Signature Detail

SMB: Netware Client Service Vulnerability

This signature detects attempts to exploit a known vulnerability in the RPC layer of the Netware Client in multiple Windows versions. A successful attack could lead to arbitrary remote code execution.

Extended Description

Microsoft Client Service for Netware is prone to a buffer overflow vulnerability that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This issue could also be exploited by local attackers to gain elevated privileges. It should be noted that the Client Service for Netware is not installed by default on any affected operating system. Microsoft Windows XP Home is not affected by this vulnerability at all.

Affected Products

• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Server Japanese Edition
• Microsoft Windows Server 2003 Datacenter Edition SP1
• Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Enterprise Edition SP1
• Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Standard Edition SP1
• Microsoft Windows Server 2003 Standard Edition SP1 Beta 1
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition SP1
• Microsoft Windows Server 2003 Web Edition SP1 Beta 1
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows XP Media Center Edition SP1
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional
• Microsoft Windows XP Tablet PC Edition SP1
• Microsoft Windows XP Tablet PC Edition SP2
• Microsoft Windows XP Tablet PC Edition
• Nortel Networks Centrex IP Client Manager 2.5.0
• Nortel Networks Centrex IP Client Manager 7.0.0
• Nortel Networks Centrex IP Client Manager 8.0.0
• Nortel Networks Centrex IP Client Manager
• Nortel Networks Centrex IP Element Manager 2.5.0
• Nortel Networks Centrex IP Element Manager 7.0.0
• Nortel Networks Centrex IP Element Manager 8.0.0

References

• BugTraq: 15066
• CVE: CVE-2005-1985
• URL: http://www.microsoft.com/technet/security/bulletin/ms05-046.mspx