U radu operacijskog sustava Microsoft Windows Server 2003 uočena je sigurnosna nepravilnost u radu. Ranjivost je posljedica pogreške u "mrxsmb.sys". Iskorištavanje se ostvaruje podmetanjem dugačkih znakovnih nizova u posebno oblikovanom "Browser Election Request" paketu. Zloupotreba uzrokuje pojavu prepisivanja spremnika (eng. buffer overflow), a napadač ju može iskoristiti za pokretanje DoS napada ili izvođenje proizvoljnog programskog koda. Korisnicima se za više detalja u vezi ranjivih inačica i zaštite savjetuje čitanje teksta izvorne preporuke.

Microsoft Windows SMB Browser Election Request Parsing Vulnerability
Secunia Advisory 	SA43299 	
Release Date 	2011-02-15

Criticality level 	Moderately criticalModerately critical
Impact 	DoS
System access
Where 	From local network
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Unpatched
  	 
  	 
3rd party PoC/exploit 	Link available in Customer Area
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Operating System	
	Microsoft Windows Server 2003 Datacenter Edition
	Microsoft Windows Server 2003 Enterprise Edition
	Microsoft Windows Server 2003 Standard Edition
	Microsoft Windows Server 2003 Web Edition
	Microsoft Windows Storage Server 2003

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	No CVE references.

	   	

Description

Cupidon-3005 has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to an error in mrxsmb.sys and can be exploited to cause a buffer overflow via an overly long Server Name string sent in a specially crafted Browser Election Request packet.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed on a fully patched Windows Server 2003 Standard Edition SP2 (mrxsmb.sys version 5.2.3790.4671). Other versions may also be affected.

Solution
Restrict access within a broadcast domain to trusted hosts only.

Provided and/or discovered by
Cupidon-3005

Original Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.html