Bugtraq mailing list archives
Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe codeerror
From: jmcontreras <jcontreras () AXXIS COM MX>
Date: Thu, 14 Dec 2000 10:33:58 +0000
This problem i tested in Windows NT 4.0 (SP 5) and it working !! I conect to the TCP 1027 port ... The pogram that use the (near 100%) CPU is the msdtc.exe byte ... Ilia Sprite wrote:
Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error Class: Unknown error Remotely Exploitable: Yes Locally Exploitable: Yes Risk: Medium Vendor status: Microsoft was notified on 7 December Vulnerability Description: MSTask.exe is an application that ships with the Windows NT 4.0 A strange behavior was discovered in the MSTask.exe code. If exploited, this vulnerability allows and attacker to slow down vulnerable Windows NT and sometimes to freeze it. Vulnerable Packages/Systems: Microsoft Windows NT 4.0 Workstation other systems was not tested. Solution/Vendor Information/Workaround: No solution I have found yet. Technical Description - Exploit/Concept Code: Technical Description - Exploit/Concept Code: It appears to me, from testing I have done, that MSTask.exe, usually listening on TCP 1026 (or some high port) will cause memory to be consumed if it is connected to and some random characters are sent to it. After such a connection, eventually the machine will freeze. The only solution appears to be a reboot. MSTask.exe, however, only permits connections via the localhost, or 127.0.0.1, so on most systems such an attack would have to originate from someone at the console (or connected via Terminal Server). However, if WinGate or Winproxy installed on the system, system becames vulnerable for remote attackers, because they can connect to system's 1026 tcp port via wingate or winproxy, and connection will be accepted. To reproduce the problem, use Winnt 4.0 Workstation. Do the following: 1. Start telnet.exe 2. Menu->Connect->Remote System=127.0.0.1 , Port=1026 3. Press 'Connect' button 4. When it is connects, type some random characters and press enter. 5. Close telnet.exe. Now you can see in taskmanager, that CPU usage is near 100% because of MSTask.exe. Sometimes (not always) system halts, sometimes MStask.exe listens on 1027 port or higher. I have tried to do this not only at my computer - it's always works. Windows 95/98 not vulnerable, because they has no MSTask.exe :-) Windows 2000 Enterprise Server has MSTask.exe and listens at 1026 port, but I dont check it. Any updates for this information available at http://www.eng.securityelf.net/exploit.mstask.php4 . ........................................................................... "Security/Elf.Net" Project - http://www.securityelf.net
-- Juan Manuel Contreras G. Consultor Especializado JAVA Axxis Integrated Technology jcontreras () axxis com mx Ph.- (+52) 5203-1040 http://www.axxis.com.mx/
Current thread:
- Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error Ilia Sprite (Dec 14)
- Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe codeerror jmcontreras (Dec 16)