CERT-In Vulnerability Note CIVN-2006-52
Microsoft Windows Server Message Block (SMB) Privilege Escalation and DoS Vulnerabilities.
Original Issue Date:
June 14,2006
Severity Rating:
Medium
Systems Affected
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Service Pack 1
- Microsoft Windows Server 2003 and Service Pack 1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
Overview Two vulnerabilities have been reported in Microsoft Windows, which could be exploited by local attackers to obtain elevated privileges or cause a denial of service.
Description
Server Message Block (SMB) is a client server, request-response protocol. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources. Servers make SMB responses. The details of vulnerabilities are given below:
1. SMB Driver Elevation of Privilege Vulnerability : CVE-2006-2373
This vulnerability is due to a buffer overflow error in the "MrxSmbCscIoctlOpenForCopyChunk()" within the Client Side Caching (CSCDLL.DLL) and the Server Message Block Redirector Driver (MRXSMB.SYS), which could be exploited by malicious users to execute arbitrary commands with SYSTEM privileges.
2. SMB Invalid Handle Vulnerability : CVE-2006-2374
This vulnerability is due to an access validation error in the "MrxSmbCscIoctlCloseForCopyChunk()" within the Client Side Caching (CSCDLL.DLL) and the Server Message Block Redirector Driver (MRXSMB.SYS), which could be exploited by malicious users to cause an affected system to stop responding.
These Vulnerabilities could be exploited by a local user with valid login credentials.
It has been observed that exploit code for these vulnerabilities are available on the Internet. Workarounds
Microsoft has suggested following workarounds. Disabling these services will help to protect the affected system from attempts to exploit these vulnerabilities but clients will not be able to access SMB shares.
- Disable the Workstation service
- Delete the MRxSmb driver registry entry
Solution: Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-030 Vendor information
Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-030.mspx
References
Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-030.mspx
FrSIRT
http://www.frsirt.com/english/advisories/2006/2327
Security Focus
http://www.securityfocus.com/bid/18357/info
http://www.securityfocus.com/bid/18356/info CVE Name
CVE-2006-2373
CVE-2006-2374
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
