exploit the possibilities

microsoft.dts.txt

microsoft.dts.txt
Posted Apr 25, 2002
Authored by Peter Grundl

Microsoft Distributed Transaction Coordinator DoS - A flaw in the way MSDTC handles malformed packets could allow an attacker to hang the service and exhaust resources on the Server. If an attacker sends 20200 null characters to the MSDTC service, which listens on TCP port 3372, server resources are allocated poorly. This attack can result in MSDTC.EXE spiking at 100% cpu usage, MSDTC refusing connections and kernel resources being exhausted. This was fixed with MS02-018, although the security bulletin does not mention this vulnerability.

tags | kernel, tcp
MD5 | e25b02dc80600cec84dac5e0cc8955a5

microsoft.dts.txt

Change Mirror Download
--------------------------------------------------------------------

Title: Microsoft Distributed Transaction Coordinator DoS

BUG-ID: 2002015
Released: 19th Apr 2002
--------------------------------------------------------------------

Problem:
========
A flaw in the way MSDTC handles malformed packets could allow an
attacker to hang the service and exhaust ressources on the Server.


Vulnerable:
===========
- Windows 2000 Server without MS02-018 patch


Details:
========
If an attacker sends 20200 null characters to the MSDTC service,
which listens on TCP port 3372, server ressources are allocated
poorly. This attack can result in MSDTC.EXE spiking at 100% cpu
usage, MSDTC refusing connections and kernel ressources being
exhausted.

This was already corrected in MS02-018, and has been brought up
on Bugtraq (after it was reported to the vendor),

http://online.securityfocus.com/archive/1/253360

The security bulletin from Microsoft, however, does not mention
this vulnerability.


Vendor URL:
===========
You can visit the vendors webpage here: http://www.microsoft.com


Vendor response:
================
The vendor was contacted on the 24th of October, 2001. On the 15th
of March, 2002 we received a private hotfix, which corrected the
issue. On the 10th of April, 2002 the vendor released a public
bulletin. On the 19th of April, 2002 the vendor notified us that
the patch also included the patched binary for the MSDTC issue.


Corrective action:
==================
The vendor has released a patched binary, which is included in
the security rollup package MS02-018, available here:
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp


Author: Peter Gr√ľndl (pgrundl@kpmg.dk)

--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close