Guest

Cisco Building Broadband Service Manager

Field Notice: *Expired* FN - 28595 - Cisco Building Broadband Service Manager (BBSM) 5.0 and 5.1 Microsoft (MS) Patches

Cisco - Field Notice: *Expired* FN - 28595 - Cisco Building Broadband Service Manager (BBSM) 5.0 and 5.1 Microsoft (MS) Patches

Revised April 14, 2008
January 15, 2004


NOTICE:

THIS FIELD NOTICE HAS BEEN EXPIRED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Products Affected

Product

Comments

BBSM 5.0 and BBSM 5.1

BBSM 5.0 and BBSM 5.1

Note: 5.2 sp2 and 5.3 have this patch included in the baselines

  

Problem Description

Cisco Building Broadband Service Manager (BBSM) 5.0 and BBSM 5.1 do not have a webpatch available for the Microsoft Security Bulletin MS03-049 Buffer Overrun in the Workstation Service

MS03-049 can be safely installed directly from the Microsoft Download page.

Microsoft Security Bulletin MS03-049

Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)

Issued: November 11, 2003

Updated: November 19, 2003

Background

Technical description:

A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.

Mitigating factors:

  • If users have blocked inbound User Datagram Protocol (UDP) ports 138, 139, 445 and Transmission Control Protocol (TCP) ports 138, 139, 445 by using a firewall, an attacker would be prevented from sending messages to the Workstation service. Most firewalls, including Internet Connection Firewall in Windows XP, block these ports by default.

  • Disabling the Workstation service will prevent the possibility of attack. However there are a number of impacts when performing this workaround. Please see the Workaround/Solution section for more details.

  • Only Windows 2000 and Windows XP are affected. Other operating systems are not vulnerable to this attack.

Severity Rating:

Microsoft Windows 2000 Critical

Microsoft Windows XP Critical

Problem Symptoms

Denial of Service

Workaround/Solution

Install the fix directly from the Microsoft Download page.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.