Vulnerabilities > CVE-2011-1869 - Resource Management Errors vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 15 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS11-042 |
bulletin_url | |
date | 2011-06-14T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2535512 |
knowledgebase_url | |
severity | Critical |
title | Vulnerabilities in Distributed File System Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS11-042.NASL |
description | The Distributed File System (DFS) implementation running on the remote Windows host has the following vulnerabilities: - The DFS client does not parse specially crafted DFS responses correctly, which could allow a remote, unauthenticated attacker to execute arbitrary code. (CVE-2011-1868) - The system does not properly handle specially crafted DFS referral responses, which could allow an unauthenticated, remote attacker to cause a denial of service. (CVE-2011-1869) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 55122 |
published | 2011-06-15 |
reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/55122 |
title | MS11-042: Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512) |
Oval
accepted | 2014-03-03T04:00:34.046-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:12640 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2011-06-14T13:00:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | DFS Referral Response Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 48 |
Seebug
bulletinFamily | exploit |
description | Bugtraq ID: 48187 CVE ID:CVE-2011-1869 Microsoft Windows是一款流行的操作系统。 Microsoft分布式文件系统(DFS)处理特制DFS推荐应答(referal response)存在错误,未验证用户可以向运行此服务的计算机发送特制网络消息使系统崩溃。 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Home SP3 Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 0 Microsoft Windows Server 2008 R2 Itanium SP1 Microsoft Windows Server 2008 R2 Itanium 0 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows 7 XP Mode 0 Microsoft Windows 7 Ultimate 0 Microsoft Windows 7 Starter 0 Microsoft Windows 7 Professional 0 Microsoft Windows 7 Home Premium 0 Microsoft Windows 7 Home Premium - Sp1 X64 Microsoft Windows 7 Home Premium - Sp1 X32 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems 0 Microsoft Windows 7 for Itanium-based Systems SP1 Microsoft Windows 7 for Itanium-based Systems 0 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for 32-bit Systems 0 Microsoft Windows 7 RC Microsoft Windows 7 beta Microsoft Windows 7 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.microsoft.com/technet/security/Bulletin/MS11-042.mspx |
id | SSV:20639 |
last seen | 2017-11-19 |
modified | 2011-06-16 |
published | 2011-06-16 |
reporter | Root |
title | Microsoft Windows分布式文件系统远程拒绝服务漏洞 |
References
- http://secunia.com/advisories/44894
- http://www.securityfocus.com/bid/48187
- http://secunia.com/advisories/44948
- http://www.securitytracker.com/id?1025639
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67727
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042