SMB: Reflection Attack
This anomaly triggers if it detects an SMB reflection attack. A successful attack can result in remote code execution.
Extended Description
Microsoft Windows is prone to a vulnerability that could let attackers replay NTLM credentials over the SMB protocol. A successful exploit would let an attacker execute arbitrary code in the context of the affected user.
Affected Products
Avaya messaging_application_server,Microsoft windows_server_2003_standard_edition
References
BugTraq: 7385
CVE: CVE-2008-4037
URL: http://www.microsoft.com/technet/security/Bulletin/MS08-068.mspx
Short Name
SMB:REFLECTION
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMB
Keywords
CVE-2008-4037 MS08-068 bid:7385
Release Date
11/13/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
9.3