Follow:

Vulnerability:Win/SMB.Rename.RCE!CVE-2006-4696

Severity rating
Important

Class/Type
Vulnerability

Discovered date
2006-10-10T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in the Server service because of the way it handles certain network messages. An attacker could exploit the vulnerability by sending a specially crafted network message to a system running the Server service as an authenticated user.



Impact

This is a remote code execution vulnerability. An attacker who exploited this vulnerability could take complete control of an affected system. Attempts to exploit the vulnerability will most probably result in a Denial of Service from a system restart.



Technical details (analysis)

The Server service provides RPC support, file and print support and named pipe sharing over the network. The Server service allows the sharing of your local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC. There exists an improper handling of a memory reallocation request by the Server service, caused by freeing a uninitialized pointer during an SMB command. The Server service provides RPC support, file and print support and named pipe sharing over the network and could be exploited with a specially crafted message.



Affected software

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Vulnerability:Win/SMB.Rename.RCE!CVE-2006-4696
Release Date: 2006-10-10T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Block the following at the firewall: UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, and 445.