GEN:SID | 1:2386 |
Message | WEB-IIS NTLM ASN.1 vulnerability scan attempt |
Summary | This event is generated when an attempt is made to scan for a known vulnerability in the Microsoft implementation of the ASN.1 Library using Nessus.
|
Impact | Intelligence gathering.
|
Detailed Information | A buffer overflow condition in the Microsoft implementation of the ASN.1 Library. It may be possible for an attacker to exploit this condition by sending specially crafted authentication packets to a host running a vulnerable operating system.
When the taget system decodes the ASN.1 data, exploit code may be included in the data that may be excuted on the host with system level privileges. Alternatively, the malformed data may cause the service to become unresponsive thus causing the DoS condition to occur.
This event indicates a possible attempt to enumerate vulnerable hosts using Nessus.
|
Affected Systems | Microsoft Windows NT Microsoft Windows NT Terminal Server Edition Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows 2003
|
Attack Scenarios | |
Ease of Attack | Simple. Exploit code exists.
|
Corrective Action | Apply the appropriate vendor supplied patches.
|
Additional References | |
Rule References | nessus: 12055
nessus: 12052
bugtraq: 9635
cve: 2003-0818
bugtraq: 9633
nessus: 12065
url: www.microsoft.com/technet/security/bulletin/MS04-007.mspx
|