SecurityTracker: Windows SMB Server Flaws Lets Remote Authenticated Users Execute Arbitrary Code and Let Remote Users Deny Service

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Microsoft) > Windows Server Message Block

Vendors: Microsoft

Windows SMB Server Flaws Lets Remote Authenticated Users Execute Arbitrary Code and Let Remote Users Deny Service

SecurityTracker Alert ID: 1023568

SecurityTracker URL: http://securitytracker.com/id/1023568

CVE Reference: CVE-2010-0020, CVE-2010-0021, CVE-2010-0022, CVE-2010-0231 (Links to External Site)

Date: Feb 9 2010

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2000 SP4, 2003 SP2, XP SP3, Vista SP2, 2008 SP2, 2008 R2, 7; and prior service packs

Description: Several vulnerabilities were reported in Windows SMB Server. A remote authenticated user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

A remote authenticated user can send SMB packets with a specially crafted SMB pathname to trigger a buffer overflow and execute arbitrary code on the target system [CVE-2010-0020].

A remote user can send specially crafted SMB packets to trigger a memory corruption error and cause the target system to stop responding [CVE-2010-0021]. A manual restart is required to return the system to normal operation.

A remote user can send SMB packets with specially crafted share and servername fields to trigger a null pointer error and cause the target system to stop responding [CVE-2010-0022]. A manual restart is required to return the system to normal operation.

The NTLM authentication implementation does not have sufficient entropy. A remote user can send a large number of authentication requests and reuse information from those failed connections to spoof a valid authentication token and gain access to the target SMB share [CVE-2010-0231].

Joshua Morin of Codenomicon, Florian Rienhardt of BSI, and Hernan Ochoa reported some of these vulnerabilities.

Impact: A remote authenticated user can execute arbitrary code on the target system.

A remote user can cause the target system to stop responding.

Solution: The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=267ce982-54a0-418f-ad52-e4963610f714

Windows XP Service Pack 2 and Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=8f7adee3-e68e-41b3-b835-d84691774f31

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=91ee57f2-81e5-49bd-bdfc-d3e385efc8a5

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3d18cbc4-ac48-458c-8aa3-90708fd854ff

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7d63c95e-311a-446f-8852-dffd217a89f6

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=ee7f8cc4-f7fd-4dc7-808c-436204ee80cb

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=16494dac-553a-4de9-b751-0d6b51cb43f0

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=cec582b3-e37f-448e-a5c3-6abdcee9e57c

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=597b2310-2cd8-4d0f-8248-781eb8b7450a

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=67119fb6-e517-46f4-ab0b-2351cdc3d670

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=f90fc0c8-babe-4224-be07-614ea7ddf102

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=122fc003-0651-4ad2-a5c8-a21536defad8

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=3e096468-db6c-45c6-bee5-eaeaa63500b5

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=dc757b6d-f0f8-4e71-ab6f-1417233eedf9

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=d5b0b1eb-24f3-47ec-aba1-c1b95400189e

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-012.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-012.mspx (Links to External Site)

Cause: Access control error, Boundary error, Randomization error, State error

Underlying OS:

Message History: None.

Source Message Contents

Date: Tue, 09 Feb 2010 21:16:24 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-012.mspx


Microsoft Security Bulletin MS10-012 - Important: Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)

CVE-2010-0020
CVE-2010-0021
CVE-2010-0022
CVE-2010-0231

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC