Secunia Advisory: SA21276 Print Advisory
Release Date: 2006-07-31
Critical:Less critical
Impact: DoS
Where: From local network
Solution Status: Unpatched
OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
ISS X-Force has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereference error in the Server driver (srv.sys) when processing certain SMB (Server Message Block) data and can be exploited by sending a specially crafted network packet to a vulnerable system.
Successful exploitation crashes the system.
The vulnerability has been confirmed on Windows XP SP2 (fully patched). Other versions are reportedly also affected.
Solution:
Restrict traffic to ports 135-139 and 445.
Provided and/or discovered by:
Tom Cross, David Means, and Scott Warfield of ISS X-Force.
Original Advisory:
ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/231
MSRC Blog:
http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx
Bollettino Secunia
Release Date: 2006-07-31
Critical:Less critical
Impact: DoS
Where: From local network
Solution Status: Unpatched
OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
ISS X-Force has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereference error in the Server driver (srv.sys) when processing certain SMB (Server Message Block) data and can be exploited by sending a specially crafted network packet to a vulnerable system.
Successful exploitation crashes the system.
The vulnerability has been confirmed on Windows XP SP2 (fully patched). Other versions are reportedly also affected.
Solution:
Restrict traffic to ports 135-139 and 445.
Provided and/or discovered by:
Tom Cross, David Means, and Scott Warfield of ISS X-Force.
Original Advisory:
ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/231
MSRC Blog:
http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx
Bollettino Secunia