Re: Microsoft MSDTC NdrAllocate Validation Vulnerability

[<0x80 () hush ai>]

Shouldnt this be considered low risk and not medium?

On Wed, 10 May 2006 17:01:09 -0700 Avert <avert () avertlabs com> 
wrote:
> McAfee, Inc.
> McAfee Avert(tm) Labs Security Advisory
> Public Release Date: 2006-05-09
>
> Microsoft MSDTC NdrAllocate Validation Vulnerability
>
> CVE-2006-0034
> ___________________________________________________________________

> ___
>
> *      Synopsis
>
> There is an RPC procedure within the MSDTC interface in 
> msdtcprx.dll
> that may be called remotely without user credentials in such a way 

> that
> triggers a denial-of-service in the Distributed Transaction 
> Coordinator
> (MSDTC) service.
>
> Exploitation can at most lead to a denial of service and therefore 

> the
> risk factor is at medium.
> ___________________________________________________________________

> ___
>
> *      Vulnerable Systems
>
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Server 2003
>
> ___________________________________________________________________

> ___
>
> *      Vulnerability Information
>
> The msdtcprx.dll shared library contains RPC procedures for use 
> with
> the Distributed Transaction Coordinator (MSDTC) service utilized 
> in
> Microsoft Windows.
>
> By sending a large (greater than 4k) request to BuildContextW(), a
> size check can be bypassed and a bug in NdrAllocate() may be 
> reached.
>
> This vulnerability was reported to Microsoft on October 12, 2005
>
> ___________________________________________________________________

> ___
>
> *      Resolution
>
> Microsoft has provided a patch for this issue.  Please see their 
> bulletin, KB913580, for more information on obtaining and 
> installing
> the patch.
>
>
> ___________________________________________________________________

> ___
>
> *      Credits
>
> This vulnerability was discovered by Chen Xiaobo of McAfee Avert 
> Labs.
>
> ___________________________________________________________________

> ___
>
> ___________________________________________________________________

> ___
>
> *      Legal Notice
>
> Copyright (C) 2006 McAfee, Inc.
> The information contained within this advisory is provided for the
> convenience of McAfee's customers, and may be redistributed 
> provided
> that no fee is charged for distribution and that the advisory is 
> not
> modified in any way.  McAfee makes no representations or 
> warranties
> regarding the accuracy of the information referenced in this 
> document,
> or the suitability of that information for your purposes.
>
> McAfee, Inc. and McAfee Avert Labs are registered Trademarks of 
> McAfee,
> Inc. and/or its affiliated companies in the United States and/or 
> other
> Countries.  All other registered and unregistered trademarks in 
> this
> document are the sole property of their respective owners.
>
> ___________________________________________________________________

> ___
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/