search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetShareEnum transaction

Vulnerability Note VU#342243

Original Release Date: 2002-08-23 | Last Revised: 2003-07-02

Overview

Microsoft Server Message Block (SMB) is a protocol for sharing data and resources between computers. SMB may crash upon receipt of a crafted SMB_COM_TRANSACTION packet requesting a NetShareEnum transaction. Attackers can use this vulnerability to cause a denial of service. SMB is included in many versions of Microsoft Windows.

Description

SMB will crash if it receives a crafted SMB_COM_TRANSACTION packet requesting a NetShareEnum transaction, with field "Max Param Count" or "Max Data Count" set to zero (0). On exploitation, the crashed host condition exhibits a blue screen. This vulnerability can be exploited by an attacker with access to a user account on the target system. By default, anonymous users have the required access to exploit this vulnerability; therefore on most Windows systems an attacker does not need to be authenticated.

Impact

Attackers can cause a denial of service. Attackers might also be able to execute arbitrary code, though this has not been demonstrated or proven.

Solution

Apply a patch

For more information about patches, see

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-045.asp


Disable anonymous access

Disable anonymous SMB access. See Microsoft Knowledge Base Article 246261 for information about configuring anonymous access in Windows 2000. This will not prevent authenticated users from exploiting this vulnerability, and may have adverse affects in mixed-mode domains.

Block or Restrict Access

Block access to SMB services (139/tcp, 445/tcp) from untrusted networks such as the Internet.

Vendor Information

342243
 
Expand all

Microsoft Corporation Affected

Notified:  July 15, 2002 Updated: August 23, 2002

Status

Affected

Vendor Statement

See: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-045.asp

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Ivan Arce of CORE Security Technologies for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs: CVE-2002-0724
Severity Metric: 5.02
Date Public: 2002-08-22
Date First Published: 2002-08-23
Date Last Updated: 2003-07-02 22:59 UTC
Document Revision: 16

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis