[25285] in bugtraq
RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS
daemon@ATHENA.MIT.EDU (Andrew Kunz)
Fri Apr 26 16:56:31 2002
From: "Andrew Kunz" <kunza@tdbank.ca>
To: "'bugtraq'" <bugtraq@securityfocus.com>
Date: Fri, 26 Apr 2002 11:58:31 -0400
Message-ID: <001401c1ed3b$37a729c0$5b260431@tricorder>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
In-reply-to: <000e01c1e78f$399a07e0$1f00a8c0@KPMGIRMPGRUNDL>
Content-Transfer-Encoding: 8bit
After trying to locate sources or info to substantiate, including
expressing my concerns to the author of the vulnerability and a reprint
from another newsletter I received the following from Microsoft
----------
All these articles are miss-construing the problem and how it has been
addressed.
I looked into the problem identified and it is a bug that was fixed in
Windows 2000 Service Pack1.
----------
Andrew
-----Original Message-----
From: Peter Gründl [mailto:pgrundl@kpmg.dk]
Sent: Friday, April 19, 2002 6:45 AM
To: bugtraq
Subject: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS
--------------------------------------------------------------------
Title: Microsoft Distributed Transaction Coordinator DoS
BUG-ID: 2002015
Released: 19th Apr 2002
--------------------------------------------------------------------
Problem:
========
A flaw in the way MSDTC handles malformed packets could allow an
attacker to hang the service and exhaust ressources on the Server.
Vulnerable:
===========
- Windows 2000 Server without MS02-018 patch
