Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 NETBIOS:WINS:UPDATE-OF

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 NETBIOS

Keywords

 WINS Update Record Overflow

Release Date

 2004/02/11

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

NETBIOS: WINS Update Record Overflow


This signature detects attempts to exploit the overflow vulnerability in the Windows Internet Naming Service (WINS). Attackers can use a malformed Update Record packet to create a denial of service (DoS), or take control of the server and execute arbitrary code.

Extended Description

The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.

Affected Products

  • Microsoft windows_2000 (:advanced_server)
  • Microsoft windows_2000 (:server)
  • Microsoft windows_2000 (sp1:advanced_server)
  • Microsoft windows_2000 (sp1:server)
  • Microsoft windows_2000 (sp2:advanced_server)
  • Microsoft windows_2000 (sp2:server)
  • Microsoft windows_2000 (sp3:advanced_server)
  • Microsoft windows_2000 (sp3:server)
  • Microsoft windows_2000 (sp4:advanced_server)
  • Microsoft windows_2000 (sp4:server)
  • Microsoft windows_2003_server enterprise (:64-bit)
  • Microsoft windows_2003_server enterprise_64-bit
  • Microsoft windows_2003_server r2 (:datacenter_64-bit)
  • Microsoft windows_2003_server (r2:x64)
  • Microsoft windows_2003_server standard (:64-bit)
  • Microsoft windows_2003_server web
  • Microsoft windows_nt 4.0 (:enterprise_server)
  • Microsoft windows_nt 4.0 (:server)
  • Microsoft windows_nt 4.0 (sp1:enterprise_server)
  • Microsoft windows_nt 4.0 (sp1:server)
  • Microsoft windows_nt 4.0 (sp1:terminal_server)
  • Microsoft windows_nt 4.0 (sp2:enterprise_server)
  • Microsoft windows_nt 4.0 (sp2:server)
  • Microsoft windows_nt 4.0 (sp2:terminal_server)
  • Microsoft windows_nt 4.0 (sp3:enterprise_server)
  • Microsoft windows_nt 4.0 (sp3:server)
  • Microsoft windows_nt 4.0 (sp3:terminal_server)
  • Microsoft windows_nt 4.0 (sp4:enterprise_server)
  • Microsoft windows_nt 4.0 (sp4:server)
  • Microsoft windows_nt 4.0 (sp4:terminal_server)
  • Microsoft windows_nt 4.0 (sp5:enterprise_server)
  • Microsoft windows_nt 4.0 (sp5:server)
  • Microsoft windows_nt 4.0 (sp5:terminal_server)
  • Microsoft windows_nt 4.0 (sp6a:enterprise_server)
  • Microsoft windows_nt 4.0 (sp6a:server)
  • Microsoft windows_nt 4.0 (sp6:enterprise_server)
  • Microsoft windows_nt 4.0 (sp6:server)
  • Microsoft windows_nt 4.0 (sp6:terminal_server)
  • Microsoft windows_nt 4.0 (:terminal_server)

References

  • BugTraq: 9624
  • CVE: CVE-2003-0825
  • URL: http://www.microsoft.com/technet/security/bulletin/MS04-006.mspx

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out