MS-RPC: Workstation Service Buffer Overflow
This protocol anomaly is a suspiciously long argument for the NetrValidateName, NetrValidateName2, or NetrAddAlternateComputerName functions requested using a named-pipe transaction. An unauthenticated user can exploit this vulnerability on Windows 2000/XP servers to execute arbitrary code with system-level privileges.
Extended Description
It has been reported that Microsoft Windows Workstation (WKSSVC.DLL) service is prone to a vulnerability that may allow a remote attacker to gain unauthorized access to a vulnerable host. The problem is in the handling of requests by the Workstation Service. The Workstation Service does not properly check bounds on remote data therefore making it possible to overwrite sensitive regions of system memory.
Affected Products
Cisco sn_5420_storage_router,Cisco call_manager
References
BugTraq: 9011
CVE: CVE-2003-0812
URL: http://www.microsoft.com/technet/security/bulletin/MS03-049.asp http://www.kb.cert.org/vuls/id/567620
Short Name
MS-RPC:OF:WKST-SVC-PIPE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
MS-RPC
Keywords
CVE-2003-0812 bid:9011 overflow service smb workstation
Release Date
01/29/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cisco
Microsoft
CVSS Score
7.5