1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. OS Attack: MS Windows Server Service NetAPI CVE-2006-3439

OS Attack: MS Windows Server Service NetAPI CVE-2006-3439

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in the Server Service.

Additional Information

Microsoft Windows Server Service facilitates the sharing of local resources (including RPC support, files, printers, and named pipes) over the network.

Microsoft Windows Server Service is prone to a remote buffer-overflow vulnerability. This issue arises because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers.

Specifically, the vulnerability arises when the service processes a malicious message in RPC communications. A remote unauthenticated attacker can send a large message containing arbitrary code to overflow a finite-sized buffer and corrupt process memory.

A successful attack may result in arbitrary code execution with SYSTEM privileges leading to a full compromise. Attack attempts may result in denial-of-service conditions as well.

Microsoft has reported that this issue is being exploited in the wild.n nUpdate (August 14, 2006): A worm named 'W32.Wargbot' that exploits this issue to spread is currently in the wild.

Affected

  • Microsoft Windows 2000 Advanced Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Datacenter Server SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Professional SP1, SP2, SP3, SP4
  • Microsoft Windows 2000 Server SP1, SP2, SP3, SP4
  • Microsoft Windows Server 2003 Datacenter Edition SP1
  • Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
  • Microsoft Windows Server 2003 Datacenter x64 Edition
  • Microsoft Windows Server 2003 Enterprise Edition SP1
  • Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
  • Microsoft Windows Server 2003 Enterprise x64 Edition
  • Microsoft Windows Server 2003 Standard Edition SP1
  • Microsoft Windows Server 2003 Standard x64 Edition
  • Microsoft Windows Server 2003 Web Edition SP1
  • Microsoft Windows XP Home SP1, SP2
  • Microsoft Windows XP Media Center Edition SP1, SP2
  • Microsoft Windows XP Professional SP1, SP2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Tablet PC Edition SP1, SP2

Response

Workaround:Microsoft has suggested some workarounds, including blocking TCP ports used to initiate a connection to the vulnerable component, enabling personal firewalls, and using IPSec and TCP/IP filtering to prevent attacks. Please see the referenced Microsoft Security Bulletin for more information.Solution:Microsoft has released an advisory including fixes to address this issue.n nA Cisco advisory containing various mitigation strategies using Cisco products to prevent attacks is available. Please see references for more information.

Microsoft Windows 2000 Advanced Server SP4:
Microsoft Patch Security Update for Windows 2000 (KB921883)


Microsoft Windows 2000 Datacenter Server SP4:
Microsoft Patch Security Update for Windows 2000 (KB921883)


Microsoft Windows 2000 Professional SP4:
Microsoft Patch Security Update for Windows 2000 (KB921883)


Microsoft Windows 2000 Server SP4:
Microsoft Patch Security Update for Windows 2000 (KB921883)


Microsoft Windows Server 2003 Datacenter Edition :
Microsoft Patch Security Update for Windows Server 2003 (KB921883)


Microsoft Windows Server 2003 Datacenter Edition SP1:
Microsoft Patch Security Update for Windows Server 2003 (KB921883)


Microsoft Windows Server 2003 Datacenter Edition 64-bit :
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB921883)


Microsoft Windows Server 2003 Datacenter Edition 64-bit SP1:
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB921883)


Microsoft Windows Server 2003 Datacenter x64 Edition:
Microsoft Patch Security Update for Windows Server 2003 x64 Edition (KB921883)


Microsoft Windows Server 2003 Enterprise Edition :
Microsoft Patch Security Update for Windows Server 2003 (KB921883)


Microsoft Windows Server 2003 Enterprise Edition SP1:
Microsoft Patch Security Update for Windows Server 2003 (KB921883)


Microsoft Windows Server 2003 Enterprise Edition 64-bit :
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB921883)


Microsoft Windows Server 2003 Enterprise Edition 64-bit SP1:
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB921883)


Microsoft Windows Server 2003 Enterprise x64 Edition:
Microsoft Patch Security Update for Windows Server 2003 x64 Edition (KB921883)


Microsoft Windows Server 2003 Standard Edition :
Microsoft Patch Security Update for Windows Server 2003 (KB921883)


Microsoft Windows Server 2003 Standard Edition SP1:
Microsoft Patch Security Update for Windows Server 2003 (KB921883)


Microsoft Windows Server 2003 Standard x64 Edition:
Microsoft Patch Security Update for Windows Server 2003 x64 Edition (KB921883)


Microsoft Windows Server 2003 Web Edition :
Microsoft Patch Security Update for Windows Server 2003 (KB921883)


Microsoft Windows Server 2003 Web Edition SP1:
Microsoft Patch Security Update for Windows Server 2003 (KB921883)


Microsoft Windows XP Home SP1:
Microsoft Patch Security Update for Windows XP (KB921883)


Microsoft Windows XP Home SP2:
Microsoft Patch Security Update for Windows XP (KB921883)


Microsoft Windows XP Media Center Edition SP1:
Microsoft Patch Security Update for Windows XP (KB921883)


Microsoft Windows XP Media Center Edition SP2:
Microsoft Patch Security Update for Windows XP (KB921883)


Microsoft Windows XP Professional SP1:
Microsoft Patch Security Update for Windows XP (KB921883)


Microsoft Windows XP Professional SP2:
Microsoft Patch Security Update for Windows XP (KB921883)


Microsoft Windows XP Professional x64 Edition:
Microsoft Patch Security Update for Windows XP x64 Edition (KB921883)


Microsoft Windows XP Tablet PC Edition SP1:
Microsoft Patch Security Update for Windows XP (KB921883)


Microsoft Windows XP Tablet PC Edition SP2:
Microsoft Patch Security Update for Windows XP (KB921883)

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube