Signature Detail

SMB: SMBdie Exploit

This signature detects attempts to exploit a known vulnerability against Server Message Block (SMB) in Microsoft NT, 2000, and XP. Using the SMBdie exploit, attackers can send a maliciously crafted SMB request to crash the server.

Extended Description

Microsoft Windows operating systems use the Server Message Block (SMB) protocol to support services such as file and printer sharing. A buffer overflow vulnerability has been reporting in the handling of some malformed SMB requests. An attacker may send a malformed SMB request packet in order to exploit this condition. It has been reported possible to corrupt heap memory, leading to a crash of the underlying system. It may prove possible to exploit this vulnerability to execute arbitrary code and gain local access to the vulnerable system. This possibility has not, however, been confirmed. Reportedly, this vulnerability may be exploited both as an authenticated user, and with anonymous access to the service. It has been reported, by "Fabio Pietrosanti \(naif\)" <naif@blackhats.it>, that disabling the NetBIOS Null Session will prevent exploitation of this vulnerablity.

Affected Products

• Cisco Call Manager 3.0.0
• Cisco Call Manager 3.1.0
• Cisco Call Manager 3.1.0 (2)
• Cisco Call Manager 3.1.0 (3a)
• Cisco Call Manager 3.2.0
• Cisco ICS 7750
• Cisco ICS Firmware 1.0.0
• Cisco ICS Firmware 2.0.0
• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server
• Microsoft Windows NT Server 4.0
• Microsoft Windows NT Server 4.0 SP1
• Microsoft Windows NT Server 4.0 SP2
• Microsoft Windows NT Server 4.0 SP3
• Microsoft Windows NT Server 4.0 SP4
• Microsoft Windows NT Server 4.0 SP5
• Microsoft Windows NT Server 4.0 SP6
• Microsoft Windows NT Server 4.0 SP6a
• Microsoft Windows NT Terminal Server 4.0
• Microsoft Windows NT Terminal Server 4.0 SP1
• Microsoft Windows NT Terminal Server 4.0 SP2
• Microsoft Windows NT Terminal Server 4.0 SP3
• Microsoft Windows NT Terminal Server 4.0 SP4
• Microsoft Windows NT Terminal Server 4.0 SP5
• Microsoft Windows NT Terminal Server 4.0 SP6
• Microsoft Windows NT Workstation 4.0
• Microsoft Windows NT Workstation 4.0 SP1
• Microsoft Windows NT Workstation 4.0 SP2
• Microsoft Windows NT Workstation 4.0 SP3
• Microsoft Windows NT Workstation 4.0 SP4
• Microsoft Windows NT Workstation 4.0 SP5
• Microsoft Windows NT Workstation 4.0 SP6
• Microsoft Windows NT Workstation 4.0 SP6a
• Microsoft Windows XP
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP Home
• Microsoft Windows XP Professional

References

• BugTraq: 5556
• CVE: CVE-2002-0724
• URL: http://www.microsoft.com/technet/security/bulletin/ms02-045.asp