NETBIOS: WINS Update Record Overflow
This signature detects attempts to exploit the overflow vulnerability in the Windows Internet Naming Service (WINS). Attackers can use a malformed Update Record packet to create a denial of service (DoS), or take control of the server and execute arbitrary code.
Extended Description
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
Affected Products
Microsoft windows_2003_server
References
BugTraq: 9624
CVE: CVE-2003-0825
URL: http://www.microsoft.com/technet/security/bulletin/MS04-006.mspx
Short Name
NETBIOS:WINS:UPDATE-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
NETBIOS
Keywords
CVE-2003-0825 Overflow Record Update WINS bid:9624
Release Date
02/11/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
Port
UDP/137
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3