Bugtraq mailing list archives
Re: [NTSEC] CPU Usage, Known NT 4.0 Security bugs
From: Russ.Cooper () RC on ca (Russ)
Date: Sat, 25 Jan 1997 12:07:51 -0600
The current 100% CPU usage does not fall into the category described below indicating 100% utilization only when something else does not require utilization. After exploiting INETINFO and driving it to 100%, I then launched Excel on the same machine. Utilization never dropped below 100% and Excel too far longer to start than normal. After starting it, I shut it down, still no dropback. I started IIS Manager to see if the exploited INETINFO would allow me, it did, and I was able to start and stop services, all without affecting the 100% utilization. Finally, I stopped all the IIS services and immediately the INETINFO process disappeared and utilization was normal. Starting the IIS services was successful, and INETINFO started up again normal. This bug is not in INETINFO, I know that for sure. There is no doubt the process will peg the CPU at 100% until its stopped and does in fact tax the CPU to 100%. As with the RPC bug, other processes can continue to function as the pegged thread is at priority 8, again. All of this testing has been done on NT 4.0 Server with SP2 and all 3 public fixes (that means with the kernel, ras, and rpc hot fixes). Could someone please test this on their own IIS machine running on NT 3.51, do a portscan between 1020 and 1070 typically, and the first port you find that responds, try the telnet to. Please, only do this to your own machine. I very much need to know if this bug affects 3.51 machines or not. Speaking of which, can anyone confirm for sure that the RPC bug affected their 3.51 machine? Obviously the message sent out from Microsoft was that it only affected 4.0 machines, but I had a few people tell me they saw it on their 3.51 boxes, but when pushed for confirmation, they haven't responded. Cheers, Russ R.C. Consulting, Inc. - NT/Internet Security Consulting "Why does Plug-n-Play so often turn into Unplug-n-Pay?"
Current thread:
- Re: [NTSEC] CPU Usage, Known NT 4.0 Security bugs Russ (Jan 25)
- <Possible follow-ups>
- Re: [NTSEC] CPU Usage, Known NT 4.0 Security bugs Aleph One (Jan 25)
