lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri May 12 04:14:57 2006 From: soloaway at gmail.com (. Solo) Subject: Microsoft MSDTC NdrAllocate Validation Vulnerability Shut the fuck up!! 2006/5/11, 0x80@...h.ai <0x80@...h.ai>: > > Shouldnt this be considered low risk and not medium? > > On Wed, 10 May 2006 17:01:09 -0700 Avert <avert@...rtlabs.com> > wrote: > >McAfee, Inc. > >McAfee Avert(tm) Labs Security Advisory > >Public Release Date: 2006-05-09 > > > >Microsoft MSDTC NdrAllocate Validation Vulnerability > > > >CVE-2006-0034 > >___________________________________________________________________ > > >___ > > > >* Synopsis > > > >There is an RPC procedure within the MSDTC interface in > >msdtcprx.dll > >that may be called remotely without user credentials in such a way > > >that > >triggers a denial-of-service in the Distributed Transaction > >Coordinator > >(MSDTC) service. > > > >Exploitation can at most lead to a denial of service and therefore > > >the > >risk factor is at medium. > >___________________________________________________________________ > > >___ > > > >* Vulnerable Systems > > > >Microsoft Windows 2000 > >Microsoft Windows XP > >Microsoft Windows Server 2003 > > > >___________________________________________________________________ > > >___ > > > >* Vulnerability Information > > > >The msdtcprx.dll shared library contains RPC procedures for use > >with > >the Distributed Transaction Coordinator (MSDTC) service utilized > >in > >Microsoft Windows. > > > >By sending a large (greater than 4k) request to BuildContextW(), a > >size check can be bypassed and a bug in NdrAllocate() may be > >reached. > > > >This vulnerability was reported to Microsoft on October 12, 2005 > > > >___________________________________________________________________ > > >___ > > > >* Resolution > > > >Microsoft has provided a patch for this issue. Please see their > >bulletin, KB913580, for more information on obtaining and > >installing > >the patch. > > > > > >___________________________________________________________________ > > >___ > > > >* Credits > > > >This vulnerability was discovered by Chen Xiaobo of McAfee Avert > >Labs. > > > >___________________________________________________________________ > > >___ > > > >___________________________________________________________________ > > >___ > > > >* Legal Notice > > > >Copyright (C) 2006 McAfee, Inc. > >The information contained within this advisory is provided for the > >convenience of McAfee's customers, and may be redistributed > >provided > >that no fee is charged for distribution and that the advisory is > >not > >modified in any way. McAfee makes no representations or > >warranties > >regarding the accuracy of the information referenced in this > >document, > >or the suitability of that information for your purposes. > > > >McAfee, Inc. and McAfee Avert Labs are registered Trademarks of > >McAfee, > >Inc. and/or its affiliated companies in the United States and/or > >other > >Countries. All other registered and unregistered trademarks in > >this > >document are the sole property of their respective owners. > > > >___________________________________________________________________ > > >___ > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > > > > Concerned about your privacy? Instantly send FREE secure email, no account > required > http://www.hushmail.com/send?l=480 > > Get the best prices on SSL certificates from Hushmail > https://www.hushssl.com?l=485 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060512/32e3abe4/attachment.html
Powered by blists - more mailing lists