Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in SMB Could Allow Remote Code Execution (958687) |
Informations | |||
---|---|---|---|
Name | MS09-001 | First vendor Publication | 2009-01-13 |
Vendor | Microsoft | Last vendor Modification | 2009-01-13 |
Severity (Vendor) | Critical | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: Bulletin published.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-001.mspx |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-28 | Fuzzing |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-63 | Simple Script Injection |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-66 | SQL Injection |
CAPEC-67 | String Format Overflow in syslog() |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-72 | URL Encoding |
CAPEC-73 | User-Controlled Filename |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
CAPEC-81 | Web Logs Tampering |
CAPEC-83 | XPath Injection |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-88 | OS Command Injection |
CAPEC-91 | XSS in IMG Tags |
CAPEC-99 | XML Parser Attack |
CAPEC-101 | Server Side Include (SSI) Injection |
CAPEC-104 | Cross Zone Scripting |
CAPEC-106 | Cross Site Scripting through Log Files |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-109 | Object Relational Mapping Injection |
CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
CAPEC-171 | Variable Manipulation |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5248 | |||
Oval ID: | oval:org.mitre.oval:def:5248 | ||
Title: | SMB Validation Remote Code Execution Vulnerability | ||
Description: | SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4835 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5262 | |||
Oval ID: | oval:org.mitre.oval:def:5262 | ||
Title: | Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS | ||
Description: | srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4114 | Version: | 1 |
Platform(s): | Microsoft Windows Vista | Product(s): | Microsoft Windows Vista |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5863 | |||
Oval ID: | oval:org.mitre.oval:def:5863 | ||
Title: | SMB Buffer Overflow Remote Code Execution Vulnerability | ||
Description: | Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4834 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6044 | |||
Oval ID: | oval:org.mitre.oval:def:6044 | ||
Title: | SMB Validation Denial of Service Vulnerability | ||
Description: | srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4114 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-03-18 | Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - Remote File : nvt/secpod_ms09-001_remote.nasl |
2009-01-14 | Name : Vulnerabilities in SMB Could Allow Remote Code Execution (958687) File : nvt/secpod_ms09-001.nasl |
2008-10-15 | Name : SMB Remote Code Execution Vulnerability (957095) File : nvt/secpod_ms08-063_900053.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
52692 | Microsoft SMB NT Trans2 Request Parsing Unspecified Remote Code Execution |
52691 | Microsoft SMB NT Trans Request Parsing Overflow Remote Code Execution |
48153 | Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS Windows contains a flaw that may allow a remote denial of service. The issue is triggered when the kernel processes malformed WRITE_ANDX SMB packets, and will result in loss of availability for the platform. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt RuleID : 15227 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt RuleID : 15226 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt RuleID : 15225 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt RuleID : 15224 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt RuleID : 15223 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt RuleID : 15222 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt RuleID : 15221 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt RuleID : 15220 - Revision : 16 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow att... RuleID : 15219 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt RuleID : 15218 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow att... RuleID : 15217 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt RuleID : 15216 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt RuleID : 15215 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt RuleID : 15214 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt RuleID : 15213 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt RuleID : 15212 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt RuleID : 15211 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt RuleID : 15210 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underfl... RuleID : 15209 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underfl... RuleID : 15208 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt RuleID : 15207 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt RuleID : 15206 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow at... RuleID : 15205 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow at... RuleID : 15204 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt RuleID : 15203 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow a... RuleID : 15202 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt RuleID : 15201 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow a... RuleID : 15200 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt RuleID : 15199 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt RuleID : 15198 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt RuleID : 15197 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt RuleID : 15196 - Revision : 16 - Type : OS-WINDOWS |
2014-01-10 | SMB write_andx overflow attempt RuleID : 10161 - Revision : 9 - Type : NETBIOS |
Metasploit Database
id | Description |
---|---|
2020-05-23 | Microsoft SRV.SYS WriteAndX Invalid DataOffset |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-01-13 | Name : It may be possible to execute arbitrary code on the remote host due to a flaw... File : smb_nt_ms09-001.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:12 |
|
2016-03-06 05:24:18 |
|
2016-03-06 00:24:25 |
|
2014-02-17 11:46:09 |
|
2014-01-19 21:30:17 |
|