|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Windows: code execution via the SMB server
Synthesis of the vulnerability
An attacker can connect to the SMB/CIFS server, in order to generate a denial of service or to execute code on the computer.
Impacted software: Windows 2000, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP.
Severity of this computer vulnerability: 3/4.
Consequences of an attack: privileged access/rights.
Attacker's origin: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/02/2010.
Revision date: 18/10/2010.
Références of this announce: 971468, BID-38049, BID-38051, BID-38054, BID-38085, CERTA-2010-AVI-070, CVE-2010-0020, CVE-2010-0021, CVE-2010-0022, CVE-2010-0231, MS10-012, VIGILANCE-VUL-9436.
Description of the vulnerability
The SMB/CIFS service of Windows is impacted by four vulnerabilities.
An authenticated attacker can send a SMB packet containing a long path, generating a buffer overflow, and leading to code execution with system privileges. [severity:3/4; BID-38049, CERTA-2010-AVI-070, CVE-2010-0020]
An attacker can send a malformed packet during the negotiate phase, in order to block the service. [severity:2/4; BID-38054, CVE-2010-0021]
An attacker can send a SMB packet with an empty share name or server name, in order to generate a NULL pointer dereference, which stops the service. [severity:2/4; BID-38051, CVE-2010-0022]
The server uses a challenge of 8 bytes, which is not sufficiently random. An attacker can therefore use a brute force attack to authenticate. [severity:3/4; BID-38085, CVE-2010-0231]
An attacker can therefore connect to the SMB/CIFS server, in order to generate a denial of service or to execute code on the computer.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities watch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.