Security Bulletin MS02-045: Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)

2002-08-23T00:00:00
ID SECURITYVULNS:DOC:3409
Type securityvulns
Reporter Securityvulns
Modified 2002-08-23T00:00:00

Description


Title: Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830) Date: 22 August 2002 Software: Microsoft Windows NT 4.0 Workstation Microsoft Windows NT 4.0 Server Microsoft Windows NT 4.0 Server, Terminal Sever Edition Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows 2000 Advanced Server Windows XP Professional Impact: Denial of Service Max Risk: Moderate Bulletin: MS02-045

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-045.asp.


Issue:

SMB (Server Message Block) is the protocol Microsoft uses to share files, printers, serial ports, and also to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources and servers make SMB responses in what described as a client server, request- response protocol.

By sending a specially crafted packet request, an attacker can mount a denial of service attack on the target server machine and crash the system. The attacker could use both a user account and anonymous access to accomplish this. Though not confirmed, it may be possible to execute arbitrary code.

Mitigating Factors:

    • An administrator can block this attack by turning off anonymous access. However, this does not prevent legitimate users from exploiting this vulnerability.
    • An administrator can block access to SMB ports from untrusted networks. By blocking TCP ports 445 and 139 at the network perimeter, administrators can prevent this attack from untrusted parties. In a file and printing environment, this may not be a practical solution for legitimate users.
    • An administrator can stop the Lanman server service which prevents the attack, but again may not be suitable on a file and print sharing server.

Risk Rating:

  • Internet systems: Low
  • Intranet systems: Moderate
  • Client systems: Moderate

Patch Availability:

  • A patch is available to fix this vulnerability. Please read the Security Bulletin at http://www.microsoft.com/technet/security/bulletin/ms02-045.asp for information on obtaining this patch.