Microsoft Dynamics GP magic number denial of service (DPS_Magic_Number_DoS)

About this signature or vulnerability

BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor, Proventia Network IPS, Proventia Desktop, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Server IPS for Linux technology:

A DPS message with an invalid magic number was encountered.


False positives

BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor, Proventia Network IPS, Proventia Desktop, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Server IPS for Linux technology: This signature fires on network traffic that will affect a vulnerable server. Unfortunately, the data used to perform the attack is malformed in such a way that it may not be positively identified. It is necessary to correlate these events with vulnerability information to positively identify malicious traffic.

Default risk level

Low risk vulnerability  Low

Sensors that have this signature

BlackICE Server Protection: 3.6.cpu, Proventia Server IPS for Microsoft Windows technology: 1.0.914.1890, BlackICE PC Protection: 3.6cpu, RealSecure Network: XPU 24.49, RealSecure Server Sensor: XPU 24.49, Proventia Network IPS: XPU 1.88, Proventia Desktop: 1890, Proventia Network MFS: XPU 1.88, Proventia-G 1.1 and earlier: XPU 24.49, Proventia Server IPS for Linux technology: 1.88

Systems affected

Microsoft Business Solutions Great Plains: 7.5, Microsoft Business Solutions Dynamics: 6.0, Microsoft Business Solutions Dynamics: 7.0, Microsoft Dynamics GP: 9.0

Type

Denial of Service

Vulnerability description

Microsoft Dynamics GP (formerly known as Great Plains) is vulnerable to a denial of service caused by improper handling of Distributed Process Server (DPS) messages. By sending a specially-crafted DPS message containing an invalid magic number, a remote attacker could cause the system to crash.

How to remove this vulnerability

Upgrade to the latest version of Microsoft Dynamics GP (10.0 or later), available from the Microsoft Web site. See References.

References

Microsoft Web site
What's new in Microsoft Dynamics GP 10.0
http://www.microsoft.com/dynamics/gp/product/10.mspx

ISS X-Force
Microsoft Dynamics GP magic number denial of service
http://www.iss.net/security_center/static/25844.php

CVE
CVE-2006-5265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5265