OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Peter Gründl (pgrundlkpmg.dk)
Date: Fri Apr 19 2002 - 05:47:36 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    --------------------------------------------------------------------

    Title: Microsoft Distributed Transaction Coordinator DoS

    BUG-ID: 2002015
    Released: 19th Apr 2002
    --------------------------------------------------------------------

    Problem:
    ========
    A flaw in the way MSDTC handles malformed packets could allow an
    attacker to hang the service and exhaust ressources on the Server.

    Vulnerable:
    ===========
    - Windows 2000 Server without MS02-018 patch

    Details:
    ========
    If an attacker sends 20200 null characters to the MSDTC service,
    which listens on TCP port 3372, server ressources are allocated
    poorly. This attack can result in MSDTC.EXE spiking at 100% cpu
    usage, MSDTC refusing connections and kernel ressources being
    exhausted.

    This was already corrected in MS02-018, and has been brought up
    on Bugtraq (after it was reported to the vendor),

    http://online.securityfocus.com/archive/1/253360

    The security bulletin from Microsoft, however, does not mention
    this vulnerability.

    Vendor URL:
    ===========
    You can visit the vendors webpage here: http://www.microsoft.com

    Vendor response:
    ================
    The vendor was contacted on the 24th of October, 2001. On the 15th
    of March, 2002 we received a private hotfix, which corrected the
    issue. On the 10th of April, 2002 the vendor released a public
    bulletin. On the 19th of April, 2002 the vendor notified us that
    the patch also included the patched binary for the MSDTC issue.

    Corrective action:
    ==================
    The vendor has released a patched binary, which is included in
    the security rollup package MS02-018, available here:
    http://www.microsoft.com/technet/security/bulletin/ms02-018.asp

    Author: Peter Gründl (pgrundlkpmg.dk)

    --------------------------------------------------------------------
    KPMG is not responsible for the misuse of the information we provide
    through our security advisories. These advisories are a service to
    the professional security community. In no event shall KPMG be lia-
    ble for any consequences whatsoever arising out of or in connection
    with the use or spread of this information.
    --------------------------------------------------------------------