Security Portal

Intrusion Prevention Service

 
Signature Version: 4.966

 



RPC Windows Lsasrv.dll RPC Overflow (Sasser)
 
Threat Level: Critical
Release Date: 2006/11/8
 
Category: Buffer Overflow
Signature ID: 1051195
Included In:
Affected OS: Windows
 
Description: eEye Digital Security has discovered a remote buffer overflow in the Windows LSA (Local Security Authority) Service (LSASRV.DLL). An unauthenticated attacker could exploit this vulnerability to execute arbitrary code with system-level privileges on Windows 2000 and Windows XP. This infected LSA function goes to TCP port 139 and 445 but LSARPC.
 
Impact: Remote code execution
Recommendation: Please off-line the victim host and patch the system or software which exists vulnerabilities immediately.
 
False Positive: None
False Negative: None
 
Additional Information (Links open in new window):
Reference(s): MISC:MS04-011;
 

Search the Threat Database
Enter Rule ID or Name