lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <01696CE88FB1364094CB0FA59D62716A2C7991@whp-exchmb1.whp.owhc.net>
Date: Mon, 15 May 2006 12:54:30 -0500
From: "Hayes, Bill" <Bill.Hayes@....com>
To: "Nick Boyce" <nick.boyce@...il.com>, <bugtraq@...urityfocus.com>
Subject: RE: Is MS06-018 a DoS or a system compromise ?


The answer seems to be "it depends".  There are really two MSDTC flaws, CVE-2006-0034 and CVE-2006-1184 that are being discussed. Secunia rates the cumulative security risk as "Moderately Critical" and weighs the DoS attack as the dominate effect for modern Windows OSes. FRSIRT rates the cumulative security risk as "High Risk" because older Windows systems can be exploited by one of the MSDTC flaws.

The CVE-2006-1184 flaw will cause DoS conditions. The CVE-2006-0034 vulnerability will cause DoS conditions and is exploitable on older systems. See eEye Digital Security advisory AD20060509a, "Microsoft Distributed Transaction Coordinator Heap Overflow".

According to the advisories posted by Secunia and eEye Digital security, a boundary error in the "CRpcIoManagerServer::BuildContext()" function could be exploited on Windows NT and Windows 2000 versions SP2 and SP3. These systems are patchable IF you have a special support arrangement with MS. 

Hopes this helps.

References:

http://secunia.com/advisories/20000/
http://www.frsirt.com/english/advisories/2006/1742
http://www.eeye.com/html/research/advisories/AD20060509a.html
http://www.eeye.com/html/research/advisories/AD20060509b.html
CVE-2006-0034 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0034
CVE-2006-1184 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1184


Bill...

-----Original Message-----
From: Nick Boyce [mailto:nick.boyce@...il.com]
Sent: Saturday, May 13, 2006 7:25 PM
To: bugtraq@...urityfocus.com
Subject: Is MS06-018 a DoS or a system compromise ?


There seems to be some confusion in MS Security Bulletin MS06-018,
"Vulnerability in Microsoft Distributed Transaction Coordinator".

The bulletin itself
(http://www.microsoft.com/technet/security/bulletin/ms06-018.mspx)
states :

  "An attacker could cause the Microsoft Distributed
  Transaction Coordinator (MSDTC) to stop responding.
  Note that the denial of service vulnerability would
  not allow an attacker to execute code or to elevate
  their user rights, but it could cause the affected
  system to stop accepting requests."

whereas the linked download pages for both the Win2K and WinXP patches
http://www.microsoft.com/downloads/details.aspx?familyid=8B98F380-0E5C-4B80-9710-95E1B35AFD83&displaylang=en
http://www.microsoft.com/downloads/details.aspx?familyid=D80B43B2-727B-46B6-82D1-F2CBD916FE32&displaylang=en
state :

  "A security issue has been identified in the
  Microsoft Distributed Transaction Controller
  service that could allow an attacker to compromise
  your Windows-based system and gain control over it."

The related McAfee advisory
(http://seclists.org/lists/bugtraq/2006/May/0215.html) states :

  "Exploitation can at most lead to a denial of service
  and therefore the risk factor is at medium."

so I guess DoS is what it is ... but it would still be nice if someone
in the know could confirm the download pages are wrong .... anyone
from Microsoft here ?

Cheers
Nick Boyce
-- 
One way to make your old car run better is to look up the
price of a new model.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ