what you don't know can hurt you

microsoft.dts.txt

microsoft.dts.txt
Posted Apr 25, 2002
Authored by Peter Grundl

Microsoft Distributed Transaction Coordinator DoS - A flaw in the way MSDTC handles malformed packets could allow an attacker to hang the service and exhaust resources on the Server. If an attacker sends 20200 null characters to the MSDTC service, which listens on TCP port 3372, server resources are allocated poorly. This attack can result in MSDTC.EXE spiking at 100% cpu usage, MSDTC refusing connections and kernel resources being exhausted. This was fixed with MS02-018, although the security bulletin does not mention this vulnerability.

tags | kernel, tcp
MD5 | e25b02dc80600cec84dac5e0cc8955a5

microsoft.dts.txt

Change Mirror Download
--------------------------------------------------------------------

Title: Microsoft Distributed Transaction Coordinator DoS

BUG-ID: 2002015
Released: 19th Apr 2002
--------------------------------------------------------------------

Problem:
========
A flaw in the way MSDTC handles malformed packets could allow an
attacker to hang the service and exhaust ressources on the Server.


Vulnerable:
===========
- Windows 2000 Server without MS02-018 patch


Details:
========
If an attacker sends 20200 null characters to the MSDTC service,
which listens on TCP port 3372, server ressources are allocated
poorly. This attack can result in MSDTC.EXE spiking at 100% cpu
usage, MSDTC refusing connections and kernel ressources being
exhausted.

This was already corrected in MS02-018, and has been brought up
on Bugtraq (after it was reported to the vendor),

http://online.securityfocus.com/archive/1/253360

The security bulletin from Microsoft, however, does not mention
this vulnerability.


Vendor URL:
===========
You can visit the vendors webpage here: http://www.microsoft.com


Vendor response:
================
The vendor was contacted on the 24th of October, 2001. On the 15th
of March, 2002 we received a private hotfix, which corrected the
issue. On the 10th of April, 2002 the vendor released a public
bulletin. On the 19th of April, 2002 the vendor notified us that
the patch also included the patched binary for the MSDTC issue.


Corrective action:
==================
The vendor has released a patched binary, which is included in
the security rollup package MS02-018, available here:
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp


Author: Peter Gr√ľndl (pgrundl@kpmg.dk)

--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close