Vulnerabilities > CVE-2002-0724 - Unspecified vulnerability in Microsoft Windows 2000, Windows NT and Windows XP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 30 |
Exploit-Db
description MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (1). CVE-2002-0724. Dos exploit for windows platform id EDB-ID:21746 last seen 2016-02-02 modified 2002-08-22 published 2002-08-22 reporter Frederic Deletang source https://www.exploit-db.com/download/21746/ title Microsoft Windows 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow 1 description MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (2). CVE-2002-0724. Dos exploit for windows platform id EDB-ID:21747 last seen 2016-02-02 modified 2002-08-22 published 2002-08-22 reporter zamolx3 source https://www.exploit-db.com/download/21747/ title Microsoft Windows 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow 2
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS02-045.NASL description Due to a flaw in Microsoft last seen 2020-06-01 modified 2020-06-02 plugin id 11300 published 2003-03-01 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11300 title MS02-045: Unchecked buffer in Network Share Provider (326830) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(11300); script_version("1.39"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2002-0724"); script_bugtraq_id(5556); script_xref(name:"MSFT", value:"MS02-045"); script_xref(name:"MSKB", value:"326830"); script_name(english:"MS02-045: Unchecked buffer in Network Share Provider (326830)"); script_summary(english:"Checks for MS Hotfix Q326830"); script_set_attribute(attribute:"synopsis", value:"It is possible to crash the remote host."); script_set_attribute(attribute:"description", value: "Due to a flaw in Microsoft's SMB implementation, the remote host is vulnerable to a denial of service attack. By sending a specially crafted packet request, an attacker could launch a denial of service, causing the affected host to crash. Note that this vulnerability is not exploitable without credentials unless anonymous access has been disabled."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-045"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows NT, 2000 and XP."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/08/22"); script_set_attribute(attribute:"patch_publication_date", value:"2002/08/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS02-045'; kb = '326830'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(nt:'6', win2k:'2,3', xp:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.1", sp:0, file:"Xactsrv.dll", version:"5.1.2600.50", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.0", file:"Xactsrv.dll", version:"5.0.2195.5971", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"4.0", file:"Xactsrv.dll", version:"4.0.1381.7181", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"4.0", file:"Xactsrv.dll", version:"4.0.1381.33538", min_version:"4.0.1381.33000", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family Windows NASL id SMB_NULL_PARAMS_DOS.NASL description The remote host is vulnerable to a denial of service attack in its SMB stack. An attacker may exploit this flaw to crash the remote host remotely, without any authentication. last seen 2020-06-01 modified 2020-06-02 plugin id 11110 published 2002-08-23 reporter This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11110 title MS02-045: Microsoft Windows SMB Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS (326830) (uncredentialed check)
Oval
| accepted | 2011-05-16T04:02:00.701-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| description | Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". | ||||||||||||||||||||
| family | windows | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:189 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2003-10-10T12:00:00.000-04:00 | ||||||||||||||||||||
| title | Network Share Provider Buffer Overflow | ||||||||||||||||||||
| version | 69 |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:75567 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-75567 |
| title | MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (1) |
References
- http://marc.info/?l=bugtraq&m=103011556323184&w=2
- http://www.kb.cert.org/vuls/id/250635
- http://www.kb.cert.org/vuls/id/311619
- http://www.kb.cert.org/vuls/id/342243
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-045
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A189