lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <a847a3140605152024h4b95e85bpbbb0e467dab2ee42@mail.gmail.com>
Date: Tue, 16 May 2006 04:24:31 +0100
From: "Nick Boyce" <nick.boyce@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: Is MS06-018 a DoS or a system compromise ?


On 5/15/06, Hayes, Bill <Bill.Hayes@....com> wrote:

> The CVE-2006-1184 flaw will cause DoS conditions.
> The CVE-2006-0034 vulnerability will cause DoS conditions
> and is exploitable on older systems. See eEye Digital Security
> advisory AD20060509a, "Microsoft Distributed Transaction
> Coordinator Heap Overflow".
[...]
> References:
>
> http://secunia.com/advisories/20000/
> http://www.frsirt.com/english/advisories/2006/1742
> http://www.eeye.com/html/research/advisories/AD20060509a.html
> http://www.eeye.com/html/research/advisories/AD20060509b.html
> CVE-2006-0034 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0034
> CVE-2006-1184 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1184

Thanks for this useful clarification.  After reading through all the
docs you link, I've come up with a table of patch relevance that I
_think_ covers it :

[fixed width font required ...]

              | CVE-2006-0034                | CVE-2006-1184
--------------+------------------------------+--------------------
WinNT         | system compromise, no patch  | DoS, no patch
Win2K/SP2,SP3 | system compromise, no patch  | DoS, no patch
Win2K/SP4     | DoS, MS05-051 fixes [1]      | DoS, MS06-018 fixes
WinXP/SP1     | DoS, MS05-051 fixes [1]      | DoS, MS06-018 fixes
WinXP/SP2     | immune                       | DoS, MS06-018 fixes
Win2003       |  [2]                         | DoS, MS06-018 fixes

[1] MS05-051 is now replaced by MS06-018
[2] eEye says Win2003 immune / MS says fixed by MS06-018 ???

If that's right, then for the Windows versions still in support the
vulnerabilities are all DoS, so the Microsoft patch download page
severity statements are wrong (typos ?), albeit that non-public
patches are available via special support channels which _do_ fix
system compromise problems for NT and Win2K SP3/4.

Matt Carpenter wrote :

> Slightly aside, how many attacks classified as DoS are not truly
> exploitable for arbitrary code in the right hands?

Good question - hopefully not applicable here :-} .....
.... Except that Maxime Duchamp wrote :

> I have seen 2 servers last month which have been
> hacked .... There were servers which had port 3372
> accessible ..... I was not able to find any tool which
> was used to hack the server on this port, but I think
> DTC was the culprit.

Well that's disquieting.  I have no info to add here myself - but
noticing the silence in this thread from the major players, I wonder
whether more "research" is going on as we speak.

Thanks to all.
Nick Boyce
-- 
/* affect != effect */ void affect(int *thing,int effect) { *thing += effect; }


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ