Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
MS06-018, CVE-2006-0034, CVE-2006-1184

This update patches two vulnerabilities in MSDTC
(CVE-2006-0034,CVE-2006-1184).
Both represent a denial of service in MSDTC which can be exploited locally
or remotely with malformed messages.

This vulnerability is listed as moderate for Windows 2000 versus Low for
XP and 2003 because MSDTC is enabled by default on that platform. The
severity is the same on the other platforms when the service is running.

There are three categories of mitigation available, but it is recommended
the patch be applied if possible. #1. The service can be disabled, but
this can affect a number of applications such as SQL Server, Exchange,
BizTalk, etc. #2 Network access for DTC can be disabled. This can also
affect services. Also its important to note that the vulnerability could
still be exploited locally. #3 Block network traffic with a firewall (host
or network). Traffic on ports greater than 1024 would need to be blocked
as well as any other configured RPC port.

Also note that this bulletin replaces MS05-051 on Windows 2000.

From Symantec:
"Although corrected in MS05-051, additional memory added in the allocater
for memory accounting was not accounted for. These additional 8 bytes can
be overwritten.These issues will kill the process and DoS the service."
(CVE-2006-1184)

(Thanks Robert for the write-up)



Lorna

165 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!