SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Windows Remote Desktop Vendors:   Microsoft
Windows Remote Desktop May Let Remote Users Crash the System
SecurityTracker Alert ID:  1010836
SecurityTracker URL:  http://securitytracker.com/id/1010836
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 2 2004
Impact:   Denial of service via network
Exploit Included:  Yes  

Description:   A denial of service vulnerability was reported in the Windows Remote Desktop service in Windows XP and Windows 2003. A remote user can cause the target system to crash in some cases.

Nick Lowe reported that on systems with Remote Desktop enabled, a remote user can hold down the Windows Key and the "U" key simultaneously and continuously at the login prompt to cause the target system to crash. The key sequence reportedly causes the target system to continually load the Windows utility manager, which will terminate if another instance is detected. However, it is reported that on some systems, instances of Windows utility manager can be loaded more quickly than they are terminated, causing all available memory to be consumed.

According to the report, Windows XP SP2 appears to be not vulneralble. Also, higher-performance systems are not affected.

Impact:   A remote user may be able to cause the target system to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] Remotely Exploitable DoS Flaw in XP and 2003


This is a multi-part message in MIME format.

------_=_NextPart_001_01C47828.A04672D0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-NAIMIME-Disclaimer: 1
X-NAIMIME-Modified: 1

=46rom anywhere with in either Windows XP and Windows 2003 - at the logon=
 screen if you want - holding down WinKey + U will, with time, slow the m=
achine down to a craw eventually causing the machine to lock.
=20
If remote desktop is enabled - at the login screen, the aforementioned ke=
y sequence can be held down, locking a machine remotely.
=20
Mitigating Factors:
=20
Windows XP SP2 does not seem to be vulnerable to this flaw.
The DoS flaw affects slower machines and those with less ram quicker than=
 higher specification machines. On very hi-spec machines, the flaw does n=
ot seem to be exploitable.
=20
Cause:
=20
The key sequence causes the Windows utility manager to be continuously be=
 loaded and executed. Even though the program terminates if another insta=
nce is detected, copies can be loaded quicker than the close - eating all=
 memory on the machine - eventually causing it to not respond to user inp=
ut.


This E-Mail and any files transmitted with it are confidential, may be le=
gally privileged and are intended solely for the use of the addressee. If=
 you have received this E-Mail in error you are requested to contact the =
sender immediately, and not disclose or make use of this information. Alt=
hough Oakham School operates an active anti virus policy, the organisatio=
n accepts no liability for any damage caused by any virus transmitted by =
this E-Mail, including any attachments.  The views contained in this E-Ma=
il are those of the author and not necessarily those of Oakham School.

------_=_NextPart_001_01C47828.A04672D0
Content-Type: text/HTML;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-NAIMIME-Disclaimer: 1
X-NAIMIME-Modified: 1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML DIR=3D=
ltr><HEAD><META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=
=3Diso-8859-1"></HEAD><BODY><DIV><FONT face=3D'Arial' color=3D#000000 siz=
e=3D2>From anywhere with in either Windows XP and Windows 2003 - =0Aat th=
e logon screen if you want - holding down WinKey + U will, with time, slo=
w =0Athe machine down to a craw eventually causing the machine to lock.</=
FONT></DIV>=0A<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A<DIV=
><FONT face=3DArial size=3D2>If remote desktop is enabled - at the login =
screen, =0Athe aforementioned key sequence can be held down, locking a ma=
chine =0Aremotely.</FONT></DIV>=0A<DIV><FONT face=3DArial size=3D2></FONT=
>&nbsp;</DIV>=0A<DIV><FONT face=3DArial size=3D2>Mitigating Factors:</FON=
T></DIV>=0A<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A<DIV><F=
ONT face=3DArial size=3D2>Windows XP SP2 does not seem to be vulnerable t=
o =0Athis flaw.</FONT></DIV>=0A<DIV><FONT face=3DArial size=3D2>The DoS f=
law affects slower machines and =0Athose&nbsp;with less ram quicker than =
higher specification machines. On very =0Ahi-spec machines, the flaw does=
 not seem to be exploitable.</FONT></DIV>=0A<DIV><FONT face=3DArial size=3D=
2></FONT>&nbsp;</DIV>=0A<DIV><FONT face=3DArial size=3D2>Cause:</FONT></D=
IV>=0A<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A<DIV><FONT f=
ace=3DArial size=3D2>The key sequence causes the Windows utility manager =
=0Ato be continuously be loaded and executed. Even though the program ter=
minates if =0Aanother instance is detected, copies can be loaded quicker =
than the close - =0Aeating all memory on the machine - eventually causing=
 it to not respond to user =0Ainput.</FONT></DIV>
<DIV><P><HR>
This E-Mail and any files transmitted with it are confidential, may be le=
gally privileged and are intended solely for the use of the addressee. If=
 you have received this E-Mail in error you are requested to contact the =
sender immediately, and not disclose or make use of this information. Alt=
hough Oakham School operates an active anti virus policy, the organisatio=
n accepts no liability for any damage caused by any virus transmitted by =
this E-Mail, including any attachments.  The views contained in this E-Ma=
il are those of the author and not necessarily those of Oakham School.
</P></DIV>
</BODY></HTML>
------_=_NextPart_001_01C47828.A04672D0--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC