CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
A stack-based buffer overflow exists in the Microsoft Server service. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM
privileges.
Microsoft Server Service
MS06-040 includes the following information:
_The Server service provides RPC support, file print support and named pipe sharing over the network. The Server service allows the sharing of your local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC. _
Microsoft Remote Procedure Call (MS RPC) and Server Message Block (SMB)
RPC provides a mechanism that allows a program to execute a procedure on a remote system in a way that is transparent to the calling program. MS RPC is the Microsoft implementation of RPC. Windows services that use MS RPC may use SMB named pipes as the transport service for MS RPC calls.
The Problem
A stack-based buffer overflow exists in the Microsoft Server service. If a remote attacker sends a specially crafted packet to a vulnerable Windows system, that attacker may be able to trigger the buffer overflow.
Note that we have received reports that this vulnerability is actively being exploited.
More information, including a list of affected versions of Windows, is available in Microsoft Security Bulletin MS06-040. We have confirmed that this vulnerability affects Windows NT4. However, according to Microsoft Security Bulletin MS06-040:
_Windows NT Workstation 4.0 Service Pack 6a, Windows NT Server 4.0 Service Pack 6a, Windows 2000 Service Pack 2, and Windows 2000 Service Pack 3 have reached the end of their support life cycles. It should be a priority for customers who have these operating system versions to migrate to supported versions to prevent potential exposure to vulnerabilities. For more information about the Windows Product Lifecycle, visit the following Microsoft Support Lifecycle Web site. For more information about the extended security update support period for these operating system versions, visit the Microsoft Product Support Services Web site. _
Windows NT4 users should observe the workarounds below as well as the recommendations in the Microsoft Windows NT 4.0 and Windows 98 Threat Mitigation Guide.
A remote, unauthenticated attacker may be able to execute arbitrary code with SYSTEM
privileges.
Apply a patch from Microsoft
Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS06-040.
Microsoft has released a new version of Security Bulletin MS06-040 and the associated security updates. The new version corrects the problem described in Microsoft Knowledge Base Article 921883. Programs that request large amounts of contiguous memory running on Windows Server 2003 SP1 and Windows XP Professional x64 Edition systems with the previous version of the MS06-040 update installed could crash.
Until a patch can be applied, the following actions may reduce the chances of exploitation:
Block or Restrict Access
Block access to SMB services (139/tcp, 445/tcp) from untrusted networks such as the Internet.
Restrict anonymous access
Restrict anonymous SMB access. See Microsoft Knowledge Base Article 246261 for information about configuring anonymous access in Windows 2000. Note this will not prevent authenticated users from exploiting this vulnerability, and may have adverse affects in mixed-mode domains. Anonymous SMB access to SAM accounts is restricted in Windows XP and Windows Server 2003 by default.
Other workarounds are available in Microsoft Security Bulletin MS06-040.
650769
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 03, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A |
This vulnerability was reported in Microsoft Security Bulletin MS06-040.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2006-3439 |
---|---|
Severity Metric: | 58.28 Date Public: |