NETBIOS: ASN.1 Overlong DER Authentication Token
This signature detects attempts to exploit a known vulnerability in Microsoft's NetBIOS protocol. An attacker can send improperly formed ASN.1 Security Messages to cause a denial of service (DoS) or take control of the target host as System.
Extended Description
A vulnerability has been reported in the Microsoft ASN.1 library. This issue is related to insufficient checking of data supplied via an externally supplied length field in ASN.1 BER encoded data. This could result in an excessive value being used in a heap allocation routine, allowing for large amounts of heap memory to be corrupted. This could be leveraged to corrupt sensitive values in memory, resulting in execution of arbitrary code. This vulnerability is exposed in a number of security related operating system components, including Kerberos (via UDP port 88), Microsoft IIS with SSL support enabled and NTLMv2 authentication (via TCP ports 135, 139 and 445). Other components may also be affected, though a comprehensive list is not available at this time. It should be noted that because ASN.1 data will likely be encoded, for example Kerberos, SSL, IPSec or Base64 encoded, the malicious integer values may be obfuscated and as a result not easily detectable.
Affected Products
Microsoft windows_98
References
BugTraq: 9633
CVE: CVE-2003-0818
URL: http://microsoft.com/technet/security/bulletin/MS04-007.asp
Short Name
NETBIOS:OVERFLOW:ASN-1-DER-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
NETBIOS
Keywords
ASN.1 Authentication CVE-2003-0818 DER Overlong Token bid:9633
Release Date
08/04/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Intuit
Yahoo!
Aol
Microsoft
Vandyke
CVSS Score
7.5