Wednesday, September 9, 2009

Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D

Reference: http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html#comment-form

=============================================
- Release date: September 7th, 2009
- Discovered by: Laurent GaffiƩ
- Severity: Medium/High
=============================================

I. VULNERABILITY
-------------------------
Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.

II. BACKGROUND
-------------------------
Windows vista and newer Windows comes with a new SMB version named SMB2.
See: http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0
for more details.

III. DESCRIPTION
-------------------------
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it's used to identify the SMB dialect that will be used for futher communication.

IV. PROOF OF CONCEPT
-------------------------

Smb-Bsod.py:

more.......
at 7:49 AM
Labels: , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)