Vulnerabilities > CVE-2011-1869 - Resource Management Errors vulnerability in Microsoft products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS11-042
bulletin_url
date2011-06-14T00:00:00
impactRemote Code Execution
knowledgebase_id2535512
knowledgebase_url
severityCritical
titleVulnerabilities in Distributed File System Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS11-042.NASL
descriptionThe Distributed File System (DFS) implementation running on the remote Windows host has the following vulnerabilities: - The DFS client does not parse specially crafted DFS responses correctly, which could allow a remote, unauthenticated attacker to execute arbitrary code. (CVE-2011-1868) - The system does not properly handle specially crafted DFS referral responses, which could allow an unauthenticated, remote attacker to cause a denial of service. (CVE-2011-1869)
last seen2020-06-01
modified2020-06-02
plugin id55122
published2011-06-15
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/55122
titleMS11-042: Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)

Oval

accepted2014-03-03T04:00:34.046-05:00
classvulnerability
contributors
  • nameDragos Prisaca
    organizationSymantec Corporation
  • nameDragos Prisaca
    organizationSymantec Corporation
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Windows XP (x86) SP3 is installed
    ovaloval:org.mitre.oval:def:5631
  • commentMicrosoft Windows XP x64 Edition SP2 is installed
    ovaloval:org.mitre.oval:def:4193
  • commentMicrosoft Windows Server 2003 SP2 (x86) is installed
    ovaloval:org.mitre.oval:def:1935
  • commentMicrosoft Windows Server 2003 SP2 (x64) is installed
    ovaloval:org.mitre.oval:def:2161
  • commentMicrosoft Windows Server 2003 (ia64) SP2 is installed
    ovaloval:org.mitre.oval:def:1442
  • commentMicrosoft Windows Vista (32-bit) Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:4873
  • commentMicrosoft Windows Vista x64 Edition Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:5254
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
  • commentMicrosoft Windows Vista (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6124
  • commentMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5653
  • commentMicrosoft Windows Vista x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5594
  • commentMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6216
  • commentMicrosoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6150
  • commentMicrosoft Windows 7 (32-bit) is installed
    ovaloval:org.mitre.oval:def:6165
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
descriptionThe Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
familywindows
idoval:org.mitre.oval:def:12640
statusaccepted
submitted2011-06-14T13:00:00
titleDFS Referral Response Vulnerability
version48

Seebug

bulletinFamilyexploit
descriptionBugtraq ID: 48187 CVE ID:CVE-2011-1869 Microsoft Windows是一款流行的操作系统。 Microsoft分布式文件系统(DFS)处理特制DFS推荐应答(referal response)存在错误,未验证用户可以向运行此服务的计算机发送特制网络消息使系统崩溃。 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Home SP3 Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 0 Microsoft Windows Server 2008 R2 Itanium SP1 Microsoft Windows Server 2008 R2 Itanium 0 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows 7 XP Mode 0 Microsoft Windows 7 Ultimate 0 Microsoft Windows 7 Starter 0 Microsoft Windows 7 Professional 0 Microsoft Windows 7 Home Premium 0 Microsoft Windows 7 Home Premium - Sp1 X64 Microsoft Windows 7 Home Premium - Sp1 X32 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems 0 Microsoft Windows 7 for Itanium-based Systems SP1 Microsoft Windows 7 for Itanium-based Systems 0 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for 32-bit Systems 0 Microsoft Windows 7 RC Microsoft Windows 7 beta Microsoft Windows 7 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.microsoft.com/technet/security/Bulletin/MS11-042.mspx
idSSV:20639
last seen2017-11-19
modified2011-06-16
published2011-06-16
reporterRoot
titleMicrosoft Windows分布式文件系统远程拒绝服务漏洞