Bugtraq mailing list archives
SPOOLSS.EXE memory leak
From: aleph1 () DFW NET (Aleph One)
Date: Mon, 25 Aug 1997 12:51:45 -0500
---------- Forwarded message ---------- Date: Thu, 21 Aug 1997 11:50:51 +0200 From: Holas, Ondøej <OHolas () EXCH DIGI-TRADE CZ> To: NTBUGTRAQ () NTADVICE COM Subject: SPOOLSS.EXE memory leak After connecting to \\server\PIPE\SPOOLSS you can send probably any amount of data to that pipe. Final effect is a memory leak in SPOOLSS.EXE. The worst thing is, by default this connection can be initiated over null-session (setting RestrictAnonymous to 1 has no effect). To disable attack over null-session, you must remove line "SPOOLSS" from HKLM\System\CCS\Services\LanmanServer\Parameters\NullSessionPipes (REG_MULTI_SZ), but after that authenticated users can still fill up server's memory. If you want source of leaking program and binary, simply send mail to oholas () exch digi-trade cz and put "SPOOLSS REQUEST" (without quotation marks) as a message subject. Ondrej Holas, MCSE, MCT DIGI TRADE Prague, Czech Republic
Current thread:
- SPOOLSS.EXE memory leak Aleph One (Aug 25)