Microsoft Windows SMB Transaction Data Overflow

2005-02-08T00:00:00
ID OSVDB:13600
Type osvdb
Reporter Yuji Ukai(alert@eEye.com), Derek Soeder(dsoeder@eeye.com)
Modified 2005-02-08T00:00:00

Description

Vulnerability Description

A remote overflow exists in Windows. The Trans and Trans2 commands fail to validate SMB transaction data resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Windows. The Trans and Trans2 commands fail to validate SMB transaction data resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Security Tracker: 1013114 Secunia Advisory ID:11634 Other Advisory URL: https://www.immunitysec.com/downloads/greenapple.pdf Other Advisory URL: http://www.eeye.com/html/research/advisories/AD20050208.html Microsoft Security Bulletin: MS05-011 Microsoft Knowledge Base Article: 885250 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-02/0042.html Mail List Post: http://lists.virus.org/dailydave-0411/msg00028.html ISS X-Force ID: 19089 Generic Exploit URL: http://www.frsirt.com/exploits/20050623.mssmb_poc.c.php Generic Exploit URL: http://www.securiteam.com/exploits/5LP0L1PG0I.html CVE-2005-0045