On Thu, 16 Dec 1999, NAI Labs wrote: # This new vulnerability affects all Windows NT 4.0 hosts including # those with Service packs up to and including SP6a. [...] # causing the LSA process to reference invalid memory resulting in an # application error. I wouldn't really call this a "new" vulnerability at all. BindView's advisory on a previously discovered remote vulnerability in the LSA (Phantom), released 6 months ago: http://www.bindview.com/security/advisory/phantom_a.html is essentially the same thing -- NAI just uses a different syscall. I suspect that there are more than just a few vulnerabilities of this nature still lurking in the LSA, nay, in the NT API. It would be interesting to see someone write a sort of LSA or Win32 API "fuzz". It would probably turn up a surprising number of problems, although maybe not so surprising to some of us.. # http://www.microsoft.com/downloads/release.asp?ReleaseID=16798 # http://www.microsoft.com/downloads/release.asp?ReleaseID=16799 The readership should note that while these above urls reference patches for the Syskey weak encryption vulnerability, resulting from a recently released BindView advisory (http://www.bindview.com/security/advisory/adv_WinNT_syskey.html), the patch itself already included fixes for this particular DoS. This is mentioned in the Security Bulletin, I believe. Jordan Ritter RAZOR Security BindView Corporation
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:45 PDT