This SMBv1 vulnerability has been disclosed to MS back in february 2010 and patched this month in MS10-054 bulletin.
This vulnerability is quite interesting since it’s present in all Windows version since Windows 2000, and can be triggered easily in at least 2 different Trans2 opcode by setting a Max Data Count to 0;
– QUERY_FS_INFO Query FS Attribute Info
– QUERY_FS_INFO, Query FS Volume Info
You can find the full advisory here: http://seclists.org/fulldisclosure/2010/Aug/122
SRD blog entry: http://blogs.technet.com/b/srd/archive/2010/08/10/ms10-054-exploitability-details-for-the-smb-server-update.aspx
Print
Share
Comment
Cite
Upload
Translate
APA
() » MS SMB Remote Trans2 Zero Size Pool Allocation (MS10-054). Retrieved from https://www.truth.cx/2010/08/12/ms-smb-remote-trans2-zero-size-pool-allocation-ms10-054/.
MLA" » MS SMB Remote Trans2 Zero Size Pool Allocation (MS10-054)." - , https://www.truth.cx/2010/08/12/ms-smb-remote-trans2-zero-size-pool-allocation-ms10-054/
HARVARD » MS SMB Remote Trans2 Zero Size Pool Allocation (MS10-054)., viewed ,
VANCOUVER - » MS SMB Remote Trans2 Zero Size Pool Allocation (MS10-054). [Internet]. [Accessed ]. Available from: https://www.truth.cx/2010/08/12/ms-smb-remote-trans2-zero-size-pool-allocation-ms10-054/
CHICAGO" » MS SMB Remote Trans2 Zero Size Pool Allocation (MS10-054)." - Accessed . https://www.truth.cx/2010/08/12/ms-smb-remote-trans2-zero-size-pool-allocation-ms10-054/
IEEE" » MS SMB Remote Trans2 Zero Size Pool Allocation (MS10-054)." [Online]. Available: https://www.truth.cx/2010/08/12/ms-smb-remote-trans2-zero-size-pool-allocation-ms10-054/. [Accessed: ]