Windows : Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' RCE Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100283

Categoría: Windows

Título: Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' RCE Vulnerability

Resumen: Microsoft Windows is prone to a remote code execution (RCE) vulnerability; when processing the protocol headers for the Server Message Block (SMB) Negotiate Protocol Request.;; NOTE: Reportedly, for this issue to be exploitable, file sharing must be enabled.

Descripción: Summary:
Microsoft Windows is prone to a remote code execution (RCE) vulnerability
when processing the protocol headers for the Server Message Block (SMB) Negotiate Protocol Request.

NOTE: Reportedly, for this issue to be exploitable, file sharing must be enabled.

Vulnerability Impact:
An attacker can exploit this issue to execute code with SYSTEM-level
privileges. failed exploit attempts will likely cause denial-of-service conditions.

Affected Software/OS:
- Microsoft Windows 7 RC, Vista and 2008 Server are vulnerable, other versions may also be affected. NOTE: Reportedly

- Microsoft Windows XP and 2000 are not affected. UPDATE (September 9, 2009): Symantec has confirmed the issue on Microsoft Windows Vista SP1 and Microsoft Windows Server 2008

Solution:
Microsoft has released updates to fix the issue.
Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3103
BugTraq ID: 36299
http://www.securityfocus.com/bid/36299
Bugtraq: 20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD (Google Search)
http://www.securityfocus.com/archive/1/506300/100/0/threaded
Bugtraq: 20090909 SMB SRV2.SYS Denial of Service PoC (Google Search)
http://www.securityfocus.com/archive/1/506327/100/0/threaded
Cert/CC Advisory: TA09-286A
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
CERT/CC vulnerability note: VU#135940
http://www.kb.cert.org/vuls/id/135940
http://www.exploit-db.com/exploits/9594
http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html
http://blog.48bits.com/?p=510
http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html
http://isc.sans.org/diary.html?storyid=7093
http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1
Microsoft Security Bulletin: MS09-050
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050
http://osvdb.org/57799
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489
http://www.securitytracker.com/id?1022848
http://secunia.com/advisories/36623
XForce ISS Database: win-srv2sys-code-execution(53090)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53090

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100283
Categoría:	Windows
Título:	Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' RCE Vulnerability
Resumen:	Microsoft Windows is prone to a remote code execution (RCE) vulnerability; when processing the protocol headers for the Server Message Block (SMB) Negotiate Protocol Request.;; NOTE: Reportedly, for this issue to be exploitable, file sharing must be enabled.
Descripción:	Summary: Microsoft Windows is prone to a remote code execution (RCE) vulnerability when processing the protocol headers for the Server Message Block (SMB) Negotiate Protocol Request. NOTE: Reportedly, for this issue to be exploitable, file sharing must be enabled. Vulnerability Impact: An attacker can exploit this issue to execute code with SYSTEM-level privileges. failed exploit attempts will likely cause denial-of-service conditions. Affected Software/OS: - Microsoft Windows 7 RC, Vista and 2008 Server are vulnerable, other versions may also be affected. NOTE: Reportedly - Microsoft Windows XP and 2000 are not affected. UPDATE (September 9, 2009): Symantec has confirmed the issue on Microsoft Windows Vista SP1 and Microsoft Windows Server 2008 Solution: Microsoft has released updates to fix the issue. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3103 BugTraq ID: 36299 http://www.securityfocus.com/bid/36299 Bugtraq: 20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD (Google Search) http://www.securityfocus.com/archive/1/506300/100/0/threaded Bugtraq: 20090909 SMB SRV2.SYS Denial of Service PoC (Google Search) http://www.securityfocus.com/archive/1/506327/100/0/threaded Cert/CC Advisory: TA09-286A http://www.us-cert.gov/cas/techalerts/TA09-286A.html CERT/CC vulnerability note: VU#135940 http://www.kb.cert.org/vuls/id/135940 http://www.exploit-db.com/exploits/9594 http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html http://blog.48bits.com/?p=510 http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html http://isc.sans.org/diary.html?storyid=7093 http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1 Microsoft Security Bulletin: MS09-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050 http://osvdb.org/57799 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489 http://www.securitytracker.com/id?1022848 http://secunia.com/advisories/36623 XForce ISS Database: win-srv2sys-code-execution(53090) https://exchange.xforce.ibmcloud.com/vulnerabilities/53090
Copyright	Copyright (C) 2009 Greenbone AG