Results 1 to 5 of 5

Thread: Heads up - Flaw in Windows NT Function Could Allow Denial of Service (823803

  1. #1
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038

    Heads up - Flaw in Windows NT Function Could Allow Denial of Service (823803

    Microsoft Security Bulletin MS03-029
    Print

    Flaw in Windows Function Could Allow Denial of Service (823803)

    Originally posted: July 23, 2003
    Summary

    Who should read this bulletin: Systems administrators running Microsoft® Windows® NT 4.0 Server

    Impact of vulnerability: Denial of service

    Maximum Severity Rating: Moderate

    Recommendation: Administrators of Windows NT 4.0 servers should consider applying the security patch.

    Affected Software:

    * Microsoft Windows NT 4.0 Server
    * Microsoft Windows NT 4.0 Terminal Server Edition

    Not Affected Software:

    * Microsoft Windows 2000
    * Microsoft Windows XP
    * Microsoft Windows Server 2003

    End User Bulletin: An end user version of this bulletin is available at:

    http://www.microsoft.com/security/se.../ms03-029.asp.

    Technical details

    Technical description:

    A flaw exists in a Windows NT 4.0 Server file management function that can cause a denial of service vulnerability. The flaw results because the affected function can cause memory that it does not own to be freed when a specially crafted request is passed to it. If the application making the request to the function does not carry out any user input validation and allows the specially crafted request to be passed to the function, the function may free memory that it does not own. As a result, the application passing the request could fail.

    By default, the affected function is not accessible remotely, however applications installed on the operating system that are available remotely may make use of the affected function. Application servers or Web servers are two such applications that may access the function. Note that Internet Information Server 4.0 (IIS 4.0) does not, by default, make use of the affected function.

    Mitigating factors:

    * The default installation of Windows NT 4.0 Server is not vulnerable to a remote denial of service. Additional software that makes use of the affected file management function must be installed on the system to expose the vulnerability remotely.
    * If the application calling the affected file management function carries out input validation, the specially crafted request may not be passed to the vulnerable function.
    * The vulnerability cannot be used to cause Windows NT 4.0 Server itself to fail. Only the application that makes the request may fail.

    Severity Rating:
    Windows NT 4.0 Server Moderate
    Windows NT 4.0 Terminal Server Edition Moderate
    The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.

    Vulnerability identifier: CAN-2003-0525

    Tested Versions:
    Microsoft tested Microsoft Windows NT 4.0 Server, Windows 2000, Windows XP and Windows Server 2003 to assess whether they are affected by these vulnerabilities. Previous versions are no longer supported, and may or may not be affected by these vulnerabilities.

    Frequently asked questions

    What’s the scope of the vulnerability?

    This is a denial of service vulnerability. An attacker who successfully exploited the vulnerability could cause an application running on a Windows NT 4.0 Server system to fail. By default the vulnerable function cannot be accessed remotely, however, additional software that may have been in installed on the server may make the function accessible remotely.

    From http://www.microsoft.com/technet/tre...n/MS03-029.asp
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  2. #2
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    Okay, now I have no problem discussing new security patches, or people posting about them, but please do not continue to simply copy/paste security updates into forums. If there is a reason why any one is special or significant, than feel free to do so, but even then, please post up your comment, or a question or something else along with it. Simple copy / pastes of security patches does not help many people, and is rather pointless.

    This post also refers to http://www.antionline.com/showthread...hreadid=246447 and http://www.antionline.com/showthread...hreadid=246448

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Forgive me if I'm wrong but aren't there at least *two* existing vulnerabilities in NT4 which could each allow at least as many problems as the one above, both of which Microsoft have refused to fix (in NT4)

    Is there not a local privilege escalation bug and the recent RPC remote execution bug.

    What's the point of them continuing to announce further flaws in NT4, if they aren't going to fix the old ones?

    Why does anybody care about a local DoS if there's a remote execution and a local privilege escalation already in the system? Isn't anybody who wanted to do a local DoS (something I find unlikely anyway), just going to use one of those to obtain localsystem and then halt the system? That's a pretty effective DoS.

  4. #4
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    TheEntropy: These are just the lastest from MS that were posted today. I was just trying to give a heads up to the busy admins out there who might browse Antionline but not check out the Technet site.

    Slarty: Yes, it is weird that they would choose to patch this security hole and not the others. I think that MS claimed that the others would "take a huge rewrite of code" to fix them in NT4.0.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    Another one. Why nobody had already done a MS flaw counter with the number of Windows flaws increasing in real time?

    What? The counter had exploded?
    Well, nevermind.
    Life is boring. Play NetHack... --more--

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •