Microsoft SMS Port 2702 DoS

2004-07-14T00:00:00
ID OSVDB:8243
Type osvdb
Reporter HexView(vuln@hexview.com)
Modified 2004-07-14T00:00:00

Description

Vulnerability Description

SMS Remote Control Client contains a flaw that may allow a remote denial of service. The issue is triggered by sending the "RCH0####RCHE" string followed by a large number of characters (over 130) to TCP port 2702, and will result in loss of availability (crash) for the SMS service.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by restricting access to ports 2701/TCP and 2702/TCP.

Short Description

SMS Remote Control Client contains a flaw that may allow a remote denial of service. The issue is triggered by sending the "RCH0####RCHE" string followed by a large number of characters (over 130) to TCP port 2702, and will result in loss of availability (crash) for the SMS service.

References:

Security Tracker: 1010713 Secunia Advisory ID:11814 Mail List Post: http://www.securityfocus.com/archive/1/368911/2004-07-11/2004-07-17/0 Keyword: TCP port 2701,TCP port 2702 ISS X-Force ID: 16696 CVE-2004-0728