|
Full Disclosure
mailing list archives
Re: Microsoft MSDTC NdrAllocate Validation Vulnerability
From: <0x80 () hush ai>
Date: Mon, 15 May 2006 10:10:37 -0700
Ahhh there is a mature response.
On Thu, 11 May 2006 20:14:49 -0700 ". Solo" <soloaway () gmail com>
wrote:
Shut the fuck up!!
2006/5/11, 0x80 () hush ai <0x80 () hush ai>:
Shouldnt this be considered low risk and not medium?
On Wed, 10 May 2006 17:01:09 -0700 Avert <avert () avertlabs com>
wrote:
McAfee, Inc.
McAfee Avert(tm) Labs Security Advisory
Public Release Date: 2006-05-09
Microsoft MSDTC NdrAllocate Validation Vulnerability
CVE-2006-0034
__________________________________________________________________
_
___
* Synopsis
There is an RPC procedure within the MSDTC interface in
msdtcprx.dll
that may be called remotely without user credentials in such a
way
that
triggers a denial-of-service in the Distributed Transaction
Coordinator
(MSDTC) service.
Exploitation can at most lead to a denial of service and
therefore
the
risk factor is at medium.
__________________________________________________________________
_
___
* Vulnerable Systems
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
__________________________________________________________________
_
___
* Vulnerability Information
The msdtcprx.dll shared library contains RPC procedures for use
with
the Distributed Transaction Coordinator (MSDTC) service
utilized
in
Microsoft Windows.
By sending a large (greater than 4k) request to
BuildContextW(), a
size check can be bypassed and a bug in NdrAllocate() may be
reached.
This vulnerability was reported to Microsoft on October 12,
2005
__________________________________________________________________
_
___
* Resolution
Microsoft has provided a patch for this issue. Please see
their
bulletin, KB913580, for more information on obtaining and
installing
the patch.
__________________________________________________________________
_
___
* Credits
This vulnerability was discovered by Chen Xiaobo of McAfee
Avert
Labs.
__________________________________________________________________
_
___
__________________________________________________________________
_
___
* Legal Notice
Copyright (C) 2006 McAfee, Inc.
The information contained within this advisory is provided for
the
convenience of McAfee's customers, and may be redistributed
provided
that no fee is charged for distribution and that the advisory
is
not
modified in any way. McAfee makes no representations or
warranties
regarding the accuracy of the information referenced in this
document,
or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of
McAfee,
Inc. and/or its affiliated companies in the United States
and/or
other
Countries. All other registered and unregistered trademarks in
this
document are the sole property of their respective owners.
__________________________________________________________________
_
___
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email,
no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
Intro
