Bugtraq mailing list archives
Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error
From: Ilia Sprite <sprite () lyceum usu ru>
Date: Wed, 13 Dec 2000 09:54:04 +0500
Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error Class: Unknown error Remotely Exploitable: Yes Locally Exploitable: Yes Risk: Medium Vendor status: Microsoft was notified on 7 December Vulnerability Description: MSTask.exe is an application that ships with the Windows NT 4.0 A strange behavior was discovered in the MSTask.exe code. If exploited, this vulnerability allows and attacker to slow down vulnerable Windows NT and sometimes to freeze it. Vulnerable Packages/Systems: Microsoft Windows NT 4.0 Workstation other systems was not tested. Solution/Vendor Information/Workaround: No solution I have found yet. Technical Description - Exploit/Concept Code: Technical Description - Exploit/Concept Code: It appears to me, from testing I have done, that MSTask.exe, usually listening on TCP 1026 (or some high port) will cause memory to be consumed if it is connected to and some random characters are sent to it. After such a connection, eventually the machine will freeze. The only solution appears to be a reboot. MSTask.exe, however, only permits connections via the localhost, or 127.0.0.1, so on most systems such an attack would have to originate from someone at the console (or connected via Terminal Server). However, if WinGate or Winproxy installed on the system, system becames vulnerable for remote attackers, because they can connect to system's 1026 tcp port via wingate or winproxy, and connection will be accepted. To reproduce the problem, use Winnt 4.0 Workstation. Do the following: 1. Start telnet.exe 2. Menu->Connect->Remote System=127.0.0.1 , Port=1026 3. Press 'Connect' button 4. When it is connects, type some random characters and press enter. 5. Close telnet.exe. Now you can see in taskmanager, that CPU usage is near 100% because of MSTask.exe. Sometimes (not always) system halts, sometimes MStask.exe listens on 1027 port or higher. I have tried to do this not only at my computer - it's always works. Windows 95/98 not vulnerable, because they has no MSTask.exe :-) Windows 2000 Enterprise Server has MSTask.exe and listens at 1026 port, but I dont check it. Any updates for this information available at http://www.eng.securityelf.net/exploit.mstask.php4 . ........................................................................... "Security/Elf.Net" Project - http://www.securityelf.net
Current thread:
- Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe code error Ilia Sprite (Dec 14)
- Re: Vulnerability Report For Microsoft Windows NT 4.0 MSTask.exe codeerror jmcontreras (Dec 16)