Signature Detail
Short Name |
APP:MS-SMS-DOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
APP |
Keywords |
Microsoft Systems Management Server (SMS) Denial of Service |
Release Date |
2004/08/11 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Microsoft Systems Management Server (SMS) Denial of Service
This signature detects attempts to exploit a known vulnerability against the Remote Control Client service in Microsoft Systems Management Server (SMS). SMS 2.50 is vulnerable. Because the service does not properly validate user input, attackers can send a maliciously crafted request to a control port and crash the service.
Extended Description
Reportedly Microsoft Systems Management Server is vulnerable to a remote denial of service vulnerability. This issue is due to a failure of the affected server to handle exceptional conditions. Successful exploitation of this issue will allow an attacker to trigger a denial of service condition in the affected server. Code execution might be possible but is unlikely and unconfirmed.
Affected Products
- Microsoft Systems Management Server 1.2
- Microsoft Systems Management Server 1.2 SP1
- Microsoft Systems Management Server 1.2 SP2
- Microsoft Systems Management Server 1.2 SP3
- Microsoft Systems Management Server 1.2 SP4
- Microsoft Systems Management Server 2.0
- Microsoft Systems Management Server 2.0 SP1
- Microsoft Systems Management Server 2.50.2726 .0
References
- BugTraq: 10726
- CVE: CVE-2004-0728