|
Full Disclosure
mailing list archives
Re: Microsoft MSDTC NdrAllocate Validation Vulnerability
From: <0x80 () hush ai>
Date: Thu, 11 May 2006 00:30:11 -0700
Shouldnt this be considered low risk and not medium?
On Wed, 10 May 2006 17:01:09 -0700 Avert <avert () avertlabs com>
wrote:
McAfee, Inc.
McAfee Avert(tm) Labs Security Advisory
Public Release Date: 2006-05-09
Microsoft MSDTC NdrAllocate Validation Vulnerability
CVE-2006-0034
___________________________________________________________________
___
* Synopsis
There is an RPC procedure within the MSDTC interface in
msdtcprx.dll
that may be called remotely without user credentials in such a way
that
triggers a denial-of-service in the Distributed Transaction
Coordinator
(MSDTC) service.
Exploitation can at most lead to a denial of service and therefore
the
risk factor is at medium.
___________________________________________________________________
___
* Vulnerable Systems
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
___________________________________________________________________
___
* Vulnerability Information
The msdtcprx.dll shared library contains RPC procedures for use
with
the Distributed Transaction Coordinator (MSDTC) service utilized
in
Microsoft Windows.
By sending a large (greater than 4k) request to BuildContextW(), a
size check can be bypassed and a bug in NdrAllocate() may be
reached.
This vulnerability was reported to Microsoft on October 12, 2005
___________________________________________________________________
___
* Resolution
Microsoft has provided a patch for this issue. Please see their
bulletin, KB913580, for more information on obtaining and
installing
the patch.
___________________________________________________________________
___
* Credits
This vulnerability was discovered by Chen Xiaobo of McAfee Avert
Labs.
___________________________________________________________________
___
___________________________________________________________________
___
* Legal Notice
Copyright (C) 2006 McAfee, Inc.
The information contained within this advisory is provided for the
convenience of McAfee's customers, and may be redistributed
provided
that no fee is charged for distribution and that the advisory is
not
modified in any way. McAfee makes no representations or
warranties
regarding the accuracy of the information referenced in this
document,
or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of
McAfee,
Inc. and/or its affiliated companies in the United States and/or
other
Countries. All other registered and unregistered trademarks in
this
document are the sole property of their respective owners.
___________________________________________________________________
___
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
