Microsoft Distributed Transaction Controller TIP DoS (MS05-051)
12 Oct. 2005
Summary
The Distributed Transaction Controller provides a method for disparate processes to complete atomic transactions. The Transaction Internet Protocol (TIP) is one the ways that the DTC service can be accessed. This service is part of a standard installation on Windows NT 4.0, Windows 2000, Windows XP and Windows 2003.
Remote exploitation of a denial of service vulnerability within various versions of Microsoft Corp.'s Windows operating system allows attackers to cause the msdtc.exe process to crash.
The vulnerability specifically exists because of a flaw in processing responses from foreign servers. The DoS can be triggered by sending a command sequence that causes the DTC service to connect back to a hostile server. If the hostile server sends an unexpected protocol command during the reconnection request, the DTC service will throw an exception and exit. This attack can be used to kill the DTC service and prevent other applications from using the service to process transactions.
The following commands can be sent over TCP port 3372 to force the DTC service to connect to an arbitrary host and process commands:
Analysis:
Successful exploitation of this vulnerability will cause applications requiring the MSDTC service to fail. One such service is Microsoft SQL Server. Any other applications that rely on clustering to be functional will also fail. This service should not be exposed to public networks, thus mitigating the risk of this vulnerability.
