SMB: Redundant Negotiation Response
This signature detects attempts to exploit a known vulnerability in the Microsoft Windows SMB stack. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Ring Zero.
Extended Description
Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute code with SYSTEM-level privileges. On some systems, remote attacks may result in denial-of-service conditions.
Affected Products
Nortel_networks self-service_speech_server,Nortel_networks contact_center_manager_server
References
BugTraq: 38100
CVE: CVE-2010-0016
URL: http://www.microsoft.com/technet/security/Bulletin/MS10-006.mspx
Short Name
SMB:DOUBLE-NEGO-RESP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
CVE-2010-0016 CVE-2010-0017 Negotiation Redundant Response bid:38100
Release Date
02/09/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
9.3