certfr_alerte - certa-2009-ale-016

CERTA-2009-ALE-016

Vulnerability from certfr_alerte

Une vulnérabilité dans SMBv2 sous Microsoft Windows permet à une personne malintentionnée distante de provoquer un déni de service et potentiellement d'exécuter du code arbitraire.

Description

Une vulnérabilité a été identifiée dans le pilote srv2.sys. Une personne malintentionnée distante, peut, au moyen d'un paquet spécifiquement conçu, provoquer un déni de service voire exécuter du code arbitraire.

Du code d'exploitation est disponible sur l'Internet.

Contournement provisoire

désactiver SMB v2 (cf. avis Microsoft) ;
filtrer les ports 139/TCP et 445/TCP en amont.

Les contournements proposés permettent de maintenir la mise en œuvre du partage de fichiers en utilisant le protocole SMB dans sa version 1.

Toutefois des effets de bords liés à l'application de ces contournements ne peuvent être écartés, telle une diminution des performances. De ce fait, le CERTA recommande de procéder à la vérification de ces contournements dans le contexte du système d'information vulnérable avant tout déploiement.

De plus, Microsoft a publié deux outils permettant d'automatiser l'application du contournement provisoire ainsi que son retrait. Ces outils sont disponibles à l'adresse suivante :

http://support.microsoft.com/kb/975497

Solution

Le bulletin de sécurité MS09-050 de Microsoft corrige cette vulnérabilité.

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Vista Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Vista ;
Microsoft	Windows	Microsoft Windows Vista Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 pour systèmes 32 bits Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 pour systèmes Itanium Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2008 pour systèmes x64 Service Pack 2.
Microsoft	Windows	Microsoft Windows Server 2008 pour systèmes x64 ;
Microsoft	Windows	Microsoft Windows Vista x64 ;
Microsoft	Windows	Microsoft Windows Server 2008 pour systèmes 32 bits ;
Microsoft	Windows	Microsoft Windows Vista x64 Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Server 2008 pour systèmes Itanium ;
Microsoft	Windows	Microsoft Windows Vista x64 Service Pack 2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-050	2009-10-13	vendor-advisory
Avis de sécurité Microsoft 975497	2009-10-13	vendor-advisory
Article Microsoft 975497 du 17 septembre 2009 :	-	other
Référence CVE CVE-2009-3103 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Vista Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 pour syst\u00e8mes Itanium Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 pour syst\u00e8mes x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 pour syst\u00e8mes 32 bits ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 pour syst\u00e8mes Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Vista x64 Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2009-10-13",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le pilote srv2.sys. Une personne\nmalintentionn\u00e9e distante, peut, au moyen d\u0027un paquet sp\u00e9cifiquement\ncon\u00e7u, provoquer un d\u00e9ni de service voire ex\u00e9cuter du code arbitraire.\n\nDu code d\u0027exploitation est disponible sur l\u0027Internet.\n\n## Contournement provisoire\n\n-   d\u00e9sactiver SMB v2 (cf. avis Microsoft) ;\n-   filtrer les ports 139/TCP et 445/TCP en amont.\n\nLes contournements propos\u00e9s permettent de maintenir la mise en \u0153uvre du\npartage de fichiers en utilisant le protocole SMB dans sa version 1.\n\nToutefois des effets de bords li\u00e9s \u00e0 l\u0027application de ces contournements\nne peuvent \u00eatre \u00e9cart\u00e9s, telle une diminution des performances. De ce\nfait, le CERTA recommande de proc\u00e9der \u00e0 la v\u00e9rification de ces\ncontournements dans le contexte du syst\u00e8me d\u0027information vuln\u00e9rable\navant tout d\u00e9ploiement.\n\nDe plus, Microsoft a publi\u00e9 deux outils permettant d\u0027automatiser\nl\u0027application du contournement provisoire ainsi que son retrait. Ces\noutils sont disponibles \u00e0 l\u0027adresse suivante :\n\n    http://support.microsoft.com/kb/975497\n\n## Solution\n\nLe bulletin de s\u00e9curit\u00e9 MS09-050 de Microsoft corrige cette\nvuln\u00e9rabilit\u00e9.\n",
  "cves": [
    {
      "name": "CVE-2009-3103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3103"
    }
  ],
  "initial_release_date": "2009-09-09T00:00:00",
  "last_revision_date": "2009-10-13T00:00:00",
  "links": [
    {
      "title": "Article Microsoft 975497 du 17 septembre 2009 :",
      "url": "http://support.microsoft.com/kb/975497"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-3103 :",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-3103"
    }
  ],
  "reference": "CERTA-2009-ALE-016",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2009-09-09T00:00:00.000000"
    },
    {
      "description": "ajout d\u0027un lien dans la section Documentation et modification de la section Contournement provisoire ;",
      "revision_date": "2009-09-18T00:00:00.000000"
    },
    {
      "description": "ajout du correctif.",
      "revision_date": "2009-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans SMBv2 sous Microsoft Windows permet \u00e0 une\npersonne malintentionn\u00e9e distante de provoquer un d\u00e9ni de service et\npotentiellement d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de SMBv2 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2009-10-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-050",
      "url": "http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx"
    },
    {
      "published_at": "2009-10-13",
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 975497",
      "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"
    }
  ]
}

CVE-2009-3103 (GCVE-0-2009-3103)

Vulnerability from cvelistv5

Published

2009-09-08 22:00

Modified

2024-08-07 06:14

Severity ?

CWE

Summary

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.

References

URL

Tags

	http://www.securityfocus.com/bid/36299	vdb-entry, x_refsource_BID
	http://www.kb.cert.org/vuls/id/135940	third-party-advisory, x_refsource_CERT-VN
	http://www.microsoft.com/technet/security/advisory/975497.mspx	x_refsource_CONFIRM
	http://www.reversemode.com/index.php?option=com_content&task=view&id=64&Itemid=1	x_refsource_MISC
	http://blog.48bits.com/?p=510	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050	vendor-advisory, x_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	third-party-advisory, x_refsource_CERT
	http://isc.sans.org/diary.html?storyid=7093	x_refsource_MISC
	http://secunia.com/advisories/36623	third-party-advisory, x_refsource_SECUNIA
	http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html	x_refsource_MISC
	http://www.securitytracker.com/id?1022848	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/506327/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.exploit-db.com/exploits/9594	exploit, x_refsource_EXPLOIT-DB
	http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html	mailing-list, x_refsource_FULLDISC
	http://osvdb.org/57799	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/53090	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/archive/1/506300/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:14:56.044Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "36299",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36299"
          },
          {
            "name": "VU#135940",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/135940"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=64\u0026Itemid=1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.48bits.com/?p=510"
          },
          {
            "name": "MS09-050",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?storyid=7093"
          },
          {
            "name": "36623",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36623"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html"
          },
          {
            "name": "1022848",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022848"
          },
          {
            "name": "20090909 SMB SRV2.SYS Denial of Service PoC",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded"
          },
          {
            "name": "9594",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/9594"
          },
          {
            "name": "20090907 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html"
          },
          {
            "name": "57799",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/57799"
          },
          {
            "name": "win-srv2sys-code-execution(53090)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090"
          },
          {
            "name": "20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:6489",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an \u0026 (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka \"SMBv2 Negotiation Vulnerability.\" NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "36299",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36299"
        },
        {
          "name": "VU#135940",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/135940"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=64\u0026Itemid=1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.48bits.com/?p=510"
        },
        {
          "name": "MS09-050",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?storyid=7093"
        },
        {
          "name": "36623",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36623"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html"
        },
        {
          "name": "1022848",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022848"
        },
        {
          "name": "20090909 SMB SRV2.SYS Denial of Service PoC",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded"
        },
        {
          "name": "9594",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/9594"
        },
        {
          "name": "20090907 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html"
        },
        {
          "name": "57799",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/57799"
        },
        {
          "name": "win-srv2sys-code-execution(53090)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090"
        },
        {
          "name": "20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:6489",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-3103",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an \u0026 (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka \"SMBv2 Negotiation Vulnerability.\" NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36299",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36299"
            },
            {
              "name": "VU#135940",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/135940"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/975497.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/975497.mspx"
            },
            {
              "name": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=64\u0026Itemid=1",
              "refsource": "MISC",
              "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=64\u0026Itemid=1"
            },
            {
              "name": "http://blog.48bits.com/?p=510",
              "refsource": "MISC",
              "url": "http://blog.48bits.com/?p=510"
            },
            {
              "name": "MS09-050",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-050"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=7093",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?storyid=7093"
            },
            {
              "name": "36623",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36623"
            },
            {
              "name": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html",
              "refsource": "MISC",
              "url": "http://g-laurent.blogspot.com/2009/09/windows-vista7-smb20-negotiate-protocol.html"
            },
            {
              "name": "1022848",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022848"
            },
            {
              "name": "20090909 SMB SRV2.SYS Denial of Service PoC",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/506327/100/0/threaded"
            },
            {
              "name": "9594",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/9594"
            },
            {
              "name": "20090907 Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0090.html"
            },
            {
              "name": "57799",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/57799"
            },
            {
              "name": "win-srv2sys-code-execution(53090)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53090"
            },
            {
              "name": "20090908 Regarding Microsoft srv2.sys SMB2.0 NEGOTIATE BSOD",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/506300/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:6489",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6489"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-3103",
    "datePublished": "2009-09-08T22:00:00",
    "dateReserved": "2009-09-08T00:00:00",
    "dateUpdated": "2024-08-07T06:14:56.044Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTA-2009-ALE-016

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

CVE-2009-3103 (GCVE-0-2009-3103)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature