Full Disclosure mailing list archives
Re: Microsoft MSDTC NdrAllocate Validation Vulnerability
From: <0x80 () hush ai>
Date: Thu, 11 May 2006 00:30:11 -0700
Shouldnt this be considered low risk and not medium? On Wed, 10 May 2006 17:01:09 -0700 Avert <avert () avertlabs com> wrote:
McAfee, Inc. McAfee Avert(tm) Labs Security Advisory Public Release Date: 2006-05-09 Microsoft MSDTC NdrAllocate Validation Vulnerability CVE-2006-0034 ___________________________________________________________________
___ * Synopsis There is an RPC procedure within the MSDTC interface in msdtcprx.dll that may be called remotely without user credentials in such a way
that triggers a denial-of-service in the Distributed Transaction Coordinator (MSDTC) service. Exploitation can at most lead to a denial of service and therefore
the risk factor is at medium. ___________________________________________________________________
___ * Vulnerable Systems Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 ___________________________________________________________________
___ * Vulnerability Information The msdtcprx.dll shared library contains RPC procedures for use with the Distributed Transaction Coordinator (MSDTC) service utilized in Microsoft Windows. By sending a large (greater than 4k) request to BuildContextW(), a size check can be bypassed and a bug in NdrAllocate() may be reached. This vulnerability was reported to Microsoft on October 12, 2005 ___________________________________________________________________
___ * Resolution Microsoft has provided a patch for this issue. Please see their bulletin, KB913580, for more information on obtaining and installing the patch. ___________________________________________________________________
___ * Credits This vulnerability was discovered by Chen Xiaobo of McAfee Avert Labs. ___________________________________________________________________
___ ___________________________________________________________________
___ * Legal Notice Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided for the convenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. McAfee makes no representations or warranties regarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes. McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. ___________________________________________________________________
___ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft MSDTC NdrAllocate Validation Vulnerability Avert (May 10)
- <Possible follow-ups>
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 11)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability . Solo (May 11)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 15)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability . Solo (May 16)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability bart.lansing (May 16)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 16)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability Rajesh V (May 17)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 20)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability ad () heapoverflow com (May 20)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 20)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability ad () heapoverflow com (May 20)
(Thread continues...)