Detects Microsoft Windows systems with Dns Server RPC vulnerable to MS07-029.
MS07-029 targets the
R_DnssrvQuery2() RPC method which isa part of DNS Server RPC interface that serves as a RPC service for configuring and getting information from the DNS Server service. DNS Server RPC service can be accessed using "\dnsserver" SMB named pipe. The vulnerability is triggered when a long string is send as the "zone" parameter which causes the buffer overflow which crashes the service.
This check was previously part of smb-check-vulns.
The DNS Server Service may not be enabled by default in certain server role configurations. On Domain Controller with DNS Server Functionality, DNS Server, and Microsoft Small Business Server configurations the DNS Server Service is enabled by default.
The update removes the vulnerability by modifying the way that RPC validates the length of a message before it passes the message to the allocated buffer.