ID CVE-2009-3676
Summary The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows Server 2008 R2
    cpe:2.3:o:microsoft:windows_server_2008:r2
CVSS
Base: 7.1 (as of 16-11-2009 - 08:24)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
msbulletin via4
bulletin_id MS10-020
bulletin_url
date 2010-04-13T00:00:00
impact Remote Code Execution
knowledgebase_id 980232
knowledgebase_url
severity Critical
title Vulnerabilities in SMB Client Could Allow Remote Code Execution
nessus via4
  • NASL family Windows
    NASL id WIN_SERVER_2008_NTLM_PCI.NASL
    description According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 108811
    published 2018-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108811
    title Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS10-020.NASL
    description The version of the SMB client software installed on the remote Windows host may be affected by one or more vulnerabilities, including some that could allow arbitrary code execution : - Incorrect handling of incomplete SMB responses could be abused to cause the system to stop responding. (CVE-2009-3676) - A vulnerability in the way the SMB client allocates memory when parsing specially crafted SMB responses could be abused by an unauthenticated, remote attacker to execute arbitrary code with system-level privileges. (CVE-2010-0269) - Improper validation of fields in SMB responses could lead to a memory corruption issue and in turn to arbitrary code execution with system-level privileges. (CVE-2010-0270) - Improper parsing of SMB transaction responses could lead to a memory corruption issue resulting in code execution with system-level privileges. (CVE-2010-0476) - Improper handling of SMB responses could cause the SMB client to consume the entire response and indicate an invalid value to the Winsock kernel, which in turn could allow remote code execution and result in the compromise of the affected system. (CVE-2010-0477)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 45507
    published 2010-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45507
    title MS10-020: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
oval via4
accepted 2012-03-26T04:03:48.828-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Dragos Prisaca
    organization Symantec Corporation
definition_extensions
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
description The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
family windows
id oval:org.mitre.oval:def:7186
status accepted
submitted 2010-03-13T13:00:00
title SMB Client Incomplete Response Vulnerability
version 42
refmap via4
cert TA10-103A
confirm
fulldisc 20091111 Windows 7 , Server 2008R2 Remote Kernel Crash
misc
ms MS10-020
sectrack 1023179
secunia 37347
vupen ADV-2009-3216
Last major update 21-08-2010 - 00:00
Published 13-11-2009 - 10:30
Last modified 30-10-2018 - 12:28
Back to Top