Bugtraq mailing list archives
Warning: LSASS.EXE problems
From: aleph1 () DFW NET (Aleph One)
Date: Tue, 8 Sep 1998 11:39:33 -0500
---------- Forwarded message ---------- Date: Mon, 7 Sep 1998 16:07:00 +0100 From: Mnemonix <mnemonix () globalnet co uk> To: ntsecurity () iss net Subject: [NTSEC] Warning: LSASS.EXE problems TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo () iss net Contact ntsecurity-owner () iss net for help with any problems! --------------------------------------------------------------------------- LSASS.EXE demonstrates a number of problems that can be exploited through a null session causing a Denial of Service attack. The LSA can only handle 2048 open SAMR pipes. What's more garbage can be written to the pipe that causes lsass.exe to begin eating all available memory. An attacker could open 2048 SAMR pipes and then fill the last with garbage. The consequences of this means that no-one can log on and the server, as memory becomes scarce begins to droop and slow with the LSA eventually not being able to keep track of open resources (see "In Use" from server manager) and processor usage raises c.65% from base level. This affects NT Server 4, NT Workstation 4 upto sp3. To demonstrate this problem I have created an executable called ubend.exe (pun on pipes and abend [cheers Sam Thornton of Diligence]). This is available for download from http://www.globalnet.co.uk/~mnemonix/ubend.zip l8r Mnemonix
Current thread:
- Re: Reading read-protected devices in *BSD Chris Wilson (Sep 07)
- Re: your mail Matt Watson (Sep 07)
- wwwthreads discussion forum security holes Ken Williams (Sep 08)
- Warning: LSASS.EXE problems Aleph One (Sep 08)