CERTA-2000-AVI-047

Vulnerability from certfr_avis - Published: - Updated:

Un utilisateur mal intentionné peut arrêter à distance le service RPC en lui envoyant par le réseau des paquets malformés.

Description

Un utilisateur mal intentionné peut, en envoyant des paquets RPC mal formés, bloquer à distance les services RPC d'une machine sous Windows 2000. Une fois le service bloqué, la seul façon de le relancer est de redémarrer la machine.

Contournement provisoire

Pour se prémunir contre les attaques provenant d'Internet, vous devez avoir un garde-barrière (firewall) qui bloque les ports 135 à 139 et le port 445.

Solution

Appliquer le correctif de Microsoft :

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24229

Windows 2000 toutes versions.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eWindows 2000 toutes versions.\u003c/P\u003e",
  "content": "## Description\n\nUn utilisateur mal intentionn\u00e9 peut, en envoyant des paquets RPC mal\nform\u00e9s, bloquer \u00e0 distance les services RPC d\u0027une machine sous Windows\n2000. Une fois le service bloqu\u00e9, la seul fa\u00e7on de le relancer est de\nred\u00e9marrer la machine.\n\n## Contournement provisoire\n\nPour se pr\u00e9munir contre les attaques provenant d\u0027Internet, vous devez\navoir un garde-barri\u00e8re (firewall) qui bloque les ports 135 \u00e0 139 et le\nport 445.\n\n## Solution\n\nAppliquer le correctif de Microsoft :\n\n    http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24229\n",
  "cves": [],
  "links": [
    {
      "title": "L\u0027avis et la FAQ de l\u0027avis Microsoft :",
      "url": "http://www.microsoft.com/technet/security/bulletin/ms00-066.asp"
    }
  ],
  "reference": "CERTA-2000-AVI-047",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2000-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Un utilisateur mal intentionn\u00e9 peut arr\u00eater \u00e0 distance le service RPC en\nlui envoyant par le r\u00e9seau des paquets malform\u00e9s.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de RPC sous Windows2000",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.