lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu May 11 08:30:26 2006
From: 0x80 at hush.ai (0x80@...h.ai)
Subject: Microsoft MSDTC NdrAllocate Validation
	Vulnerability

Shouldnt this be considered low risk and not medium?

On Wed, 10 May 2006 17:01:09 -0700 Avert <avert@...rtlabs.com> 
wrote:
>McAfee, Inc.
>McAfee Avert(tm) Labs Security Advisory
>Public Release Date: 2006-05-09
>
>Microsoft MSDTC NdrAllocate Validation Vulnerability
>
>CVE-2006-0034
>___________________________________________________________________

>___
>
>*	Synopsis
>
>There is an RPC procedure within the MSDTC interface in 
>msdtcprx.dll
>that may be called remotely without user credentials in such a way 

>that
>triggers a denial-of-service in the Distributed Transaction 
>Coordinator
>(MSDTC) service.
>
>Exploitation can at most lead to a denial of service and therefore 

>the
>risk factor is at medium.
>___________________________________________________________________

>___
>
>*	Vulnerable Systems
>
>Microsoft Windows 2000
>Microsoft Windows XP
>Microsoft Windows Server 2003
>
>___________________________________________________________________

>___
>
>*	Vulnerability Information
>
>The msdtcprx.dll shared library contains RPC procedures for use 
>with
>the Distributed Transaction Coordinator (MSDTC) service utilized 
>in
>Microsoft Windows.
>
>By sending a large (greater than 4k) request to BuildContextW(), a
>size check can be bypassed and a bug in NdrAllocate() may be 
>reached.
>
>This vulnerability was reported to Microsoft on October 12, 2005
>
>___________________________________________________________________

>___
>
>*	Resolution
>
>Microsoft has provided a patch for this issue.  Please see their 
>bulletin, KB913580, for more information on obtaining and 
>installing
>the patch.
>
>
>___________________________________________________________________

>___
>
>*	Credits
>
>This vulnerability was discovered by Chen Xiaobo of McAfee Avert 
>Labs.
>
>___________________________________________________________________

>___
>
>___________________________________________________________________

>___
>
>*	Legal Notice
>
>Copyright (C) 2006 McAfee, Inc.
>The information contained within this advisory is provided for the
>convenience of McAfee's customers, and may be redistributed 
>provided
>that no fee is charged for distribution and that the advisory is 
>not
>modified in any way.  McAfee makes no representations or 
>warranties
>regarding the accuracy of the information referenced in this 
>document,
>or the suitability of that information for your purposes.
>
>McAfee, Inc. and McAfee Avert Labs are registered Trademarks of 
>McAfee,
>Inc. and/or its affiliated companies in the United States and/or 
>other
>Countries.  All other registered and unregistered trademarks in 
>this
>document are the sole property of their respective owners.
>
>___________________________________________________________________

>___
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ