SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Server Message Block Vendors:   Microsoft
Windows Server Message Block NEGOTIATE PROTOCOL REQUEST Processing Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022848
SecurityTracker URL:  http://securitytracker.com/id/1022848
CVE Reference:   CVE-2009-3103   (Links to External Site)
Updated:  Oct 13 2009
Original Entry Date:  Sep 8 2009
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Vista SP2, 2008 SP2; and prior service packs
Description:   A vulnerability was reported in Windows Server Message Block. A remote user can cause denial of service conditions. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted SMB header NEGOTIATE PROTOCOL REQUEST data to trigger a flaw in 'srv2.sys' and cause the target system to crash or execute arbitrary code.

A "&" character in the "Process Id High" SMB header field can trigger a crash.

Laurent Gaffie reported this vulnerability as a denial of service vulnerability.

The original advisory is available at:

http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html

On September 8, 2009, Ruben Santamarta reported that remote code execution is possible:

http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1

Microsoft indicates that Windows Vista, Windows Server 2008, and Windows 7 RC are affected, but Windows 7 RTM is not affected. The researcher's original report indicates that Windows 7 is affected [by the denial of service vulnerability].

Impact:   A remote user can cause the target system to crash.

A remote user can execute arbitrary code on the target system.

Solution:   The vendor has issued the following fixes:

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=29842c0c-8930-4b5f-83c6-1a718974b63f

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=62ed5d0a-5ca6-4942-80c9-7808b14cb6b5

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=ff6bfcf3-76c9-4c45-b57d-22f94458dd6e

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=aff6f9c7-4a72-48f2-b750-204d796c7daa

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7b70108b-7f59-4898-ab4e-76be990de878

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx

The original Microsoft advisory is available at:

http://www.microsoft.com/technet/security/advisory/975497.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-050.mspx (Links to External Site)
Cause:   Input validation error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC