McAfee, Inc. McAfee Avert™ Labs Security Advisory Public Release Date: 2006-05-09 Microsoft MSDTC NdrAllocate Validation Vulnerability CVE-2006-0034 ______________________________________________________________________ • Synopsis There is an RPC procedure within the MSDTC interface in msdtcprx.dll that may be called remotely without user credentials in such a way that triggers a denial-of-service in the Distributed Transaction Coordinator (MSDTC) service. Exploitation can at most lead to a denial of service and therefore the risk factor is at medium. ______________________________________________________________________ • Vulnerable Systems Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 ______________________________________________________________________ • Vulnerability Information The msdtcprx.dll shared library contains RPC procedures for use with the Distributed Transaction Coordinator (MSDTC) service utilized in Microsoft Windows. By sending a large (greater than 4k) request to BuildContextW(), a size check can be bypassed and a bug in NdrAllocate() may be reached. This vulnerability was reported to Microsoft on October 12, 2005 ______________________________________________________________________ • Resolution Microsoft has provided a patch for this issue. Please see their bulletin, KB913580, for more information on obtaining and installing the patch. ______________________________________________________________________ • Credits This vulnerability was discovered by Chen Xiaobo of McAfee Avert Labs. ______________________________________________________________________ ______________________________________________________________________ • Legal Notice Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee’s customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes. McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. ______________________________________________________________________