KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS

From: Peter Gründl (pgrundlat_private)
Date: Fri Apr 19 2002 - 03:44:44 PDT

Next message: Burton M. Strauss III: "RE: segfault in ntop"

Previous message: Peter Gründl: "KPMG-2002014: Foundstone Fscan Format String Bug"
Next in thread: Andrew Kunz: "RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS"
Reply: Andrew Kunz: "RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--------------------------------------------------------------------

Title: Microsoft Distributed Transaction Coordinator DoS

BUG-ID: 2002015
Released: 19th Apr 2002
--------------------------------------------------------------------

Problem:
========
A flaw in the way MSDTC handles malformed packets could allow an
attacker to hang the service and exhaust ressources on the Server.


Vulnerable:
===========
- Windows 2000 Server without MS02-018 patch


Details:
========
If an attacker sends 20200 null characters to the MSDTC service,
which listens on TCP port 3372, server ressources are allocated
poorly. This attack can result in MSDTC.EXE spiking at 100% cpu
usage, MSDTC refusing connections and kernel ressources being
exhausted.

This was already corrected in MS02-018, and has been brought up
on Bugtraq (after it was reported to the vendor),

http://online.securityfocus.com/archive/1/253360

The security bulletin from Microsoft, however, does not mention
this vulnerability.


Vendor URL:
===========
You can visit the vendors webpage here: http://www.microsoft.com


Vendor response:
================
The vendor was contacted on the 24th of October, 2001. On the 15th
of March, 2002 we received a private hotfix, which corrected the
issue. On the 10th of April, 2002 the vendor released a public
bulletin. On the 19th of April, 2002 the vendor notified us that
the patch also included the patched binary for the MSDTC issue.


Corrective action:
==================
The vendor has released a patched binary, which is included in
the security rollup package MS02-018, available here:
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp


Author: Peter Gründl (pgrundlat_private)

--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------

Next message: Burton M. Strauss III: "RE: segfault in ntop"
Previous message: Peter Gründl: "KPMG-2002014: Foundstone Fscan Format String Bug"
Next in thread: Andrew Kunz: "RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS"
Reply: Andrew Kunz: "RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 13:05:57 PDT