SMB: Windows SMB Client Transaction Response Handling Vulnerability
This signature detects attempts to exploit a known vulnerability against the SMB protocol in Microsoft windows. Microsoft Windows 2000, XP, and Server 2003 are vulnerable. Attackers can send malicious messages that might allow them to gain control of the target system.
Extended Description
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.
Affected Products
Microsoft windows_2000
References
BugTraq: 12484
CVE: CVE-2005-0045
URL: http://www.securiteam.com/windowsntfocus/5QP0D0UEUA.html http://www.kb.cert.org/vuls/id/652537
Short Name
SMB:EXPLOIT:GREENAPPLE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
CVE-2005-0045 Client Handling Response SMB Transaction Vulnerability Windows bid:12484
Release Date
04/20/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5