Check Point Advisories

Microsoft SMS Remote Control Service Denial of Service (CVE-2004-0728)

Check Point Reference: CPAI-2004-162
Date Published: 1 Dec 2009
Severity: Critical
Last Updated: Tuesday 01 December, 2009
Source:
Industry Reference:CVE-2004-0728
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable?
Vulnerability Description Microsoft's Systems Management Server (SMS) is a change and configuration management server for the Microsoft Windows platforms. One component of this system is a client utility that allows an administrator to obtain control over remote client computer. This remote assistance service is installed as a service on a client computer. The service listens for administrator connections on TCP port 2701 for general contact, reboot and ping, and on TCP port 2702 for remote control. There exists a vulnerability in the Microsoft Systems Management Server (SMS) Remote Control Service that allows an attacker to cause a denial of service condition. By using a specially crafted TCP packet, an attacker can bypass the input verification procedure and cause an invalid memory read or write. In the case of a successful attack, the service will shut down completely. This will effectively disable all functionality of the SMS. The client will be presented with an information pop-up window by the Windows operating system, alerting of this event. In the default setting of the service, the agent will have to be manually restarted to recover. The service can be optionally configured to automatically restart after a failure.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Microsoft SMS Remote Control Service Denial of Service protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Application Servers Protection Violation.
Attack Information:  Microsoft SMS remote control service denial of service

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK