Bugtraq mailing list archives

KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS

From: Peter Gründl <pgrundl () kpmg dk>
Date: Fri, 19 Apr 2002 12:44:44 +0200

--------------------------------------------------------------------

Title: Microsoft Distributed Transaction Coordinator DoS

BUG-ID: 2002015
Released: 19th Apr 2002
--------------------------------------------------------------------

Problem:
========
A flaw in the way MSDTC handles malformed packets could allow an
attacker to hang the service and exhaust ressources on the Server.


Vulnerable:
===========
- Windows 2000 Server without MS02-018 patch


Details:
========
If an attacker sends 20200 null characters to the MSDTC service,
which listens on TCP port 3372, server ressources are allocated
poorly. This attack can result in MSDTC.EXE spiking at 100% cpu
usage, MSDTC refusing connections and kernel ressources being
exhausted.

This was already corrected in MS02-018, and has been brought up
on Bugtraq (after it was reported to the vendor),

http://online.securityfocus.com/archive/1/253360

The security bulletin from Microsoft, however, does not mention
this vulnerability.


Vendor URL:
===========
You can visit the vendors webpage here: http://www.microsoft.com


Vendor response:
================
The vendor was contacted on the 24th of October, 2001. On the 15th
of March, 2002 we received a private hotfix, which corrected the
issue. On the 10th of April, 2002 the vendor released a public
bulletin. On the 19th of April, 2002 the vendor notified us that
the patch also included the patched binary for the MSDTC issue.


Corrective action:
==================
The vendor has released a patched binary, which is included in
the security rollup package MS02-018, available here:
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp


Author: Peter Gründl (pgrundl () kpmg dk)

--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------

Current thread:

KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS Peter Gründl (Apr 19)
- RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS Andrew Kunz (Apr 26)