Microsoft Dynamics GP magic number denial of service (DPS_Magic_Number_DoS)

About this signature or vulnerability

IBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Network, RealSecure Server Sensor, BlackICE Server Protection, BlackICE PC Protection, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Linux technology, RealSecure Desktop, Virtual Server Protection for Vmware:

A DPS message with an invalid magic number was encountered.


False positives

IBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Network, RealSecure Server Sensor, BlackICE Server Protection, BlackICE PC Protection, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Linux technology, RealSecure Desktop, Virtual Server Protection for Vmware: This signature fires on network traffic that will affect a vulnerable server. Unfortunately, the data used to perform the attack is malformed in such a way that it may not be positively identified. It is necessary to correlate these events with vulnerability information to positively identify malicious traffic.

Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

IBM Security Server Protection for Windows: 1.0.914.1890, Proventia Network MFS: XPU 1.88, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia-G 1.1 and earlier: XPU 24.49, Proventia Network IDS: XPU 24.49, RealSecure Network: XPU 24.49, RealSecure Server Sensor: XPU 24.49, BlackICE Server Protection: 3.6.cpu, BlackICE PC Protection: 3.6cpu, Proventia Network IPS: XPU 1.88, Proventia Desktop: 1890, Proventia Server IPS for Linux technology: 1.88, RealSecure Desktop: epu, Virtual Server Protection for Vmware: 1.0

Systems affected

Microsoft Business Solutions Great Plains: 7.5, Microsoft Business Solutions Dynamics: 6.0, Microsoft Business Solutions Dynamics: 7.0, Microsoft Dynamics GP: 9.0

Type

Denial of Service

Vulnerability description

Microsoft Dynamics GP (formerly known as Great Plains) is vulnerable to a denial of service caused by improper handling of Distributed Process Server (DPS) messages. By sending a specially-crafted DPS message containing an invalid magic number, a remote attacker could cause the system to crash.

How to remove this vulnerability

Upgrade to the latest version of Microsoft Dynamics GP (10.0 or later), available from the Microsoft Web site. See References.

References

Microsoft Web site
What's new in Microsoft Dynamics GP 10.0
http://www.microsoft.com/dynamics/gp/product/10.mspx

ISS X-Force
Microsoft Dynamics GP magic number denial of service
http://www.iss.net/security_center/static/25844.php

CVE
CVE-2006-5265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5265