ID CVE-2008-4114
Summary srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • cpe:2.3:o:microsoft:windows_server_2008:-:itanium
    cpe:2.3:o:microsoft:windows_server_2008:-:itanium
  • cpe:2.3:o:microsoft:windows_server_2008:-:x32
    cpe:2.3:o:microsoft:windows_server_2008:-:x32
  • cpe:2.3:o:microsoft:windows_server_2008:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:-:x64
  • cpe:2.3:o:microsoft:windows_vista:-:gold:x64
    cpe:2.3:o:microsoft:windows_vista:-:gold:x64
  • Microsoft Windows Vista Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp1:x64
  • cpe:2.3:o:microsoft:windows_vista:gold
    cpe:2.3:o:microsoft:windows_vista:gold
  • cpe:2.3:o:microsoft:windows_vista:sp1
    cpe:2.3:o:microsoft:windows_vista:sp1
  • cpe:2.3:o:microsoft:windows_xp:-:pro_x64
    cpe:2.3:o:microsoft:windows_xp:-:pro_x64
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:pro_x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
CVSS
Base: 7.1 (as of 17-09-2008 - 13:42)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
exploit-db via4
description MS Windows WRITE_ANDX SMB command handling Kernel DoS (meta). CVE-2008-4114. Dos exploit for windows platform
file exploits/windows/dos/6463.rb
id EDB-ID:6463
last seen 2016-01-31
modified 2008-09-15
platform windows
port
published 2008-09-15
reporter Javier Vicente Vallejo
source https://www.exploit-db.com/download/6463/
title Microsoft Windows - WRITE_ANDX SMB command handling Kernel DoS meta
type dos
metasploit via4
description This module exploits a denial of service vulnerability in the SRV.SYS driver of the Windows operating system. This module has been tested successfully against Windows Vista.
id MSF:AUXILIARY/DOS/WINDOWS/SMB/MS09_001_WRITE
last seen 2019-03-20
modified 2017-07-24
published 2009-03-08
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/smb/ms09_001_write.rb
title Microsoft SRV.SYS WriteAndX Invalid DataOffset
msbulletin via4
bulletin_id MS09-001
bulletin_url
date 2009-01-13T00:00:00
impact Remote Code Execution
knowledgebase_id 958687
knowledgebase_url
severity Critical
title Vulnerabilities in SMB Could Allow Remote Code Execution
nessus via4
  • NASL family Windows
    NASL id WIN_SERVER_2008_NTLM_PCI.NASL
    description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 108811
    published 2018-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108811
    title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS09-001.NASL
    description The remote host is affected by a memory corruption vulnerability in SMB that may allow an attacker to execute arbitrary code or perform a denial of service against the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 35361
    published 2009-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35361
    title MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
oval via4
  • accepted 2008-11-03T04:00:16.555-05:00
    class vulnerability
    contributors
    • name Chandan S
      organization SecPod Technologies
    • name J. Daniel Brown
      organization DTCC
    definition_extensions
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    description srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
    family windows
    id oval:org.mitre.oval:def:5262
    status deprecated
    submitted 2008-09-18T18:44:44
    title Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS
    version 38
  • accepted 2009-03-09T04:00:09.929-04:00
    class vulnerability
    contributors
    • name Sudhir Gandhe
      organization Secure Elements, Inc.
    • name Timothy Harrison
      organization National Institute of Standards and Technology
    definition_extensions
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows Server 2003 SP1 (x86) is installed
      oval oval:org.mitre.oval:def:565
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP1 (x64) is installed
      oval oval:org.mitre.oval:def:4386
    • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
      oval oval:org.mitre.oval:def:720
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
      oval oval:org.mitre.oval:def:4873
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
      oval oval:org.mitre.oval:def:5254
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    description srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
    family windows
    id oval:org.mitre.oval:def:6044
    status accepted
    submitted 2009-01-13T13:07:00
    title SMB Validation Denial of Service Vulnerability
    version 40
refmap via4
bid 31179
bugtraq 20080914 Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS
cert TA09-013A
exploit-db 6463
misc
ms MS09-001
sectrack 1020887
secunia 31883
vupen ADV-2008-2583
xf win-writeandx-dos(45146)
Last major update 04-08-2011 - 00:00
Published 16-09-2008 - 19:00
Last modified 26-02-2019 - 09:04
Back to Top