Content
RPC Interface Buffer Overflow (7.17.03)
- Type
- Vulnerability
- SubType
- Microsoft
- Discovery Date
- 07/17/2003
- Length
- N/A
- Minimum DAT
- Entercept (07/17/2003)
- Updated DAT
- Entercept (07/17/2003)
- Minimum Engine
- N/A
- Description Added
- 07/18/2003
- Description Modified
- 07/29/2003 8:22 PM (PT)
Tab Navigation
Characteristics
This is not a virus or trojan. It is a Microsoft product vulnerability that could be used by an attacker to gain unauthorized system access.
Microsoft has published an advisory regarding buffer overflow vulnerability present in the windows RPC Service. The RPC service provides remote procedure calls between objects executing on two remote machines running the Windows operating system.
SCOPE
An attacker can exploit this vulnerability by crafting a specifically malformed RPC packet and sending it to a vulnerable server. The attacker will need access to the vulnerable server RPC interface that is located at port 135.
A malicious attacker may use this vulnerability to execute code of his choice on the victim machine. Since the RPC service executes with SYSTEM privileges an attacker executing code as the result of this attack can fully compromise the vulnerable server
Entercept provides patented protection against code execution as a result of buffer overflows and prevents the exploitation of the RPC Interface buffer overflow vulnerability.
VERSIONS AFFECTED
Windows NT 4.0 - All service packs
Windows 2000 - All service packs
RECOMMENDATIONS
In order to best counter this threat, Entercept suggests following its recommended Security Best Practices, including:
1. Apply the MS03-039 patch (includes MS03-026 patch) Please refer to:
- Microsoft Security Bulletin MS03-026 for more information: http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-026.asp
- Microsoft Security Bulletin MS03-039 for more information: http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-039.asp
2. Block port 135 when RPC service is not required
3. Deploy Entercept Standard Edition on all critical servers.
Symptoms
N/A This is not a virus or trojan.
Method of Infection
N/A
Removal
About Entercept Security Technologies
Entercept Security Technologies is the proven leader in intrusion prevention software. Based on patented technology, Entercept safeguards the entire server by preventing known and unknown malicious attacks. Unlike other security solutions, Entercept uses a combination of behavioral rules and signatures to proactively prevent attacks rather than merely detecting and reporting them after they occur. Strategic partners include Check Point, Foundstone and other leading companies. Entercept has received numerous awards and industry recognition, including Network Magazine's 2001 Product of the Year, Fortune Small Business Magazine's '65 Big Ideas List', SC Magazine's 'Best Pick of the Year 2000 and 2001', InfoWorld magazine's 'Business Impact of the Year Award', and InfoWorld magazine's Readers Choice 'Security Product of the Year'. www.entercept.com
The information provided is identified, assessed and measured by the Entercept Ricochet security research team, a leading group of security experts dedicated to collecting and evaluating intelligence against server threats.
Variants
Variants
N/A
All Information
Overview -
Characteristics
Characteristics -
This is not a virus or trojan. It is a Microsoft product vulnerability that could be used by an attacker to gain unauthorized system access.
Microsoft has published an advisory regarding buffer overflow vulnerability present in the windows RPC Service. The RPC service provides remote procedure calls between objects executing on two remote machines running the Windows operating system.
SCOPE
An attacker can exploit this vulnerability by crafting a specifically malformed RPC packet and sending it to a vulnerable server. The attacker will need access to the vulnerable server RPC interface that is located at port 135.
A malicious attacker may use this vulnerability to execute code of his choice on the victim machine. Since the RPC service executes with SYSTEM privileges an attacker executing code as the result of this attack can fully compromise the vulnerable server
Entercept provides patented protection against code execution as a result of buffer overflows and prevents the exploitation of the RPC Interface buffer overflow vulnerability.
VERSIONS AFFECTED
Windows NT 4.0 - All service packs
Windows 2000 - All service packs
RECOMMENDATIONS
In order to best counter this threat, Entercept suggests following its recommended Security Best Practices, including:
1. Apply the MS03-039 patch (includes MS03-026 patch) Please refer to:
- Microsoft Security Bulletin MS03-026 for more information: http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-026.asp
- Microsoft Security Bulletin MS03-039 for more information: http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/bulletin/MS03-039.asp
2. Block port 135 when RPC service is not required
3. Deploy Entercept Standard Edition on all critical servers.
Symptoms
Symptoms -
N/A This is not a virus or trojan.
Method of Infection
Method of Infection -
N/A
Removal -
Removal -
About Entercept Security Technologies
Entercept Security Technologies is the proven leader in intrusion prevention software. Based on patented technology, Entercept safeguards the entire server by preventing known and unknown malicious attacks. Unlike other security solutions, Entercept uses a combination of behavioral rules and signatures to proactively prevent attacks rather than merely detecting and reporting them after they occur. Strategic partners include Check Point, Foundstone and other leading companies. Entercept has received numerous awards and industry recognition, including Network Magazine's 2001 Product of the Year, Fortune Small Business Magazine's '65 Big Ideas List', SC Magazine's 'Best Pick of the Year 2000 and 2001', InfoWorld magazine's 'Business Impact of the Year Award', and InfoWorld magazine's Readers Choice 'Security Product of the Year'. www.entercept.com
The information provided is identified, assessed and measured by the Entercept Ricochet security research team, a leading group of security experts dedicated to collecting and evaluating intelligence against server threats.
Variants
Variants -
N/A
