Guest

Cisco Building Broadband Service Manager

Building Broadband Service Manager (BBSM) 5.x and BBSM Hot Spot 1.x MS03-039 Buffer Overrun in Remote Procedure Call Service (RPCSS) Could Allow Code Execution


September 11, 2003



Products Affected

Product

BBSM 5.x and Hotspot 1.x

Problem Description

It is believed that existing code, including the exploit implemented by W32.Blaster.Worm, which targets the vulnerability in Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) subsystem described in the Microsoft security bulletin MS03-026 can easily be modified to successfully exploit one of the vulnerabilities listed in MS03-039. This patch supercedes MS03-026.

Background

MS03-039 fixes a potential RPC and DCOM exploit that affects all Building Broadband Service Manager (BBSM) products and can safely be applied regardless of service pack or BBSM patch revision history.

Problem Symptoms

Unknown at this time.

Workaround/Solution

Install MS03-039 from Microsoft Website

Block RPC interface ports at your firewall. Port 135 is used to initiate an RPC connection with a remote computer. In addition, there are other RPC interface ports that could be used by an attacker to remotely exploit this vulnerability. Blocking the following ports at the firewall will help prevent systems behind that firewall from being attacked by attempts to exploit this vulnerability:

  • TCP/UDP Port 135

  • TCP/UDP Port 139

  • TCP/UDP Port 445

In addition, customers may have configured services or protocols that use RPC that might also be accessible from the Internet. Systems administrators are strongly encouraged to examine RPC ports that are exposed to the Internet and to either block these ports at their firewall, or apply the patch immediately.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: