SMB Information Disclosure Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SMB Information Disclosure Vulnerability
From: Avert@xxxxxxxxxxxxx
Date: 11 Jul 2006 22:06:04 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

_______________________________________________________________________________

McAfee, Inc.
McAfee® Avert® Labs Security Advisory
Public Release Date: 2006-07-11

SMB Information Disclosure Vulnerability

CVE-2006-1315
_______________________________________________________________________________

?       Synopsis

An information disclosure vulnerability exists in the Server service that could 
allow an attacker to retrieve fragments of memory from an affected host via the 
host?s SMB server. 
_______________________________________________________________________________

?       Vulnerable System or Application

Microsoft Windows 2000
Microsoft Windows XP w/ Service Pack 1
Microsoft Windows XP w/ Service Pack 2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 w/ Service Pack 1

_______________________________________________________________________________

?       Vulnerability Information

This issue is caused by the Server protocol driver?s failure to zero out memory 
before reusing it when constructing SMB response messages. An attacker could 
exploit this vulnerability by sending a specially crafted request that when 
processed would result in a response packet being sent that unintentionally 
contained portions of memory from the target host. Note that this vulnerability 
would not allow an attacker to execute code or to elevate their user rights 
directly. It could be used to produce useful information to try to further 
compromise the affected system.
_______________________________________________________________________________

?       Resolution

Microsoft has released a security bulletin and associated patch for this 
vulnerability:
http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx 

_______________________________________________________________________________

?       Credits

This vulnerability was discovered by Mike Price and Rafal Wojtczuk of McAfee 
Avert Labs. 
_______________________________________________________________________________

?       Legal Notice

Copyright (C) 2006 McAfee, Inc.
The information contained within this advisory is provided for the convenience 
of McAfee?s customers, and may be redistributed provided that no fee is charged 
for distribution and that the advisory is not modified in any way. McAfee makes 
no representations or warranties regarding the accuracy of the information 
referenced in this document, or the suitability of that information for your 
purposes.

McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. 
and/or its affiliated companies in the United States and/or other Countries.  
All other registered and unregistered trademarks in this document are the sole 
property of their respective owners.

Prev by Date: Fuzzing Microsoft Office
Next by Date: Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
Previous by thread: Fuzzing Microsoft Office
Next by thread: Microsoft Excel Array Index Error Remote Code Execution
Index(es):
- Date
- Thread