Signature Detail
Short Name |
MS-RPC:DCOM:EXPLOIT |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
MS-RPC |
Keywords |
DCOM Exploit |
Release Date |
2003/07/29 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
MS-RPC: DCOM Exploit
This signature detects attempts to exploit a known vulnerability in Microsoft Windows Remote Procedure Call (RPC) system. Windows 2000 and XP are vulnerable. RPC is an operating system component that enables remote computers to request actions or services. For example, file and print sharing from the local Windows system. Attackers can use dcom.c to send too much data to the RPC process, causing the local system to grant full access to the remote computer. Also, the W32.Blaster and Nachi/Welchia worms can be detected or blocked using this signature.
Extended Description
A buffer overrun vulnerability has been reported in Microsoft Windows that can be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. The issue is due to insufficient bounds checking of client DCOM object activation requests. Exploitation of this issue could result in execution of malicious instructions with Local System privileges on an affected system. This issue may be exposed on other ports that the RPC Endpoint Mapper listens on, such as TCP ports 139, 135, 445 and 593. This has not been confirmed. Under some configurations the Endpoint Mapper may receive traffic via port 80. ** There have been unconfirmed reports that Windows 9x systems with certain software installed may also be vulnerable to this issue. Reportedly, Windows 98 systems with .NET software installed may be vulnerable according to scans using various DCOM RPC vulnerability scanning tools. Symantec has not confirmed this behaviour and it may in fact be due to false positives generated by the scanners.
Affected Products
- Cisco Broadband Troubleshooter
- Cisco Building Broadband Service Manager (BBSM) 5.1.0
- Cisco Building Broadband Service Manager (BBSM) 5.2.0
- Cisco Building BroadBand Service Manager Hotspot 1.0.0
- Cisco Call Manager 1.0.0
- Cisco Call Manager 2.0.0
- Cisco Call Manager 3.0.0
- Cisco Call Manager 3.1.0
- Cisco Call Manager 3.1.0 (2)
- Cisco Call Manager 3.1.0 (3a)
- Cisco Call Manager 3.2.0
- Cisco Call Manager 3.3.0
- Cisco Call Manager 3.3.0 (3)
- Cisco Call Manager
- Cisco CiscoWorks VPN/Security Management Solution
- Cisco Collaboration Server
- Cisco Conference Connection
- Cisco Customer Response Application Server
- Cisco DOCSIS CPE Configurator
- Cisco Dynamic Content Adapter
- Cisco E-Mail Manager
- Cisco Emergency Responder
- Cisco Intelligent Contact Manager
- Cisco Internet Service Node
- Cisco IP Contact Center Express
- Cisco IP Telephony Environment Monitor
- Cisco IP/VC 3540 Application Server
- Cisco IP/VC 3540 Video Rate Matching Module
- Cisco Lan Management Solution
- Cisco Media Blender
- Cisco Networking Services for Active Directory
- Cisco Network Registar
- Cisco Personal Assistant
- Cisco QoS Policy Manager
- Cisco Routed Wan Management
- Cisco Secure Access Control Server 3.2.1
- Cisco Secure ACS for Windows NT 2.1.0
- Cisco Secure ACS for Windows NT 2.3.0
- Cisco Secure ACS for Windows NT 2.4.0
- Cisco Secure ACS for Windows NT 2.5.0
- Cisco Secure ACS for Windows NT 2.6.0
- Cisco Secure ACS for Windows NT 2.6.2
- Cisco Secure ACS for Windows NT 2.6.3
- Cisco Secure ACS for Windows NT 2.6.4
- Cisco Secure ACS for Windows NT 3.0.0
- Cisco Secure ACS for Windows NT 3.0.0 .1
- Cisco Secure ACS for Windows NT 3.0.3
- Cisco Secure ACS for Windows NT 3.1.1
- Cisco Secure ACS for Windows Server 3.2.0
- Cisco Secure Policy Manager 3.0.1
- Cisco Secure Scanner
- Cisco Service Management
- Cisco Small Network Management Solution
- Cisco SN 5420 Storage Router 1.1.0 (2)
- Cisco SN 5420 Storage Router 1.1.0 (3)
- Cisco SN 5420 Storage Router 1.1.0 (4)
- Cisco SN 5420 Storage Router 1.1.0 (5)
- Cisco SN 5420 Storage Router 1.1.0 (7)
- Cisco SN 5420 Storage Router 1.1.3
- Cisco Trailhead
- Cisco Transport Manager
- Cisco Unity Server 2.0.0
- Cisco Unity Server 2.1.0
- Cisco Unity Server 2.2.0
- Cisco Unity Server 2.3.0
- Cisco Unity Server 2.4.0
- Cisco Unity Server 2.46.0
- Cisco Unity Server 3.0.0
- Cisco Unity Server 3.1.0
- Cisco Unity Server 3.2.0
- Cisco Unity Server 3.3.0
- Cisco Unity Server 4.0.0
- Cisco Unity Server
- Cisco uOne 1.0.0
- Cisco uOne 2.0.0
- Cisco uOne 3.0.0
- Cisco uOne 4.0.0
- Cisco uOne Enterprise Edition
- Cisco User Registration Tool
- Cisco Voice Manager
- Cisco VPN/Security Management Solution
- Cisco Wireless Lan Solution Engine
- Compaq OpenVMS 6.2.0 -1H1 Alpha
- Compaq OpenVMS 6.2.0 -1H2 Alpha
- Compaq OpenVMS 6.2.0 -1H3 Alpha
- Compaq OpenVMS 6.2.0 alpha
- Compaq OpenVMS 6.2.0 VAX
- Compaq OpenVMS 7.1.0 -2 Alpha
- Compaq OpenVMS 7.1.0 alpha
- Compaq OpenVMS 7.1.0 VAX
- Compaq OpenVMS 7.2.0 -1H1 Alpha
- Compaq OpenVMS 7.2.0 -1H2 Alpha
- Compaq OpenVMS 7.2.0 -2 Alpha
- Compaq OpenVMS 7.2.0 alpha
- Compaq OpenVMS 7.2.0 VAX
- Compaq OpenVMS 7.2.1 Alpha
- Compaq OpenVMS 7.3.0 -1 Alpha
- Compaq OpenVMS 7.3.0 Alpha
- Compaq OpenVMS 7.3.0 VAX
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP 64-bit Edition SP1
- Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
References
- BugTraq: 8205
- CERT: CA-2003-19
- CVE: CVE-2003-0352
- URL: http://www.kb.cert.org/vuls/id/568148
- URL: http://www.microsoft.com/technet/security/bulletin/MS03-026.asp