted packet to a vulnerable WINS server, that attacker may be able to exploit the buffer overflow to execute arbitrary code.
According to Microsoft Security Bulletin MS04-045 the following Microsoft products are vulnerable:
| 
|
-
Microsoft Windows NT Server 4.0 Service Pack 6a
—|—
| -
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
| -
Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4
| -
Microsoft Windows Server 2003
| -
Microsoft Windows Server 2003 64-Bit Edition
For more detailed information please refer to Microsoft Security Bulletin MS04-045.
Impact
A remote attacker may be able to execute arbitrary code with SYSTEM privileges or cause a denial-of-service condition.
Solution
Apply Patch
Microsoft has released Microsoft Security Bulletin MS04-045 to address this issue. Users are encouraged to review this bulletin and apply the patches it refers to.
Consider Workarounds in MS04-045
* Removing the WINS service if it is not needed
* Blocking TCP and UDP port 42
* Using IPsec as a communication protocol between WINS servers
For more detailed information please see Microsoft Knowledge Base Article 890710 and Microsoft Security Bulletin MS04-045.
Vendor Information
378160
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Corporation __ Unknown
Updated: December 16, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Microsoft has released Microsoft Security Bulletin MS04-045 to address this issue.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23378160 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx>
- <http://secunia.com/advisories/13466/>
Acknowledgements
Thanks to Microsoft Security for reporting this vulnerability.Microsoft credits Kostya Kortchinsky of CERT RENATER with reporting this vulnerability.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2004-0567 |
|---|---|
| Severity Metric: | 23.73 Date Public: |
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.902 High
EPSS
Percentile
98.8%