From pgrundl@kpmg.dk Fri Apr 19 15:43:07 2002 From: "[iso-8859-1] Peter Gründl" To: vulnwatch Date: Fri, 19 Apr 2002 12:47:36 +0200 Subject: [VulnWatch] KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] -------------------------------------------------------------------- Title: Microsoft Distributed Transaction Coordinator DoS BUG-ID: 2002015 Released: 19th Apr 2002 -------------------------------------------------------------------- Problem: ======== A flaw in the way MSDTC handles malformed packets could allow an attacker to hang the service and exhaust ressources on the Server. Vulnerable: =========== - Windows 2000 Server without MS02-018 patch Details: ======== If an attacker sends 20200 null characters to the MSDTC service, which listens on TCP port 3372, server ressources are allocated poorly. This attack can result in MSDTC.EXE spiking at 100% cpu usage, MSDTC refusing connections and kernel ressources being exhausted. This was already corrected in MS02-018, and has been brought up on Bugtraq (after it was reported to the vendor), http://online.securityfocus.com/archive/1/253360 The security bulletin from Microsoft, however, does not mention this vulnerability. Vendor URL: =========== You can visit the vendors webpage here: http://www.microsoft.com Vendor response: ================ The vendor was contacted on the 24th of October, 2001. On the 15th of March, 2002 we received a private hotfix, which corrected the issue. On the 10th of April, 2002 the vendor released a public bulletin. On the 19th of April, 2002 the vendor notified us that the patch also included the patched binary for the MSDTC issue. Corrective action: ================== The vendor has released a patched binary, which is included in the security rollup package MS02-018, available here: http://www.microsoft.com/technet/security/bulletin/ms02-018.asp Author: Peter Gründl (pgrundl@kpmg.dk) -------------------------------------------------------------------- KPMG is not responsible for the misuse of the information we provide through our security advisories. These advisories are a service to the professional security community. In no event shall KPMG be lia- ble for any consequences whatsoever arising out of or in connection with the use or spread of this information. --------------------------------------------------------------------