search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets

Vulnerability Note VU#445214

Original Release Date: 2004-02-23 | Last Revised: 2004-02-23

Overview

Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition.

Description

The Windows Internet Naming Service (WINS) maps IP addresses to NETBIOS computer names. There is a vulnerability in the way WINS validates the length of specially crafted packets. This could allow an attacker to cause WINS to crash.

According to Microsoft, this vulnerability will only cause a denial of service on Windows Server 2003. While the vulnerable code exists in Windows NT and Windows 2000, WINS will reject the specially crafted packet thus not causing a denial of service.

Impact

On Windows Server 2003, an unauthenticated, remote attacker could cause WINS to crash.

Solution

Apply Patch
Apply the patch (830352) referenced in Microsoft Security Bulletin MS04-006.


Block or restrict access

As a temporary measure, it is possible to limit the scope of this vulnerability by blocking access to ports used to initiate a connection with a remote WINS server at the network perimeter. These are typically ports 42/tcp and 137/udp. Please note that this workaround does not protect vulnerable WINS servers from internal attacks.

Disable vulnerable service

Disable WINS until a patch can be applied. As a best practice, the CERT/CC recommends disabling all services that are not explicitly required.

Vendor Information

445214
 
Expand all

Microsoft Corporation Affected

Updated:  February 23, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please refer to Microsoft Security Bulletin MS04-006.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This vulnerability was reported by Microsoft. Microsoft, in turn, credits Qualys for discovering this vulnerability.

This document was written by Damon Morda.

Other Information

CVE IDs: CVE-2003-0825
Severity Metric: 2.63
Date Public: 2004-02-10
Date First Published: 2004-02-23
Date Last Updated: 2004-02-23 22:00 UTC
Document Revision: 21

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis