|
|
|||
Release Date:2009-09-27
Attack Name:NTLM ASN.1 vulnerability scan attempt
OS Type:
Application Type:
Severity:Info
BUG ID:
CVE ID:
| Description:
|
A buffer overflow condition in the Microsoft implementation of the ASN.1
Library. It may be possible for an attacker to exploit this condition by
sending specially crafted authentication packets to a host running a
vulnerable operating system.
When the taget system decodes the ASN.1 data, exploit code may be included
in the data that may be excuted on the host with system level privileges.
Alternatively, the malformed data may cause the service to become
unresponsive thus causing the DoS condition to occur.
This event indicates a possible attempt to enumerate vulnerable hosts using
Nessus.
Impact:
Intelligence gathering.
Affected Systems:
Microsoft Windows NT
Microsoft Windows NT Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows 2003
Additional References:
http://www.microsoft.com/security/encyclopedia/details.aspx?name=win32/rbot
http://www.us-cert.gov/cas/techalerts/TA04-041A.html
http://cgi.nessus.org/plugins/dump.php3?id=12052
http://cgi.nessus.org/plugins/dump.php3?id=12055
http://cgi.nessus.org/plugins/dump.php3?id=12065
http://www.microsoft.com/technet/security/bulletin/MS04-007.mspx
| Solution:
|
Apply the appropriate vendor supplied patches.