SMB: Lanman Nuke

This protocol anomaly is a LANMAN request (NetServerEnum, NetServerEnum2, or NetShareEnum) over a named pipe transaction where the max-param-count and/or the max-data-count of the Transaction header is zero. Attackers can use this malformed request to crash an unpatched Microsoft NT, 2000, or XP server.

Extended Description

Microsoft Windows operating systems use the Server Message Block (SMB) protocol to support services such as file and printer sharing. A buffer overflow vulnerability has been reporting in the handling of some malformed SMB requests. An attacker may send a malformed SMB request packet in order to exploit this condition. It has been reported possible to corrupt heap memory, leading to a crash of the underlying system. It may prove possible to exploit this vulnerability to execute arbitrary code and gain local access to the vulnerable system. This possibility has not, however, been confirmed. Reportedly, this vulnerability may be exploited both as an authenticated user, and with anonymous access to the service. It has been reported, by "Fabio Pietrosanti \(naif\)" , that disabling the NetBIOS Null Session will prevent exploitation of this vulnerablity.

Affected Products

Cisco ics_firmware,Cisco call_manager

References

BugTraq: 5556

CVE: CVE-2002-0724

URL: http://www.kb.cert.org/vuls/id/250635 http://securitytracker.com/alerts/2002/Aug/1005119.html http://www.securiteam.com/exploits/5AP0W0080C.html

Short Name

SMB:EXPLOIT:LANMAN-NUKE

Severity

Critical

Recommended

False

Recommended Action

None

SMB: Lanman Nuke

Extended Description

Affected Products

References

Found a potential security threat?