Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability alert CVE-2010-0020 CVE-2010-0021 CVE-2010-0022

Windows: code execution via the SMB server

Synthesis of the vulnerability

An attacker can connect to the SMB/CIFS server, in order to generate a denial of service or to execute code on the computer.
Severity: 3/4.
Creation date: 10/02/2010.

Description of the vulnerability

The SMB/CIFS service of Windows is impacted by four vulnerabilities.

An authenticated attacker can send a SMB packet containing a long path, generating a buffer overflow, and leading to code execution with system privileges. [severity:3/4; BID-38049, CVE-2010-0020, >]

An attacker can send a malformed packet during the negotiate phase, in order to block the service. [severity:2/4; BID-38054, CVE-2010-0021, >]

An attacker can send a SMB packet with an empty share name or server name, in order to generate a NULL pointer dereference, which stops the service. [severity:2/4; BID-38051, CVE-2010-0022, >]

The server uses a challenge of 8 bytes, which is not sufficiently random. An attacker can therefore use a brute force attack to authenticate. [severity:3/4; BID-38085, CVE-2010-0231, >]

An attacker can therefore connect to the SMB/CIFS server, in order to generate a denial of service or to execute code on the computer.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Windows: code execution via the SMB server.
Keywords: CIFS NULL SMB Windows code execution server.
Identifiers: 971468, BID-38049, BID-38051, BID-38054, BID-38085, CVE-2010-0020, CVE-2010-0021, CVE-2010-0022, CVE-2010-0231, MS10-012, VIGILANCE-VUL-9436.

Information sources

Publications and announces
Source example: MS10-012 - Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : SMB Pathname Overflow Vulnerability - CVE-2010-0020

An authenticated attacker can send a SMB packet containing a long path, generating a buffer overflow, and leading to code execution with system privileges.
Severity: 3/4.
Identifiers: BID-38049, CVE-2010-0020.

Vulnerability : SMB Memory Corruption Vulnerability - CVE-2010-0021

An attacker can send a malformed packet during the negotiate phase, in order to block the service.
Severity: 2/4.
Identifiers: BID-38054, CVE-2010-0021.

Vulnerability : SMB Null Pointer Vulnerability - CVE-2010-0022

An attacker can send a SMB packet with an empty share name or server name, in order to generate a NULL pointer dereference, which stops the service.
Severity: 2/4.
Identifiers: BID-38051, CVE-2010-0022.

Vulnerability : SMB NTLM Authentication Lack of Entropy Vulnerability - CVE-2010-0231

The server uses a challenge of 8 bytes, which is not sufficiently random. An attacker can therefore use a brute force attack to authenticate.
Severity: 3/4.
Identifiers: BID-38085, CVE-2010-0231.
Publications and announces

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française