NETBIOS: WINS Server Name Overflow
This signature detects attempts to exploit a known vulnerability against NetBIOS WINS servers. Attackers can send an overly long server name parameter to overflow the stack buffer and execute arbitrary code.
Extended Description
The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."
Affected Products
Microsoft windows_2000
Short Name
NETBIOS:WINS:SRV-NAME-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
NETBIOS
Keywords
CVE-2004-0567 Name Overflow Server WINS bid:11763
Release Date
12/17/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
Port
TCP/42
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5