[3981] in bugtraq
Re: [NTSEC] CPU 100% Update (fwd)
daemon@ATHENA.MIT.EDU (Alfred Huger)
Tue Jan 28 20:00:32 1997
Date: Tue, 28 Jan 1997 16:27:31 -0700
Reply-To: Alfred Huger <ahuger@SECNET.COM>
From: Alfred Huger <ahuger@SECNET.COM>
X-To: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@netspace.org
In-Reply-To: <Pine.SUN.3.94.970128163128.6896A-100000@dfw.dfw.net>
On Tue, 28 Jan 1997, Aleph One wrote:
>
> Finally, on the issue of NT DNS. There was a security advisory sent out
> by Secure Computing indicating that NT DNS could be exploited by sending
The advisory was released by Secure Networks Inc. *Not* Secure Computing.
> results were that between DNS.EXE and SERVICES.EXE the CPU utilization
> was pegged at 100%.
The issue we released an advisory on was the NT DNS server choking and
dying when it recieved a response for a query it never issued. The patch
provided does not work.
> these problems, but I should warn you that this is not a supported fix
Yep, it is in fact an usupported patch.
> Given that DNS is one of the things that must be left open, the fact
> that it resolves the CPU 100% utilization problem from Telnet
> connections makes it a good fix in my book. I leave it to you to decide
> if you want to apply it or not. As yet, I have not seen a version for
> Alphas.
While the patch does not work for what *we* reported, it did seem to fix
the 100% CPU usage problem. Cold comfort considering anyone, anywhere on
the Internet can easilly *remove* your DNS server.
/*************************************************************************
Alfred Huger Phone: 403.262.9211
Secure Networks Inc. Fax: 403.262.9221
"Sit down before facts as a little child , be prepared to give up every
preconcieved notion, follow humbly wherever and whatever abysses nature
leads, or you will learn nothing" - Thomas H. Huxley
**************************************************************************/
