lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon May 15 18:10:53 2006
From: 0x80 at hush.ai (0x80@...h.ai)
Subject: Microsoft MSDTC NdrAllocate Validation
	Vulnerability

Ahhh there is a mature response.


On Thu, 11 May 2006 20:14:49 -0700 ". Solo" <soloaway@...il.com> 
wrote:
>Shut the fuck up!!
>
>
>
>
>2006/5/11, 0x80@...h.ai <0x80@...h.ai>:
>>
>> Shouldnt this be considered low risk and not medium?
>>
>> On Wed, 10 May 2006 17:01:09 -0700 Avert <avert@...rtlabs.com>
>> wrote:
>> >McAfee, Inc.
>> >McAfee Avert(tm) Labs Security Advisory
>> >Public Release Date: 2006-05-09
>> >
>> >Microsoft MSDTC NdrAllocate Validation Vulnerability
>> >
>> >CVE-2006-0034
>> 
>>__________________________________________________________________

>_
>>
>> >___
>> >
>> >*      Synopsis
>> >
>> >There is an RPC procedure within the MSDTC interface in
>> >msdtcprx.dll
>> >that may be called remotely without user credentials in such a 
>way
>>
>> >that
>> >triggers a denial-of-service in the Distributed Transaction
>> >Coordinator
>> >(MSDTC) service.
>> >
>> >Exploitation can at most lead to a denial of service and 
>therefore
>>
>> >the
>> >risk factor is at medium.
>> 
>>__________________________________________________________________

>_
>>
>> >___
>> >
>> >*      Vulnerable Systems
>> >
>> >Microsoft Windows 2000
>> >Microsoft Windows XP
>> >Microsoft Windows Server 2003
>> >
>> 
>>__________________________________________________________________

>_
>>
>> >___
>> >
>> >*      Vulnerability Information
>> >
>> >The msdtcprx.dll shared library contains RPC procedures for use
>> >with
>> >the Distributed Transaction Coordinator (MSDTC) service 
>utilized
>> >in
>> >Microsoft Windows.
>> >
>> >By sending a large (greater than 4k) request to 
>BuildContextW(), a
>> >size check can be bypassed and a bug in NdrAllocate() may be
>> >reached.
>> >
>> >This vulnerability was reported to Microsoft on October 12, 
>2005
>> >
>> 
>>__________________________________________________________________

>_
>>
>> >___
>> >
>> >*      Resolution
>> >
>> >Microsoft has provided a patch for this issue.  Please see 
>their
>> >bulletin, KB913580, for more information on obtaining and
>> >installing
>> >the patch.
>> >
>> >
>> 
>>__________________________________________________________________

>_
>>
>> >___
>> >
>> >*      Credits
>> >
>> >This vulnerability was discovered by Chen Xiaobo of McAfee 
>Avert
>> >Labs.
>> >
>> 
>>__________________________________________________________________

>_
>>
>> >___
>> >
>> 
>>__________________________________________________________________

>_
>>
>> >___
>> >
>> >*      Legal Notice
>> >
>> >Copyright (C) 2006 McAfee, Inc.
>> >The information contained within this advisory is provided for 
>the
>> >convenience of McAfee's customers, and may be redistributed
>> >provided
>> >that no fee is charged for distribution and that the advisory 
>is
>> >not
>> >modified in any way.  McAfee makes no representations or
>> >warranties
>> >regarding the accuracy of the information referenced in this
>> >document,
>> >or the suitability of that information for your purposes.
>> >
>> >McAfee, Inc. and McAfee Avert Labs are registered Trademarks of
>> >McAfee,
>> >Inc. and/or its affiliated companies in the United States 
>and/or
>> >other
>> >Countries.  All other registered and unregistered trademarks in
>> >this
>> >document are the sole property of their respective owners.
>> >
>> 
>>__________________________________________________________________

>_
>>
>> >___
>> >
>> >_______________________________________________
>> >Full-Disclosure - We believe in it.
>> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>> Concerned about your privacy? Instantly send FREE secure email, 
>no account
>> required
>> http://www.hushmail.com/send?l=480
>>
>> Get the best prices on SSL certificates from Hushmail
>> https://www.hushssl.com?l=485
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ