1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. MS SMB PathName Overflow DOS

MS SMB PathName Overflow DOS

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability in Microsoft SMB protocol.

Additional Information

Server Message Block (SMB) is an application-layer network protocol. It provides shared access to resources such as files, printers, and ports on a network.

Microsoft Windows is prone to a remote code-execution vulnerability because the SMB implementation fails to perform boundary checks on user-supplied data. Specifically, the issue arises when the software handles a specially crafted 'pathname' in an SMB request. An authenticated attacker can exploit this issue to trigger a buffer-overflow condition and execute arbitrary code.

Successful exploits will allow the attacker to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.

Affected

  • Microsoft Windows XP Tablet PC Edition SP3
  • Microsoft Windows XP Tablet PC Edition SP2
  • Microsoft Windows XP Professional x64 Edition SP2
  • Microsoft Windows XP Professional SP3
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Media Center Edition SP3
  • Microsoft Windows XP Media Center Edition SP2
  • Microsoft Windows XP Home SP3
  • Microsoft Windows XP Home SP2
  • Microsoft Windows Vista Ultimate 64-bit edition SP2
  • Microsoft Windows Vista Ultimate 64-bit edition SP1
  • Microsoft Windows Vista Ultimate 64-bit edition 0
  • Microsoft Windows Vista Home Premium 64-bit edition SP2
  • Microsoft Windows Vista Home Premium 64-bit edition SP1
  • Microsoft Windows Vista Home Premium 64-bit edition 0
  • Microsoft Windows Vista Home Basic 64-bit edition SP2
  • Microsoft Windows Vista Home Basic 64-bit edition SP1
  • Microsoft Windows Vista Home Basic 64-bit edition 0
  • Microsoft Windows Vista Enterprise 64-bit edition SP2
  • Microsoft Windows Vista Enterprise 64-bit edition SP1
  • Microsoft Windows Vista Enterprise 64-bit edition 0
  • Microsoft Windows Vista Business 64-bit edition SP2
  • Microsoft Windows Vista Business 64-bit edition SP1
  • Microsoft Windows Vista Business 64-bit edition 0
  • Microsoft Windows Vista Ultimate SP2
  • Microsoft Windows Vista Ultimate SP1
  • Microsoft Windows Vista Ultimate
  • Microsoft Windows Vista Home Premium SP2
  • Microsoft Windows Vista Home Premium SP1
  • Microsoft Windows Vista Home Premium
  • Microsoft Windows Vista Home Basic SP2
  • Microsoft Windows Vista Home Basic SP1
  • Microsoft Windows Vista Home Basic
  • Microsoft Windows Vista Enterprise SP2
  • Microsoft Windows Vista Enterprise SP1
  • Microsoft Windows Vista Enterprise
  • Microsoft Windows Vista Business SP2
  • Microsoft Windows Vista Business SP1
  • Microsoft Windows Vista Business
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems R2
  • Microsoft Windows Server 2008 for x64-based Systems 0
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems R2
  • Microsoft Windows Server 2008 for Itanium-based Systems 0
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for 32-bit Systems 0
  • Microsoft Windows Server 2003 x64 SP2
  • Microsoft Windows Server 2003 Itanium SP2
  • Microsoft Windows 7 for x64-based Systems 0
  • Microsoft Windows 7 for 32-bit Systems 0
  • Microsoft Windows 2000 Server SP4
  • Microsoft Windows 2000 Professional SP4
  • Microsoft Windows 2000 Datacenter Server SP4
  • Microsoft Windows 2000 Advanced Server SP4
  • 3DM Software Disk Management Software SP2

Response

A Microsoft advisory along with fixes is available. Please see the references for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube