|
Brought to you by:
Suppliers of:
|
|
|
| |
| A security vulnerability in Windows's RPC implementaiton allows remote attackers to cause it to no longer respond to legitimate requests by sending it a malformed request. This effectivily allows a remote attacker to cause a denial of service attack against the Windows operating system. |
| |
Credit:
The information has been provided by Dave Aitel.
|
| |
Vulnerable systems:
* Windows 2000 SP1-SP3
Impact:
Remote Windows 2000 machines with port TCP 135 open to the Internet can be disabled without authentication of any kind. Other versions of Windows may also be vulnerable.
Technical details:
The vulnerability itself is within the DCE-RPC stack of Windows 2000 and related OS's. This vulnerability allows anyone who can connect to port 135 TCP to disable the RPC service. Disabling the RPC service causes the machine to stop responding to new RPC requests, disabling almost all functionality.
This is a Denial of Service via a null pointer dereference, and not exploitable to gain permissions on the remote machine. A proof of concept is available at http://www.immunitysec.com/vulnerabilities/.
This proof of concept Linux executable is derived from SPIKE 2.7 source code. Simply running SPIKE 2.7's msrpcfuzz is also known to replicate this problem.
Alleviation:
Block port tcp/135 from network connections. There are also configuration changes that can make you immune to this attack, but these are not completely known at this time.
|
|
|
|
|
