HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2005-101
Denial of Service Vulnerability in Network Connection Manager

Original Issue Date: October 13, 2005

Severity Rating: Low

Systems Affected

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

Overview

Microsoft Windows Connections Manager Library (netman.dll) allows local users to cause a denial of service (Network Connections Service crash).

Description

The Network Connection Manager is an operating system component that processes the request to make the network connections, such as those seen in the Network and Dial-Up Connections folder. This vulnerability is caused due to an error in a function in netman.dll when a large integer is supplied as an argument. As a result of this vulnerability remote access connections stop responding. If the affected component is stopped due to an attack, it will automatically restart when new requests are received.

It should be noted on Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, this issue is only available locally and an attacker must have valid logon credentials.

On Windows 2000, Windows XP Service Pack 1 and Windows Server 2003, an attacker must have valid logon credentials to exploit this vulnerability. The vulnerability can however be exploited remotely to users who have standard user accounts.

According to report exploit for this vulnerability is available on the internet.

Workarounds

Microsoft suggested following workarounds to mitigate the attack vectors.

Block the following at the enterprise perimeter firewall:

  • UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445, and 593.
  • All unsolicited inbound traffic on ports greater than 1024.
  • Any other specifically configured RPC port.
  • If COM Internet Services (CIS) or RPC over HTTPis installed block ports 80 and 443.

Solution

Apply appropriate security update as mentioned in the Microsoft Security Bulletin MS05-045.

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS05-045.mspx

References

Security focus
http://www.securityfocus.com/bid/14260

Secunia Advisory
http://secunia.com/advisories/16065

CVE Name
CAN-2005-2307

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91 11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003