SMB: Netware Client Service Vulnerability
This signature detects attempts to exploit a known vulnerability in the RPC layer of the Netware Client in multiple Windows versions. A successful attack could lead to arbitrary remote code execution.
Extended Description
The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
Affected Products
Microsoft windows_2000
References
BugTraq: 15066
CVE: CVE-2005-1985
URL: http://www.microsoft.com/technet/security/bulletin/ms05-046.mspx
Short Name
SMB:OF:NETWARE-CLIENT-RPC
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
CVE-2005-1985 Client Netware Service Vulnerability bid:15066
Release Date
10/11/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5