Home page logo
/

bugtraq logo Bugtraq mailing list archives

SPOOLSS.EXE memory leak
From: aleph1 () DFW NET (Aleph One)
Date: Mon, 25 Aug 1997 12:51:45 -0500


---------- Forwarded message ----------
Date: Thu, 21 Aug 1997 11:50:51 +0200
From: Holas, Ond√łej <OHolas () EXCH DIGI-TRADE CZ>
To: NTBUGTRAQ () NTADVICE COM
Subject: SPOOLSS.EXE memory leak

After connecting to \\server\PIPE\SPOOLSS you can send probably any
amount of data to that pipe. Final effect is a memory leak in
SPOOLSS.EXE. The worst thing is, by default this connection can be
initiated over null-session (setting RestrictAnonymous to 1 has no
effect). To disable attack over null-session, you must remove line
"SPOOLSS" from
HKLM\System\CCS\Services\LanmanServer\Parameters\NullSessionPipes
(REG_MULTI_SZ), but after that authenticated users can still fill up
server's memory.

If you want source of leaking program and binary, simply send mail to
oholas () exch digi-trade cz and put "SPOOLSS REQUEST" (without quotation
marks) as a message subject.

Ondrej Holas, MCSE, MCT
DIGI TRADE
Prague, Czech Republic



  By Date           By Thread  

Current thread:
  • SPOOLSS.EXE memory leak Aleph One (Aug 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]