Bugtraq mailing list archives
Re: Windows NT LSA Remote Denial of Service
From: jpr5 () BOS BINDVIEW COM (Jordan Ritter)
Date: Thu, 16 Dec 1999 20:28:06 -0500
On Thu, 16 Dec 1999, NAI Labs wrote: # This new vulnerability affects all Windows NT 4.0 hosts including # those with Service packs up to and including SP6a. [...] # causing the LSA process to reference invalid memory resulting in an # application error. I wouldn't really call this a "new" vulnerability at all. BindView's advisory on a previously discovered remote vulnerability in the LSA (Phantom), released 6 months ago: http://www.bindview.com/security/advisory/phantom_a.html is essentially the same thing -- NAI just uses a different syscall. I suspect that there are more than just a few vulnerabilities of this nature still lurking in the LSA, nay, in the NT API. It would be interesting to see someone write a sort of LSA or Win32 API "fuzz". It would probably turn up a surprising number of problems, although maybe not so surprising to some of us.. # http://www.microsoft.com/downloads/release.asp?ReleaseID=16798 # http://www.microsoft.com/downloads/release.asp?ReleaseID=16799 The readership should note that while these above urls reference patches for the Syskey weak encryption vulnerability, resulting from a recently released BindView advisory (http://www.bindview.com/security/advisory/adv_WinNT_syskey.html), the patch itself already included fixes for this particular DoS. This is mentioned in the Security Bulletin, I believe. Jordan Ritter RAZOR Security BindView Corporation
Current thread:
- Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit] Qpopper Support (Dec 01)
- Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit] Richard Trott (Dec 16)
- Windows NT LSA Remote Denial of Service NAI Labs (Dec 16)
- Re: Windows NT LSA Remote Denial of Service Jordan Ritter (Dec 16)
- <Possible follow-ups>
- Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit] Qpopper Support (Dec 16)
- Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit] Maurycy Prodeus (Dec 17)
- Re: [lucid () TERRA NEBULA ORG: qpop3.0b20 and below - notes and exploit] Olaf Seibert (Dec 20)