SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Rpc Vendors:   Microsoft
Microsoft Windows RPC Service May Let Remote Users Deny Service
SecurityTracker Alert ID:  1015233
SecurityTracker URL:  http://securitytracker.com/id/1015233
CVE Reference:   CVE-2005-3644   (Links to External Site)
Updated:  Nov 19 2005
Original Entry Date:  Nov 17 2005
Impact:   Denial of service via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Windows 2000 SP4 and XP SP1; and prior service packs
Description:   A vulnerability was reported in the RPC service on Microsoft Windows. A remote user can cause denial of service conditions on the target system.

A remote user can trigger a memory allocation error in the RPC service to cause denial of service conditions. When sustained, the attack can cause excessive memory consumption on the target system.

On Windows 2000 SP4, a remote user can exploit this flaw. On Windows XP SP1, a remote authenticated user can exploit this flaw. However, in certain configurations, a remote user can authenticate as the Guest account and conduct this denial of service attack.

Windows XP SP2 is not affected. Windows Server 2003 and Windows Server 2003 SP1 are not affected.

Demonstration exploit code has been publicly released.

Winny Thomas reported this vulnerability.

Impact:   A remote user can cause excessive memory consumption on the target system, resulting in denial of service conditions. In some cases, authentication is required.
Solution:   No solution was available at the time of this entry.

However, the vendor notes that Windows XP SP2 is not affected and that Windows Server 2003 and Windows Server 2003 SP1 are not affected.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/advisory/911052.mspx

Vendor URL:  www.microsoft.com/technet/security/advisory/911052.mspx (Links to External Site)
Cause:   Resource error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC