1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. SMB Server Transaction Name BO

SMB Server Transaction Name BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote denial-of-service vulnerability in the SMB server.

Additional Information

Microsoft Windows is prone to a remote denial-of-service vulnerability because the operating system fails to properly handle network traffic.

This issue is triggered by specially crafted TCP network packets with destination ports set to 445 or 139. This occurs when SMV_COM_TRANSACTION messages with a non-NULL-terminated are sent to vulnerable computers. The malformed SMB PIPE traffic causes a NULL-pointer dereference in the 'srv.sys' server driver, resulting in denial-of-service conditions.

This issue may cause affected computers to crash, denying service to legitimate users. Code execution is reportedly not possible, but this has not been confirmed.

Reports indicate that this issue may be currently exploited in the wild, but this has not been confirmed.

Affected

  • Microsoft Windows 2000 Server SP4
  • Microsoft Windows Server 2003 Datacenter Edition SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Datacenter Edition Itanium SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Datacenter x64 Edition
  • Microsoft Windows Server 2003 Enterprise Edition SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Enterprise Edition Itanium SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Enterprise x64 Edition
  • Microsoft Windows Server 2003 Standard Edition SP1, SP1 Beta 1
  • Microsoft Windows Server 2003 Standard x64 Edition
  • Microsoft Windows Server 2003 Web Edition SP1, SP1 Beta 1
  • Microsoft Windows XP Professional SP1, SP2
  • Microsoft Windows XP Professional x64 Edition

Response

Ensure that all patches available from Microsoft have been applied.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube