|
| TC: | 12042 | |
| Description: | An issue has been discovered in Windows 2000, which could cause a denial of system service. Submitting malformed data to port 445 could cause the Lanman service to consume high CPU and Kernel mode memory usage. | |
| TC Impact: | Gather Info | |
| Service: | LanMan |
| Vulnerability Publication: | April 17, 2002 | |
| Advisory Copyright: | Microsoft | |
| Summary: | A remote attacker can deny access to legitimate users onto your network. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete | |
| CVSS 2.0 Base Score: | 7.8 |
| Vulnerability Impact: |
Denial of Service |
|---|
| Host Impact: | Denial of service. | |
| Nature of Remediation: | Update the software. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Upgrade Software ***** Upgrade to Service Pack 3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Method 1 Disable NetBIOS over TCP/IP, which also disables port 445: 1. Click Start , point to Settings , and then click Network and Dial-up Connection . 2. Right-click Local Area Connection , and then click Properties . 3. Click Internet Protocol (TCP/IP) , click Properties , and then click Advanced . 4. Click the WINS tab, click to select the Disable NetBIOS over TCP/IP check box, and then click OK . IMPORTANT : The preceding configuration may not be supported in an environment where program that require NetBIOS support are being used. Method 2 Create and then set the MaxWorkItems value in the registry to a value that the computer can support: 1. Start Registry Editor (Regedt32.exe). 2. Locate the Parameters value under the following key in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\ 3. On the Edit menu, click Add Value , type MaxWorkItems . 4. Click REG_DWORD , and then click OK . 5. Set the data to the one of the following: -1024 for computers with a large amount of memory (greater than 2 gigabytes of memory). -512 for computers with a medium amount of memory (512 megabytes to -2 gigabytes). -256 for computers with a small amount of memory (less than 512 megabytes). See references for more details. |
| References: | ||
| * BUGTRAQ: 20020417 KPMG-2002011: Windows 2000 microsoft-ds Denial of Service http://online.securityfocus.com/archive/1/268066 * VULNWATCH: 20020417 [VulnWatch] KPMG-2002011: Windows 2000 microsoft-ds Denial of Service http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0025.html * MSKB: Q320751 http://support.microsoft.com/default.aspx?scid=kb;[LN];Q320751 * CERT-VN: VU#693099 http://www.kb.cert.org/vuls/id/693099 * BID: 4532 http://www.securityfocus.com/bid/4532 * OSVDB: 5179 http://www.osvdb.org/5179 * XF: win2k-lanman-dos(8867) http://www.iss.net/security_center/static/8867.php |
| CVE Link: |
CVE-2002-0597 |
 |
|---|
| Glossary: |
Denial of Service NetBIOS NetBIOS Name |
|---|