SMB: SMB 2.0 Negotiate Denial Of Service
This signature detects attempts to exploit a known vulnerability against Windows 7 SMB layer. A successful attack can result in a denial-of-service condition.
Extended Description
Microsoft Windows is prone to a remote code-execution vulnerability when processing the protocol headers for the Server Message Block (SMB) Negotiate Protocol Request. NOTE: Reportedly, for this issue to be exploitable, file sharing must be enabled. An attacker can exploit this issue to execute code with SYSTEM-level privileges; failed exploit attempts will likely cause denial-of-service conditions. Windows 7 RC, Vista and 2008 Server are vulnerable; other versions may also be affected. NOTE: Reportedly, Windows XP and 2000 are not affected. UPDATE (September 9, 2009): Symantec has confirmed the issue on Windows Vista SP1 and Windows Server 2008.
Affected Products
Microsoft windows_vista
Short Name
SMB:SMB20-NEG-DOS
Severity
Major
Recommended
False
Recommended Action
None
Category
SMB
Keywords
2.0 CVE-2009-2532 CVE-2009-3103 Denial Negotiate Of SMB Service bid:36299
Release Date
09/09/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Rarely
Vendors
Microsoft
CVSS Score
10.0