Microsoft Security Bulletin (MS01-009) Malformed PPTP Packet Stream Vulnerability

[Kirk Corey <kcorey () dsi-inc net>]

Microsoft has re-released the patch for the Malformed PPTP Packet Stream
Vulnerability.  We'll release our full advisory (with exploit) next week
(bad form to release on the weekend.)  In the meantime, in order to help
people decide whether they need to apply the patch, I'd like to clarify a
few points.

The bulletin/faq only lists NT Server versions as vulnerable.  In fact, NT
Workstation is also vulnerable if PPTP is configured in server mode (i.e.,
configured to accept an incoming PPTP connection).  If your NT Workstation
is configured in this way, it may need to be patched.

Also, the faq states that several hundred packets are not enough to exploit
the vulnerability.  Actually, the patch fixes two vulnerabilities in the NT
PPTP component, one of which requires e.g., 400,000 packets to exploit, and
the other only about 10-50.

Just wanted to give the whitehats a good "heads up" before distributing the
full details and exploit.  The complete advisory will be available next week
from our Web site at http://www.dsi-inc.net/dsi , and it will also be
submitted to Bugtraq and NTBugtraq at the same time.

--------------------------------------------
Kirk Corey, MCP, CCNA
Manager, Information Technologies
Diversified Software Industries, Inc.