Avi Drabkin wrote: > > Has anyone experienced Cybercop crashing the LSASS.EXE service on NT 4.0 > SP6a? > > When we were running Cybercop to test for vulnerabilities it inadvertently > crashed every servers LSASS.EXE service rendering the machine unable to > perform any authentication as well as the inability to even shut it down. > > Just wondering if anyone has experienced this sort of problem?? Take a look at CyberCop's Module Configuration Dialog: Module Groups -> ID: 8000 / Name: Denial of Service Attacks Module Selection -> ID: 8034 / Name: Windows NT - LSASS.EXE Denial of Service <QUOTE> 8034 Windows NT - LSASS.EXE Denial of Service Risk Factor: High Complexity: Medium Fixease: Moderate Popularity: Widespread Rootcause: Implementation Impact: Availability Verbose Description: A vulnerability within the LSASS.EXE process on Windows NT systems allows for a denial of service attack, which causes an Access Violation in LSASS.EXE. This denial of service causes the LSASS.EXE process to stop running, preventing logons from the console, as well as preventing Event Viewer and Server Manager from operating. Security Concerns: Malicious users can launch this denial of service attack against your Microsoft Windows NT system. Warning: If this vulnerability was found on the target host, this means that the CyberCop Scanner Security Auditing System successfully performed this denial of service attack. Please reboot the target server immediately for it to function properly. Suggestion: This issue has been resolved in Service Pack 6a. The Service Pack can be downloaded from: http://www.microsoft.com/ntserver/nts/downloads/recommended/SP6/ References: The following Microsoft Knowledge Base articles provide more detailed information on this vulnerability: Q154087 - Access Violation in LSASS.EXE Due to Incorrect Buffer Size http://support.microsoft.com/support/kb/articles/Q154/0/87.ASP Q228467 - Access Violation in Lsass.exe When Passing a Null Pointer http://support.microsoft.com/support/kb/articles/Q228/4/67.ASP </QUOTE> Hope this help. > Thanks Sem mais, -- # Nelson Brito <nelsonat_private> # Security Analyst and Penetration Tester # Security Networks AG - The trust Company! # # Usage: cat <file> | perl signature.pl foreach(<STDIN>){chop;split(//,$_);print reverse @_;print "\n";}
This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 20:22:16 PDT