HighProventia Network IPS, Proventia Desktop, RealSecure Network, RealSecure Server Sensor, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects an SMB Negotiate response with an invalid Max Buffer Size
High
Proventia Network IPS: XPU 30.020, Proventia Desktop: 2480, RealSecure Network: XPU 30.020, RealSecure Server Sensor: XPU 30.020, Proventia Network MFS: XPU 30.020, Proventia-G 1.1 and earlier: XPU 30.020, Proventia Network IDS: XPU 30.020, IBM Security Server Protection for Windows: 2.1.14.2480, IBM Security Server Protection for Windows: 2.0.300.2480, Proventia Server IPS for Linux technology: 30.020, Virtual Server Protection for Vmware: XPU 30.020
Microsoft Windows 2000: SP4, Microsoft Windows XP: SP2, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Windows XP: SP3
Unauthorized Access Attempt
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of fields in the SMB response by the Server Message Block (SMB) client. By persuading a victim to connect to a malicious SMB server, a remote attacker could send a specially-crafted SMB response to a client-initiated SMB request to corrupt a pool and execute arbitrary code on the system with system level privileges.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS10-006
Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
http://www.microsoft.com/technet/security/bulletin/ms10-006.mspx
IBM Internet Security Systems Protection Alert
Microsoft Windows SMB Client Remote Code Execution
http://www.iss.net/threats/360.html
Microsoft Security Bulletin MS10-020
Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
http://www.microsoft.com/technet/security/bulletin/ms10-020.mspx
Microsoft Security Bulletin MS11-019
Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
http://www.microsoft.com/technet/security/bulletin/ms11-019.mspx
Microsoft Security Bulletin MS11-043
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
http://www.microsoft.com/technet/security/bulletin/ms11-043.mspx
Microsoft Security Bulletin MS11-043
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
http://www.microsoft.com/technet/security/bulletin/ms11-043.mspx
ISS X-Force
Microsoft Windows Server Message Block pool code execution
http://www.iss.net/security_center/static/55151.php
CVE
CVE-2010-0016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0016