[25173] in bugtraq
KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Peter_Gr=FCndl?=)
Fri Apr 19 16:06:23 2002
Message-ID: <000e01c1e78f$399a07e0$1f00a8c0@KPMGIRMPGRUNDL>
From: =?iso-8859-1?Q?Peter_Gr=FCndl?= <pgrundl@kpmg.dk>
To: "bugtraq" <bugtraq@securityfocus.com>
Date: Fri, 19 Apr 2002 12:44:44 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
--------------------------------------------------------------------
Title: Microsoft Distributed Transaction Coordinator DoS
BUG-ID: 2002015
Released: 19th Apr 2002
--------------------------------------------------------------------
Problem:
========
A flaw in the way MSDTC handles malformed packets could allow an
attacker to hang the service and exhaust ressources on the Server.
Vulnerable:
===========
- Windows 2000 Server without MS02-018 patch
Details:
========
If an attacker sends 20200 null characters to the MSDTC service,
which listens on TCP port 3372, server ressources are allocated
poorly. This attack can result in MSDTC.EXE spiking at 100% cpu
usage, MSDTC refusing connections and kernel ressources being
exhausted.
This was already corrected in MS02-018, and has been brought up
on Bugtraq (after it was reported to the vendor),
http://online.securityfocus.com/archive/1/253360
The security bulletin from Microsoft, however, does not mention
this vulnerability.
Vendor URL:
===========
You can visit the vendors webpage here: http://www.microsoft.com
Vendor response:
================
The vendor was contacted on the 24th of October, 2001. On the 15th
of March, 2002 we received a private hotfix, which corrected the
issue. On the 10th of April, 2002 the vendor released a public
bulletin. On the 19th of April, 2002 the vendor notified us that
the patch also included the patched binary for the MSDTC issue.
Corrective action:
==================
The vendor has released a patched binary, which is included in
the security rollup package MS02-018, available here:
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Author: Peter Gründl (pgrundl@kpmg.dk)
--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------
