lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue May 16 13:26:02 2006
From: bart.lansing at hushmail.com (bart.lansing@...hmail.com)
Subject: Microsoft MSDTC NdrAllocate Validation
	Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You...looking for a mature response...priceless.

On Mon, 15 May 2006 12:10:37 -0500 0x80@...h.ai wrote:
>Ahhh there is a mature response.
>
>
>On Thu, 11 May 2006 20:14:49 -0700 ". Solo" <soloaway@...il.com>
>wrote:
>>Shut the fuck up!!
>>
>>
>>
>>
>>2006/5/11, 0x80@...h.ai <0x80@...h.ai>:
>>>
>>> Shouldnt this be considered low risk and not medium?
>>>
>>> On Wed, 10 May 2006 17:01:09 -0700 Avert <avert@...rtlabs.com>
>>> wrote:
>>> >McAfee, Inc.
>>> >McAfee Avert(tm) Labs Security Advisory
>>> >Public Release Date: 2006-05-09
>>> >
>>> >Microsoft MSDTC NdrAllocate Validation Vulnerability
>>> >
>>> >CVE-2006-0034
>>>
>>>_________________________________________________________________

>_
>
>>_
>>>
>>> >___
>>> >
>>> >*      Synopsis
>>> >
>>> >There is an RPC procedure within the MSDTC interface in
>>> >msdtcprx.dll
>>> >that may be called remotely without user credentials in such a

>
>>way
>>>
>>> >that
>>> >triggers a denial-of-service in the Distributed Transaction
>>> >Coordinator
>>> >(MSDTC) service.
>>> >
>>> >Exploitation can at most lead to a denial of service and
>>therefore
>>>
>>> >the
>>> >risk factor is at medium.
>>>
>>>_________________________________________________________________

>_
>
>>_
>>>
>>> >___
>>> >
>>> >*      Vulnerable Systems
>>> >
>>> >Microsoft Windows 2000
>>> >Microsoft Windows XP
>>> >Microsoft Windows Server 2003
>>> >
>>>
>>>_________________________________________________________________

>_
>
>>_
>>>
>>> >___
>>> >
>>> >*      Vulnerability Information
>>> >
>>> >The msdtcprx.dll shared library contains RPC procedures for
>use
>>> >with
>>> >the Distributed Transaction Coordinator (MSDTC) service
>>utilized
>>> >in
>>> >Microsoft Windows.
>>> >
>>> >By sending a large (greater than 4k) request to
>>BuildContextW(), a
>>> >size check can be bypassed and a bug in NdrAllocate() may be
>>> >reached.
>>> >
>>> >This vulnerability was reported to Microsoft on October 12,
>>2005
>>> >
>>>
>>>_________________________________________________________________

>_
>
>>_
>>>
>>> >___
>>> >
>>> >*      Resolution
>>> >
>>> >Microsoft has provided a patch for this issue.  Please see
>>their
>>> >bulletin, KB913580, for more information on obtaining and
>>> >installing
>>> >the patch.
>>> >
>>> >
>>>
>>>_________________________________________________________________

>_
>
>>_
>>>
>>> >___
>>> >
>>> >*      Credits
>>> >
>>> >This vulnerability was discovered by Chen Xiaobo of McAfee
>>Avert
>>> >Labs.
>>> >
>>>
>>>_________________________________________________________________

>_
>
>>_
>>>
>>> >___
>>> >
>>>
>>>_________________________________________________________________

>_
>
>>_
>>>
>>> >___
>>> >
>>> >*      Legal Notice
>>> >
>>> >Copyright (C) 2006 McAfee, Inc.
>>> >The information contained within this advisory is provided for

>
>>the
>>> >convenience of McAfee's customers, and may be redistributed
>>> >provided
>>> >that no fee is charged for distribution and that the advisory
>>is
>>> >not
>>> >modified in any way.  McAfee makes no representations or
>>> >warranties
>>> >regarding the accuracy of the information referenced in this
>>> >document,
>>> >or the suitability of that information for your purposes.
>>> >
>>> >McAfee, Inc. and McAfee Avert Labs are registered Trademarks
>of
>>> >McAfee,
>>> >Inc. and/or its affiliated companies in the United States
>>and/or
>>> >other
>>> >Countries.  All other registered and unregistered trademarks
>in
>>> >this
>>> >document are the sole property of their respective owners.
>>> >
>>>
>>>_________________________________________________________________

>_
>
>>_
>>>
>>> >___
>>> >
>>> >_______________________________________________
>>> >Full-Disclosure - We believe in it.
>>> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> >Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>>
>>> Concerned about your privacy? Instantly send FREE secure email,

>
>>no account
>>> required
>>> http://www.hushmail.com/send?l=480
>>>
>>> Get the best prices on SSL certificates from Hushmail
>>> https://www.hushssl.com?l=485
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>
>
>
>Concerned about your privacy? Instantly send FREE secure email, no

>account required
>http://www.hushmail.com/send?l=480
>
>Get the best prices on SSL certificates from Hushmail
>https://www.hushssl.com?l=485
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wkYEARECAAYFAkRpxMsACgkQuCj5fjTzkbDTZgCaA4pnBIDi5EuKsHJeeJO7zytyBsMA
n3Q4g/ngYWQGBLeFDLmYIsiReUc3
=UebB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ