[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft MSDTC NdrAllocate Validation Vulnerability
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <avert@xxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Microsoft MSDTC NdrAllocate Validation Vulnerability
- From: <0x80@xxxxxxx>
- Date: Thu, 11 May 2006 00:30:11 -0700
Shouldnt this be considered low risk and not medium?
On Wed, 10 May 2006 17:01:09 -0700 Avert <avert@xxxxxxxxxxxxx>
wrote:
>McAfee, Inc.
>McAfee Avert(tm) Labs Security Advisory
>Public Release Date: 2006-05-09
>
>Microsoft MSDTC NdrAllocate Validation Vulnerability
>
>CVE-2006-0034
>___________________________________________________________________
>___
>
>* Synopsis
>
>There is an RPC procedure within the MSDTC interface in
>msdtcprx.dll
>that may be called remotely without user credentials in such a way
>that
>triggers a denial-of-service in the Distributed Transaction
>Coordinator
>(MSDTC) service.
>
>Exploitation can at most lead to a denial of service and therefore
>the
>risk factor is at medium.
>___________________________________________________________________
>___
>
>* Vulnerable Systems
>
>Microsoft Windows 2000
>Microsoft Windows XP
>Microsoft Windows Server 2003
>
>___________________________________________________________________
>___
>
>* Vulnerability Information
>
>The msdtcprx.dll shared library contains RPC procedures for use
>with
>the Distributed Transaction Coordinator (MSDTC) service utilized
>in
>Microsoft Windows.
>
>By sending a large (greater than 4k) request to BuildContextW(), a
>size check can be bypassed and a bug in NdrAllocate() may be
>reached.
>
>This vulnerability was reported to Microsoft on October 12, 2005
>
>___________________________________________________________________
>___
>
>* Resolution
>
>Microsoft has provided a patch for this issue. Please see their
>bulletin, KB913580, for more information on obtaining and
>installing
>the patch.
>
>
>___________________________________________________________________
>___
>
>* Credits
>
>This vulnerability was discovered by Chen Xiaobo of McAfee Avert
>Labs.
>
>___________________________________________________________________
>___
>
>___________________________________________________________________
>___
>
>* Legal Notice
>
>Copyright (C) 2006 McAfee, Inc.
>The information contained within this advisory is provided for the
>convenience of McAfee's customers, and may be redistributed
>provided
>that no fee is charged for distribution and that the advisory is
>not
>modified in any way. McAfee makes no representations or
>warranties
>regarding the accuracy of the information referenced in this
>document,
>or the suitability of that information for your purposes.
>
>McAfee, Inc. and McAfee Avert Labs are registered Trademarks of
>McAfee,
>Inc. and/or its affiliated companies in the United States and/or
>other
>Countries. All other registered and unregistered trademarks in
>this
>document are the sole property of their respective owners.
>
>___________________________________________________________________
>___
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/