Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3103

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-3103
Last Modified 24 Jun 2011 12:00:00
Published 08 Sep 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3103

Summary

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Operating System

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 Sp2

  • Microsoft Windows Vista


References

CERT - TA09-286A

CERT-VN - VU#135940

MS - MS09-050

XF - win-srv2sys-code-execution(53090)

SECTRACK - 1022848

BID - 36299

BUGTRAQ - 20090909 SMB SRV2.SYS Denial of Service PoC

BUGTRAQ - 20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD

MISC - http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1

MILW0RM - 9594

CONFIRM - http://www.microsoft.com/technet/security/advisory/975497.mspx

SECUNIA - 36623

OSVDB - 57799

MISC - http://isc.sans.org/diary.html?storyid=7093

MISC - http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html

MISC - http://blog.48bits.com/?p=510

FULLDISC - 20090907 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.


Last Updated: 27 May 2016 10:51:08