Guest

Cisco Building Broadband Service Manager

Building Broadband Service Manager (BBSM) 5.x and BBSM Hot Spot 1.x Remote-Procedure Call (RPC)/Distributed Component Object Model (DCOM) exploit MS03-026


Revised August 11, 2003

August 1, 2003



Products Affected

Product

BBSM 5.x and Hotspot 1.x

Problem Description

Microsoft patch MS03-026 needs to be installed on any Building Broadband Service Manager (BBSM) server regardless of version immediately. This patch can be applied safely regardless of the service pack or BBSM patch revision history. Cisco Connection Online (CCO) now has a BBSM webpatch of this fix available. This allows customers to remotely patch their BBSM products. If MS03-026 has already been applied, it is not necessary to install this patch.

Background

BBSM now has a webpatch which is a remotely installable version of this ms hotfix available from CCO.

MS03-026 fixes a potential remote-procedure call (RPC) and Distributed Component Object Model (DCOM) exploit that affects all BBSM products and can safely be applied regardless of service pack or BBSM patch revision history.

Problem Symptoms

Problem symptoms are unknown at this time .

Workaround/Solution

Install MS03-026 from Microsoft

Block RPC interface ports at your firewall. Port 135 is used to initiate an RPC connection with a remote computer. In addition, there are other RPC interface ports that could be used by an attacker to remotely exploit this vulnerability. Blocking the following ports at the firewall will help prevent systems behind that firewall from being attacked by attempts to exploit this vulnerability

  • TCP/UDP Port 135

  • TCP/UDP Port 139

  • TCP/UDP Port 445

In addition, customers may have configured services or protocols that use RPC that might also be accessible from the Internet. Systems administrators are strongly encouraged to examine RPC ports that are exposed to the Internet and to either block these ports at their firewall, or apply the patch immediately.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: