|
Microsoft Network Share Provider SMB Request Buffer Overflow Vulnerability
Solution: It has been reported, by "Fabio Pietrosanti \(naif\)" <naif@blackhats.it>, that disabling the NetBIOS Null Session will prevent exploitation of this vulnerablity. It is possible to reduce exposure to this issue by preventing port 445 from binding. On Windows 2000 systems, this can be accomplished with by removing the default value "\Device\" from the TransportBindName REG_SZ value from the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters This system must be restarted for the registry changes to take effect. Patches are available: Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows 2000 Professional SP3
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows XP Home
Microsoft Windows 2000 Server SP3
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP Professional
Microsoft Windows XP 0
Cisco ICS Firmware 1.0
Cisco ICS Firmware 2.0
Cisco Call Manager 3.0
Cisco Call Manager 3.1 (3a)
Cisco Call Manager 3.1 (2)
Cisco Call Manager 3.1
Cisco Call Manager 3.2
|
|
 Privacy Statement |
