SAINT CorporationSAINT:DDBE446EB9150A503CD3EFA04B708666Windows SMB credential reflection vulnerability
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.116 Low
EPSS
Percentile
95.1%
Added: 05/07/2009
CVE: CVE-2008-4037
BID: 7385
OSVDB: 49736
Background
The Server Message Block (SMB) protocol is a file sharing protocol implemented in Microsoft Windows.
NTLM is a challenge/response-based authentication protocol.
Problem
An NTLM credential reflection vulnerability allows a remote SMB server to re-use a user’s authentication response to gain unauthorized access to the user’s system.
Resolution
Apply the patch referenced in Microsoft Security Bulletin 08-068.
References
<http://www.microsoft.com/technet/security/bulletin/MS08-068.mspx>
Limitations
Exploit works on Windows XP and requires a user to load the exploit page in a web browser.
In order for the exploit to succeed, the user on the target must have the administrator privilege, and the “simple file sharing” on the target must be disabled.
If it is successful, this exploit may disable the firewall on the target.
Platforms
Windows XP
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.116 Low
EPSS
Percentile
95.1%