Computer Security
[EN] no-pyccku

Related information

  Buffer overflow in Windows 2000/NT SMB protocol

  CORE-20020618: Vulnerabilities in Windows SMB (DoS)

From:MICROSOFT <secure_(at)>
Subject:Security Bulletin MS02-045: Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)

- ----------------------------------------------------------------------
Title:      Unchecked Buffer in Network Share Provider Can Lead to
           Denial of Service (Q326830)
Date:       22 August 2002
Software:   Microsoft Windows NT 4.0 Workstation
           Microsoft Windows NT 4.0 Server
           Microsoft Windows NT 4.0 Server, Terminal Sever Edition
           Microsoft Windows 2000 Professional
           Microsoft Windows 2000 Server
           Microsoft Windows 2000 Advanced Server
           Windows XP Professional
Impact:     Denial of Service
Max Risk:   Moderate
Bulletin:   MS02-045

Microsoft encourages customers to review the Security Bulletin at:
- ----------------------------------------------------------------------

SMB (Server Message Block) is the protocol Microsoft uses to share
files, printers, serial ports, and also to communicate between
computers using named pipes and mail slots. In a networked
environment, servers make file systems and resources available to
clients. Clients make SMB requests for resources and servers make
SMB responses in what described as a client server, request-
response protocol.

By sending a specially crafted packet request, an attacker can mount
a denial of service attack on the target server machine and crash
the system. The attacker could use both a user account and anonymous
access to accomplish this. Though not confirmed, it may be possible
to execute arbitrary code.

Mitigating Factors:
- - An administrator can block this attack by turning off anonymous
 access. However, this does not prevent legitimate users from
 exploiting this vulnerability.
- - An administrator can block access to SMB ports from untrusted
 networks. By blocking TCP ports 445 and 139 at the network
 perimeter, administrators can prevent this attack from untrusted
 parties. In a file and printing environment, this may not be a
 practical solution for legitimate users.
- - An administrator can stop the Lanman server service which prevents
 the attack, but again may not be suitable on a file and print
 sharing server.

Risk Rating:
- Internet systems: Low
- Intranet systems: Moderate
- Client systems: Moderate

Patch Availability:
- A patch is available to fix this vulnerability. Please read the
  Security Bulletin at
  for information on obtaining this patch.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod