MS-RPC: DCOM RPC Long Filename Heap Corruption
This signature detects attempts to exploit a known vulnerability in the Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface for Microsoft Windows 2000 with Service Packs 3 and 4. The DCOM RPC interface handles DCOM object activation requests sent by client machines to the server. Attackers can use a long filename to corrupt the DCOM RPC heap, which can cause a denial of service and possibly gain elevated privileges on the system.
Extended Description
The Microsoft Windows RPC service may contain a flaw that allows a remote attacker to cause a denial of service. By sending a specifically malformed packet to TCP port 135, the RPC service will be disabled. This issue may be related to BID 6005, however, this has not been confirmed.
Affected Products
Microsoft windows_nt_terminal_server
References
BugTraq: 8234
CVE: CVE-2003-0605
URL: http://www.microsoft.com/technet/security/bulletin/MS03-039.mspx http://www.kb.cert.org/vuls/id/326746
Short Name
MS-RPC:DCOM:LONG-FILE-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
CVE-2003-0605 Corruption DCOM Filename Heap Long RPC bid:8234
Release Date
09/24/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5