Vulnerability Name:

CVE-2008-4114 (CCN-45146)

Assigned:2008-09-16
Published:2008-09-16
Updated:2019-02-26
Summary:srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.1 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-4114

Source: CCN
Type: SA31883
Microsoft Windows "WRITE_ANDX" SMB Packet Handling Denial of Service

Source: SECUNIA
Type: Vendor Advisory
31883

Source: CCN
Type: SECTRACK ID: 1020887
Windows SMB Processing Bug Lets Remote Users Deny Service

Source: CCN
Type: ASA-2009-011
MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

Source: CCN
Type: NORTEL BULLETIN ID: 2009009284, Rev 1
Nortel Response to Microsoft Security Bulletin MS09-001

Source: CCN
Type: Microsoft Security Bulletin MS15-083
Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)

Source: CCN
Type: Microsoft Security Bulletin MS16-114
Security Update for Windows SMBv1 Server (3185879)

Source: CCN
Type: Microsoft Security Bulletin MS17-010
Security Update for Windows SMB Server (4013389)

Source: CCN
Type: Microsoft Security Bulletin MS09-001
Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

Source: CCN
Type: Microsoft Security Bulletin MS10-012
Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)

Source: CCN
Type: Microsoft Security Bulletin MS10-054
Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)

Source: CCN
Type: Microsoft Security Bulletin MS11-020
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)

Source: MISC
Type: Exploit
http://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1

Source: BUGTRAQ
Type: UNKNOWN
20080914 Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS

Source: BID
Type: Exploit
31179

Source: CCN
Type: BID-31179
Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020887

Source: CERT
Type: US Government Resource
TA09-013A

Source: CCN
Type: Javier Vicente Vallejo Advisories
Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS

Source: MISC
Type: Exploit
http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2583

Source: MS
Type: UNKNOWN
MS09-001

Source: XF
Type: UNKNOWN
win-writeandx-dos(45146)

Source: XF
Type: UNKNOWN
win-writeandx-dos(45146)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5262

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6044

Source: EXPLOIT-DB
Type: UNKNOWN
6463

Source: CCN
Type: Rapid7 Vulnerability & Exploit Database
Microsoft SRV.SYS WriteAndX Invalid DataOffset

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:gold:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:sp1:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:::x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows_vista:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6044
    V
    SMB Validation Denial of Service Vulnerability
    2009-03-09
    BACK
    microsoft windows 2000 * sp4
    microsoft windows server 2003 *
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp2
    microsoft windows server 2008 *
    microsoft windows server 2008 *
    microsoft windows server 2008 *
    microsoft windows vista * gold
    microsoft windows vista * sp1
    microsoft windows vista gold
    microsoft windows vista sp1
    microsoft windows xp *
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft windows 2000 sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003_server sp1
    microsoft windows xp
    microsoft windows 2003_server sp1_itanium
    microsoft windows vista
    microsoft windows server_2003
    microsoft windows server_2003
    microsoft windows server_2003
    microsoft windows vista
    microsoft windows xp sp2
    microsoft windows vista sp1
    microsoft windows vista sp1
    microsoft windows server 2008
    microsoft windows server 2008 -
    microsoft windows server 2008 -
    microsoft windows xp sp3