|
|
CVE Reference: CVE-2008-4037 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-4037 |
|
|
Description: Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. |
|
|
CVE Status: Candidate |
|
|
References: ST 1021163 SAID Secunia Advisory: SA32633 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6012 OSVDB 49736 MS http://www.microsoft.com/technet/security/Bulletin/MS08-068.mspx MISC http://www.networkworld.com/news/2008/111208-microsoft-seven-year-security-patch.html http://www.veracode.com/blog/2008/11/microsoft-fixes-8-year-old-design-flaw-in-smb/ http://www.xfocus.net/articles/200305/smbrelay.html http://www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch.README http://www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch MILW0RM http://www.milw0rm.com/exploits/7125 CERT http://www.us-cert.gov/cas/techalerts/TA08-316A.html BID 7385 |
|
| Return to the previous page. |
