Microsoft SMB Client Transaction Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	04/13/2010
Severity:	High
Operating Systems Affected:	Microsoft Windows 7 32-bit Microsoft Windows 7 x64 Microsoft Windows Server 2008 R2 x64 Microsoft Windows Server 2008 R2 Itanium
Type:	Remote
Identifiers:	CVE-2010-0270

Synopsis

Microsoft SMB client is prone to Transaction vulnerability. This vulnerability exists in the way that the Microsoft Server Message Block (SMB) client implementation handles specially crafted SMB transaction responses.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms10-020.mspx

Threat Analysis

The vulnerability exists because by the Microsoft Server Message Block (SMB) client improperly validates fields in the SMB response. This could lead to a memory corruption issue resulting in code execution with system-level privileges.

An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request.

An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, delete data, or create new accounts with full user rights.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0270

Write-up by: Aditya Chaturvedi