[原文]An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
This vulnerability was first detailed in a Microsoft Security Bulletin.
Microsoft Services for Unix 3.0
A denial of service condition has been reported for RPC applications that use the Sun RPC library. This vulnerability is the result of RPC applications improperly checking the size of TCP requests. RPC clients that use the Sun RPC library are expected to have TCP requests that specify the size of the record that follows. Due to a flaw in the way the RPC server handles client packets, it is possible for an attacker to send a malformed request to the RPC server.
When RPC servers receive malformed TCP requests, it results in the server failing to respond to further requests for service.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.