RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS

["Andrew Kunz" <kunza () tdbank ca>]

After trying to locate sources or info to substantiate, including
expressing my concerns to the author of the vulnerability and a reprint
from another newsletter I received the following from Microsoft

----------
All these articles are miss-construing the problem and how it has been
addressed.
I looked into the problem identified and it is a bug that was fixed in
Windows 2000 Service Pack1.
----------


Andrew


-----Original Message-----
From: Peter Gründl [mailto:pgrundl () kpmg dk] 
Sent: Friday, April 19, 2002 6:45 AM
To: bugtraq
Subject: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS

--------------------------------------------------------------------

Title: Microsoft Distributed Transaction Coordinator DoS

BUG-ID: 2002015
Released: 19th Apr 2002
--------------------------------------------------------------------

Problem:
========
A flaw in the way MSDTC handles malformed packets could allow an
attacker to hang the service and exhaust ressources on the Server.


Vulnerable:
===========
- Windows 2000 Server without MS02-018 patch