Full Disclosure mailing list archives

Re: Microsoft MSDTC NdrAllocate Validation Vulnerability

From: <bart.lansing () hushmail com>
Date: Tue, 16 May 2006 07:25:47 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You...looking for a mature response...priceless.

On Mon, 15 May 2006 12:10:37 -0500 0x80 () hush ai wrote:

Ahhh there is a mature response.


On Thu, 11 May 2006 20:14:49 -0700 ". Solo" <soloaway () gmail com>
wrote:

Shut the fuck up!!




2006/5/11, 0x80 () hush ai <0x80 () hush ai>:


Shouldnt this be considered low risk and not medium?

On Wed, 10 May 2006 17:01:09 -0700 Avert <avert () avertlabs com>
wrote:

McAfee, Inc.
McAfee Avert(tm) Labs Security Advisory
Public Release Date: 2006-05-09

Microsoft MSDTC NdrAllocate Validation Vulnerability

CVE-2006-0034


_________________________________________________________________

___

*      Synopsis

There is an RPC procedure within the MSDTC interface in
msdtcprx.dll
that may be called remotely without user credentials in such a

way

that
triggers a denial-of-service in the Distributed Transaction
Coordinator
(MSDTC) service.

Exploitation can at most lead to a denial of service and

therefore

the
risk factor is at medium.


_________________________________________________________________

___

*      Vulnerable Systems

Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003


_________________________________________________________________

___

*      Vulnerability Information

The msdtcprx.dll shared library contains RPC procedures for

use

with
the Distributed Transaction Coordinator (MSDTC) service

utilized

in
Microsoft Windows.

By sending a large (greater than 4k) request to

BuildContextW(), a

size check can be bypassed and a bug in NdrAllocate() may be
reached.

This vulnerability was reported to Microsoft on October 12,


_________________________________________________________________

___

*      Resolution

Microsoft has provided a patch for this issue.  Please see

their

bulletin, KB913580, for more information on obtaining and
installing
the patch.


_________________________________________________________________

___

*      Credits

This vulnerability was discovered by Chen Xiaobo of McAfee

Avert

Labs.


_________________________________________________________________

___


_________________________________________________________________

___

*      Legal Notice

Copyright (C) 2006 McAfee, Inc.
The information contained within this advisory is provided for

the

convenience of McAfee's customers, and may be redistributed
provided
that no fee is charged for distribution and that the advisory

is

not
modified in any way.  McAfee makes no representations or
warranties
regarding the accuracy of the information referenced in this
document,
or the suitability of that information for your purposes.

McAfee, Inc. and McAfee Avert Labs are registered Trademarks

of

McAfee,
Inc. and/or its affiliated companies in the United States

and/or

other
Countries.  All other registered and unregistered trademarks

in

this
document are the sole property of their respective owners.


_________________________________________________________________

___

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




Concerned about your privacy? Instantly send FREE secure email,

no account

required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




Concerned about your privacy? Instantly send FREE secure email, no

account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wkYEARECAAYFAkRpxMsACgkQuCj5fjTzkbDTZgCaA4pnBIDi5EuKsHJeeJO7zytyBsMA
n3Q4g/ngYWQGBLeFDLmYIsiReUc3
=UebB
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Microsoft MSDTC NdrAllocate Validation Vulnerability Avert (May 10)
- <Possible follow-ups>
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 11)
  - Re: Microsoft MSDTC NdrAllocate Validation Vulnerability . Solo (May 11)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 15)
  - Re: Microsoft MSDTC NdrAllocate Validation Vulnerability . Solo (May 16)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability bart.lansing (May 16)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 16)
  - Re: Microsoft MSDTC NdrAllocate Validation Vulnerability Rajesh V (May 17)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 20)
  - Re: Microsoft MSDTC NdrAllocate Validation Vulnerability ad () heapoverflow com (May 20)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 20)
  - Re: Microsoft MSDTC NdrAllocate Validation Vulnerability ad () heapoverflow com (May 20)
  - Re: Microsoft MSDTC NdrAllocate Validation Vulnerability Barrie Dempster (May 21)
- Re: Microsoft MSDTC NdrAllocate Validation Vulnerability 0x80 (May 20)