Bugtraq mailing list archives
Q169461: Access Violation in DNS.EXE Caused by Malicious Telnet
From: aleph1 () DFW NET (Aleph One)
Date: Tue, 10 Jun 1997 18:31:53 -0500
DOCUMENT:Q169461 [winnt] TITLE: Access Violation in DNS.EXE Caused by Malicious Telnet Attack PRODUCT: Microsoft Windows NT PROD/VER:4.00 OPER/SYS:WINDOWS KEYWORDS:kbbug4.00 kbnetwork NTSrv nttcp -------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server version 4.0 -------------------------------------------------------------------------- SYMPTOMS ======== You may receive an Access Violation in Dns.exe. This is most often occurs on computers connected to public networks, such as the Internet, where deliberate attacks are common. CAUSE ===== This particular attack is usually generated maliciously by typing the following command on the attacking system: telnet <mycomputer> 19 | telnet <mycomputer> 53 This command causes a telnet connection to be established to port 19 (the chargen service, which generates a string of characters) with the output redirected to a telnet connection to port 53 (the DNS service.) This flood of characters causes an Access Violation in the DNS service, which is terminated, disrupting name resolution services. RESOLUTION ========== The Microsoft DNS Server has been modified to to correct this problem. Obtain the following fix or wait for the next Windows NT service pack. This hotfix has been posted to the following Internet location: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/ hotfixes-postSP3/dns-fix STATUS ====== Microsoft has confirmed this to be a problem in Windows NT version 4.0. A supported fix is now available, but has not been fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Technical Support for more information. Additional reference words: 4.00 prodnt denial of service dns telnet port 53 ============================================================================ THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Current thread:
- Re: A couple of patches (RFC931 and scp location) Matt Simmons (Jun 08)
- Re: A couple of patches (RFC931 and scp location) Joe Zbiciak (Jun 09)
- Re: A couple of patches (RFC931 and scp location) Paul B. Henson (Jun 09)
- Bad permissions (644) on /etc/shadow after editing via Krzysztof G. Baranowski (Jun 10)
- Q142047: Bad Network Packet May Cause Access Violation (AV) on Aleph One (Jun 10)
- Q167629: Predictable Query IDs Pose Security Risks for DNS Servers Aleph One (Jun 10)
- Q169461: Access Violation in DNS.EXE Caused by Malicious Telnet Aleph One (Jun 10)