HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-164
Microsoft Windows SMB Buffer Underflow Vulnerability

Original Issue Date:October 16, 2008

Severity Rating: Medium

Systems Affected

  • Microsoft Windows 2000 Service Pack 4
  • Windows XP Service Pack 2 and Windows XP Service Pack 3
  • Windows XP Professional x64 Edition and Windows XP
  • Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista and Windows Vista Service Pack 1
  • Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for Itanium-based Systems

Overview

A remote code execution vulnerability has been reported in Microsoft Server Message Block (SMB) Protocol, successful exploitation of which could allow an attacker to take complete control of the affected system.

Description

 Microsoft Server Message Block (SMB) Protocol is a Microsoft network file sharing protocol used in Microsoft Windows.

The vulnerability is caused due to an insufficient validation of specially crafted file names by the Microsoft Server Message Block (SMB) Protocol.

Successful exploitation of this vulnerability could allow an attacker to take complete control of the affected system.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-063

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS08-063.mspx

References

 Secunia
http://secunia.com/advisories/32249/

SecurityTracker
http://securitytracker.com/alerts/2008/Oct/1021049.html

SecurityFocus
http://www.securityfocus.com/bid/31647/

FrSIRT
http://www.frsirt.com/english/advisories/2008/2814

ISS
http://xforce.iss.net/xforce/xfdb/45560

CVE name
CVE-2008-4038

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003