Bugtraq mailing list archives
Re: w2k dos
From: "Bronek Kozicki" <brok () rubikon pl>
Date: Sun, 29 Jul 2001 15:05:26 +0200
I tested 2 similar systems. Both are Win2K Pro Eng, installed SP2 and
identical hotfixes:
Q285156 Windows 2000 Event Viewer Contains an Unchecked Buffer"
Q285851 Patch Available for Network DDE Agent Request Vulnerability"
Q292003 SP2 Adds Updates to Several Windows 2000 Support Tools"
Q293826 Pattern-Matching Function Causes Access Violation on FTP Server"
Q296185 Patch Available for New Variant of "Malformed Hit-Highlighting"
Q298012 Security Bulletin MS01-041 : Malformed RPC Request Can Cause Service
Failure (no KB article yet)
Q299687 LDAP over SSL Could Enable Passwords to Be Changed
Q300972 Unchecked Buffer in ISAPI Extension Can Cause Server Compromise
I used simplest command I could find: sleep from Resource Kit.
One system (128MB RAM) did not show blue screen, but simple resterted. Other
system (512MB RAM) displayed BSOD and the resterted, however no memory.dmp
was created (and definitely, system was set to create full memory.dmp)
I used kernel debugger running on serial port to get more details from both.
Apparently there's unhandled exception in csrss.exe process space (it's
Win32 SubSystem - wise book says that a lot of Win32 job is actually done by
Executive). You may find more details in attached Windbg log files:
csrss_halt-1.txt was recorded when smaller system crashed (one with 128MB
RAM)
csrss_halt-2.txt was recorded when bigger system crashed (one with 512MB
RAM). In this file I allowed system to continue running after exception was
handled by system dubugger (command tcb), so at the end of file you will
find BSOD itself. It looks like:
---
*** Fatal System Error: 0xc000021a
(0xE2682B68,0xC0000005,0x5FFB4484,0x00B5FA38)
STOP: c000021a {Fatal System Error}
The Windows SubSystem system process terminated unexpectedly
with a status of 0xc0000005 (0x5ffb4484 0x00b5fa38).
The system has been shut down.
---
Regards
B.Kozicki
PS. has anyone tested this problem with SMP system ?
Attachment:
csrss_halt-1.txt
Description:
Attachment:
csrss_halt-2.txt
Description:
Current thread:
- Re: w2k dos aleph1 (Jul 29)
- Re: w2k dos Bronek Kozicki (Jul 29)