In their currently published
/data/vulnerabilities/exploits/36299.py
there is line break error between lines 2 and 3.
Array index error in the SMB2 protocol implementation in srv2.sys in Microsoft Windows 7, Server 2008, and Vista Gold, SP1, and SP2 allows remote attackers to cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location.
In their currently published
/data/vulnerabilities/exploits/36299.py
there is line break error between lines 2 and 3.
* Microsoft Windows 7
* Microsoft Windows Vista
* Microsoft Windows Server 2008
-- please be aware of a recently reported zero day vulnerability affecting some versions. A denial-of-service attack on an affected system that has SMB2 enabled, for file sharing crashes the system with a BSoD (Blue Screen of Death).
In addition: the issue may be exploitable to achieve remote code execution.
Symantec Corp. ThreatCon is currently elevated (level 2 of 4).
Secunia Advisory SA36623 currently rates the vulnerability moderately critical (3 of 5).
U.S. National Vulnerability Database vulnerability CVE-2009-3103 will gain a completed summary in due course.
The following actions are advised:
* disable file sharing, unless it is explicitly required
* restrict access to TCP ports 139 and 445. - Graham Perrin on 2009-09-09