Content
(MS06-063) Microsoft SMB Rename Vulnerability (923414)
- Type
- Buffer Overflow
- Impact of exploitation
- Denial of Service
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Medium
- CVE reference
- CVE-2006-4696 ,
- 2006-T-0033,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows XP Generic,
- Windows XP SP0 - SP2,
- Windows 2003 Generic,
- Windows 2000 SP4,
- Windows 2000 Generic,
- Windows 2003 SP0 - SP1,
- Summary
- A vulnerability exists in the Microsoft Server Service that may allow for a denial of service attack. This could be exploited remotely through malicious network traffic.
Tab Navigation
Description
The Microsoft Server Service allows for local resource sharing via RPC. A denial of service vulnerability is present in the Server Service that may allow remote attacks. The flaw lies in processing of maliciously crafted SMB traffic by the server service. Successful exploitation would cause the system to cease responding.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (923414): http://www.microsoft.com/technet/security/bulletin/MS06-063.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-063) Microsoft SMB Rename Vulnerability (923414)
- Signature identifier:
- 4683
- Release date:
- 10/10/2006
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- SRV.SYS Null Pointer Dereference
- Signature identifier:
- 0x40708B00
- Release date:
- 8/24/2006
- First released in:
- sigset(s) 3.1.20, 1.8.81, 1.9.64, 2.1.47
Additional Resources
Microsoft Security Bulletin: Vulnerability in Server Service Could Allow Denial of Service (923414)
http://www.microsoft.com/technet/security/bulletin/MS06-063.mspx
Vulnerability Summary CVE-2006-4696
All Information
Timeline -
10/10/2006
Vendor has provided a patch.
10/10/2006
Vulnerability information has been publicly disclosed.
Description -
The Microsoft Server Service allows for local resource sharing via RPC. A denial of service vulnerability is present in the Server Service that may allow remote attacks. The flaw lies in processing of maliciously crafted SMB traffic by the server service. Successful exploitation would cause the system to cease responding.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (923414): http://www.microsoft.com/technet/security/bulletin/MS06-063.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-063) Microsoft SMB Rename Vulnerability (923414)
- Signature identifier:
- 4683
- Release date:
- 10/10/2006
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- SRV.SYS Null Pointer Dereference
- Signature identifier:
- 0x40708B00
- Release date:
- 8/24/2006
- First released in:
- sigset(s) 3.1.20, 1.8.81, 1.9.64, 2.1.47
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in Server Service Could Allow Denial of Service (923414)
http://www.microsoft.com/technet/security/bulletin/MS06-063.mspx
