NETBIOS: WINS Server Replication PTR Attack (UDP)
This signature detects attempts to exploit a known vulnerability in the Microsoft NetBIOS WINS server. Attackers can use a brute-force attack against a WINS server to execute code using SYSTEM privileges. Because the WINS server fails to validate the source IP of connections on UDP port 42 as coming from a configured replication client, attacks are possible from any IP.
Extended Description
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
Affected Products
Microsoft windows_2000
Short Name
NETBIOS:WINS:REPLICATION-PTR-U
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
NETBIOS
Keywords
(UDP) Attack CVE-2004-1080 PTR Replication Server WINS bid:11763
Release Date
12/02/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
Port
UDP/42
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0