[27554] in bugtraq
Windows 2000 SNMP DoS
daemon@ATHENA.MIT.EDU (Chris Anley)
Tue Oct 22 14:15:13 2002
Date: Tue, 22 Oct 2002 18:22:56 +0100 (GMT Daylight Time)
From: Chris Anley <chris@ngssoftware.com>
To: bugtraq@securityfocus.com
Message-ID: <Pine.WNT.4.44.0210221802080.1328-100000@kodiak>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi folks,
I just verified that a bug I found a while (read: a year) ago was fixed in
Windows 2000 service pack 3. I didn't get a notification from MS about the
fix so apologies for the delay in posting the full details.
The bug is the one referenced at
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q296815
If you send SNMP queries for printer - related objects in the LANMAN MIB,
the SNMP service leaks around 30MB of memory per request, but only if the
print spooler service is *not* running. This eventually brings the whole
server down, with a powercycle needed to restart.
A lengthier advisory can be found at
http://www.ngssoftware.com/advisories/snmp_dos.txt
Once again, this is an old bug, fixed in Windows 2000 SP3. I'm publishing
this so folks with pre-sp3 boxes are aware of the issue.
-chris.
