From xforce@iss.net Sun Sep 1 12:50:18 2002 From: X-Force To: vulnwatch@vulnwatch.org Date: Thu, 29 Aug 2002 21:04:40 -0400 (EDT) Subject: [VulnWatch] ISS Security Brief: Microsoft Windows SMB Denial of Service Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief August 29, 2002 Microsoft Windows SMB Denial of Service Vulnerability Synopsis: A vulnerability has been reported in the Windows file and resource sharing mechanism. The SMB (Server Message Block) protocol handles the sharing of files and devices in Windows environments. A flaw in the implementation of SMB may allow remote attackers to launch DoS (Denial of Service) attacks against vulnerable systems. Impact: A remote attacker can cause a vulnerable system to crash by sending a specially crafted SMB packet to an open NetBIOS port (TCP port 139). These ports are typically filtered on outward facing Internet servers. This vulnerability poses a significant DoS risk to unprotected home or small/medium size business servers, or any servers not protected by basic protection systems. An exploit tool for this vulnerability has been released and is actively circulating in the computer underground. ISS has detected increased scanning activity for this SMB vulnerability across the Internet. Affected Versions: Microsoft Windows NT 4.0 Workstation Microsoft Windows NT 4.0 Server Microsoft Windows NT 4.0 Server, Terminal Server Edition Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows 2000 Advanced Server Windows XP Professional For the complete ISS X-Force Security Alert, please visit: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21061 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email xforce@iss.net for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBPW7EXjRfJiV99eG9AQF8FQP+P9aGPbvlCMOBNg8XjdDL8m7+tqHqUwqI lLyLjTSzbXfGbkmpKnQKKx6e95xh3NxUFSE4tE/9BBEwN3uHEn4+qK0xHelrmOs0 o9gjWa6P343sF7cOo/lxLxev2Rar0uCseIdmYx/uP+zvBtFuu9VfiCNoF1paieG6 F2LDQLnOrn0= =Pc0r -----END PGP SIGNATURE-----