MS-RPC: RPC DNS Server
This signature detects attempts to exploit a known vulnerability against Microsoft DNS Server. A remote code execution vulnerability exists in the RPC interface of Microsofts DNS Server because of the way that it handles certain RPC functions. Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are affected. A successful attack allows arbitrary code execution at SYSTEM level.
Extended Description
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
Affected Products
Microsoft windows_2000
References
BugTraq: 23470
CVE: CVE-2007-1748
URL: http://www.microsoft.com/technet/security/advisory/935964.mspx http://www.kb.cert.org/vuls/id/555920
Short Name
MS-RPC:DCE-RPC-DNSSVR
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
CVE-2007-1748 DNS RPC Server bid:23470
Release Date
04/16/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0