Windows 2000 SNMP DoS

[Chris Anley <chris () ngssoftware com>]

Hi folks,

I just verified that a bug I found a while (read: a year) ago was fixed in
Windows 2000 service pack 3. I didn't get a notification from MS about the
fix so apologies for the delay in posting the full details.

The bug is the one referenced at
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q296815

If you send SNMP queries for printer - related objects in the LANMAN MIB,
the SNMP service leaks around 30MB of memory per request, but only if the
print spooler service is *not* running. This eventually brings the whole
server down, with a powercycle needed to restart.

A lengthier advisory can be found at
http://www.ngssoftware.com/advisories/snmp_dos.txt

Once again, this is an old bug, fixed in Windows 2000 SP3. I'm publishing
this so folks with pre-sp3 boxes are aware of the issue.

     -chris.