Rule:

--
Sid:
3442

--
Summary:
This event is generated when an attempt is made exploit a known
vulnerability in Microsoft Windows TCP/IP print services.

--
Impact:
Serious. Denial of Service (DoS).

--
Detailed Information:
Microsoft Windows TCP/IP print services are used to share printers
attached to Windows based machines with other UNIX based hosts.

Microsoft Windows TCP/IP print services are vulnerable to a DoS when
processing malformed print requests. Other services may also be affected
and may need to be restarted to regain functionality should this attack
be sucessful.

--
Affected Systems:
	Microsoft Windows TCP/IP print services for Windows NT
	Microsoft Windows TCP/IP print services for Windows 2000

--
Attack Scenarios:
An attacker can send a malformed print request to port 515 on the server
hosting the print services and cause the DoS condition.

--
Ease of Attack:
Simple.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.

--
Contributors:
Sourcefire Vulnerability Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--
