lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri May 12 04:14:57 2006
From: soloaway at gmail.com (. Solo)
Subject: Microsoft MSDTC NdrAllocate Validation
	Vulnerability

Shut the fuck up!!




2006/5/11, 0x80@...h.ai <0x80@...h.ai>:
>
> Shouldnt this be considered low risk and not medium?
>
> On Wed, 10 May 2006 17:01:09 -0700 Avert <avert@...rtlabs.com>
> wrote:
> >McAfee, Inc.
> >McAfee Avert(tm) Labs Security Advisory
> >Public Release Date: 2006-05-09
> >
> >Microsoft MSDTC NdrAllocate Validation Vulnerability
> >
> >CVE-2006-0034
> >___________________________________________________________________
>
> >___
> >
> >*      Synopsis
> >
> >There is an RPC procedure within the MSDTC interface in
> >msdtcprx.dll
> >that may be called remotely without user credentials in such a way
>
> >that
> >triggers a denial-of-service in the Distributed Transaction
> >Coordinator
> >(MSDTC) service.
> >
> >Exploitation can at most lead to a denial of service and therefore
>
> >the
> >risk factor is at medium.
> >___________________________________________________________________
>
> >___
> >
> >*      Vulnerable Systems
> >
> >Microsoft Windows 2000
> >Microsoft Windows XP
> >Microsoft Windows Server 2003
> >
> >___________________________________________________________________
>
> >___
> >
> >*      Vulnerability Information
> >
> >The msdtcprx.dll shared library contains RPC procedures for use
> >with
> >the Distributed Transaction Coordinator (MSDTC) service utilized
> >in
> >Microsoft Windows.
> >
> >By sending a large (greater than 4k) request to BuildContextW(), a
> >size check can be bypassed and a bug in NdrAllocate() may be
> >reached.
> >
> >This vulnerability was reported to Microsoft on October 12, 2005
> >
> >___________________________________________________________________
>
> >___
> >
> >*      Resolution
> >
> >Microsoft has provided a patch for this issue.  Please see their
> >bulletin, KB913580, for more information on obtaining and
> >installing
> >the patch.
> >
> >
> >___________________________________________________________________
>
> >___
> >
> >*      Credits
> >
> >This vulnerability was discovered by Chen Xiaobo of McAfee Avert
> >Labs.
> >
> >___________________________________________________________________
>
> >___
> >
> >___________________________________________________________________
>
> >___
> >
> >*      Legal Notice
> >
> >Copyright (C) 2006 McAfee, Inc.
> >The information contained within this advisory is provided for the
> >convenience of McAfee's customers, and may be redistributed
> >provided
> >that no fee is charged for distribution and that the advisory is
> >not
> >modified in any way.  McAfee makes no representations or
> >warranties
> >regarding the accuracy of the information referenced in this
> >document,
> >or the suitability of that information for your purposes.
> >
> >McAfee, Inc. and McAfee Avert Labs are registered Trademarks of
> >McAfee,
> >Inc. and/or its affiliated companies in the United States and/or
> >other
> >Countries.  All other registered and unregistered trademarks in
> >this
> >document are the sole property of their respective owners.
> >
> >___________________________________________________________________
>
> >___
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> Concerned about your privacy? Instantly send FREE secure email, no account
> required
> http://www.hushmail.com/send?l=480
>
> Get the best prices on SSL certificates from Hushmail
> https://www.hushssl.com?l=485
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060512/32e3abe4/attachment.html

Powered by blists - more mailing lists