OSVDB ID: 26440

Title: Microsoft Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow

Info

Disclosure

Jun 13, 2006

Discovery

Unknown

Dates

Exploit

Jun 13, 2006

Solution

Unknown

Description

A local overflow exists in Microsoft SMB. The function 'MrxSmbCscIoctlOpenForCopyChunk' fails to validate input when handling certain DeviceIoControl requests resulting in an overflow. With a specially crafted request, an attacker can execute arbitrary code with escalated privileges resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	2003 Server SP1
		XP SP2
		XP SP1
		2000 SP4

References

Security Tracker: 1016288
Bugtraq ID: 18356
Milw0rm: 1910
Exploit Database: 1910
CVE ID: 2006-2373 (see also: NVD)
Secunia Advisory ID: 20635
SCIP VulDB ID: 2311
Related OSVDB ID: 26439
Microsoft Knowledge Base Article: 914389
VUPEN Advisory: ADV-2006-2327
Keyword: Aka the "SMB Driver Elevation of Privilege Vulnerability"
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0223.html
http://archives.neohapsis.com/archives/bugtraq/2006-06/0233.html
Other Advisory URL: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408
http://www.reversemode.com/index.php?option=com_content&task=view&id=13&Itemid=5
Microsoft Security Bulletin: MS06-030

Credit

Ruben Santamarta - advisoriesreversemode.com -

Direct URL: http://osvdb.org/26440

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

References

Credit