CVE-2006-1184
CVSS5.0
发布时间 :2006-05-09 22:14:00
修订时间 :2011-03-07 21:32:20
NMCOPS    

[原文]Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.


[CNNVD]Microsoft Windows MSDTC无效内存访问 拒绝服务漏洞(CNNVD-200605-156)

        Microsoft Windows是微软发布的非常流行的操作系统。
        Windows系统的MSDTC处理某些畸形DCE-RPC请求时存在内存分配漏洞,远程攻击者可能利用此漏洞对服务器执行拒绝服务攻击。
        MS05-051中所述的MSDTC RPC漏洞利用的是MSDTCPRX.DLL中MIDL_user_allocate函数实现内存管理器的方式。该函数接收任何分配大小,但最多只能分配4KB的内存。然后RPCRT4会试图将管理数据储存到(memory address + requested size),这就可能导致修改任意内存,因为任意大小的分配尝试都会成功,但所保留的内存最多只有4KB。
        MS05-051的hotfix对分配大小设置了上限,在Windows Server 2003为0xFA8,在Windows 2000中为0xFB0。这种检查还不足以防范对所分配4KB以外内存的访问。在Windows 2000上,如果将单个BuildContextW请求的"UuidString"或"GuidIn"设置为最大字符计数0x7D0的话,就会导致默认状态的MSDTC崩溃。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_nt:4.0:sp5Microsoft Windows 4.0 sp5
cpe:/o:microsoft:windows_nt:4.0:sp1:serverMicrosoft Windows 4.0 sp1 server
cpe:/o:microsoft:windows_2000::sp1:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP1
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstationMicrosoft Windows 4.0 sp5 workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:workstationMicrosoft Windows 4.0 sp3 workstation
cpe:/o:microsoft:windows_xp::gold:professionalMicrosoft Windows XP Professional Gold
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_2000::sp2:advanced_serverMicrosoft Windows 2000 Advanced Server SP2
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2000::sp2:professionalMicrosoft Windows 2000 Professional SP2
cpe:/o:microsoft:windows_nt:4.0:sp1:workstationMicrosoft Windows 4.0 sp1 workstation
cpe:/o:microsoft:windows_nt:4.0:sp4:workstationMicrosoft Windows 4.0 sp4 workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_2000:::professional
cpe:/o:microsoft:windows_nt:4.0:sp1Microsoft Windows 4.0 sp1
cpe:/o:microsoft:windows_xp::sp1:home
cpe:/o:microsoft:windows_nt:4.0:sp6a:serverMicrosoft Windows 4.0 sp6a server
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2000::sp1:professionalMicrosoft Windows 2000 Professional SP1
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP6
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_nt:4.0:sp2:serverMicrosoft Windows 4.0 sp2 server
cpe:/o:microsoft:windows_nt:4.0:sp4Microsoft Windows 4.0 sp4
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:serverMicrosoft Windows 4.0 sp3 server
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP4
cpe:/o:microsoft:windows_2000::sp2:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP2
cpe:/o:microsoft:windows_2000::sp4:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP4
cpe:/o:microsoft:windows_2000:::server
cpe:/o:microsoft:windows_xp::sp2:tablet_pcMicrosoft windows xp_sp2 tablet_pc
cpe:/o:microsoft:windows_nt:4.0:sp6:serverMicrosoft Windows 4.0 sp6 server
cpe:/o:microsoft:windows_xp:::embedded
cpe:/a:microsoft:distributed_transaction_coordinatorMicrosoft distributed_transaction_coordinator
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP1
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP3
cpe:/o:microsoft:windows_nt:4.0:sp4:serverMicrosoft Windows 4.0 sp4 server
cpe:/o:microsoft:windows_xp::sp1:media_centerMicrosoft windows xp_sp1 media_center
cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3Microsoft Windows 4.0 sp3
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2000::sp3:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP3
cpe:/o:microsoft:windows_nt:4.0:sp6aMicrosoft Windows 4.0 sp6a
cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP6a
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstationMicrosoft Windows 4.0 sp6a workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_2000::sp3:serverMicrosoft Windows 2000 Server SP3
cpe:/o:microsoft:windows_2000:::advanced_server
cpe:/o:microsoft:windows_nt:4.0:sp2:workstationMicrosoft Windows 4.0 sp2 workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_2000::sp4:serverMicrosoft Windows 2000 Server SP4
cpe:/o:microsoft:windows_nt:4.0Microsoft Windows NT 4.0
cpe:/o:microsoft:windows_nt:4.0:sp2Microsoft Windows 4.0 sp2
cpe:/o:microsoft:windows_2000:::datacenter_server
cpe:/o:microsoft:windows_xp:::media_center
cpe:/o:microsoft:windows_2000::sp3:professionalMicrosoft Windows 2000 Professional SP3
cpe:/o:microsoft:windows_2000::sp1:serverMicrosoft Windows 2000 Server SP1
cpe:/o:microsoft:windows_2000::sp3:advanced_serverMicrosoft Windows 2000 Advanced Server SP3
cpe:/o:microsoft:windows_xp::sp1:embeddedMicrosoft windows xp_sp1 embedded
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_nt:4.0:sp5:serverMicrosoft Windows 4.0 sp5 server
cpe:/o:microsoft:windows_2000::sp1:advanced_serverMicrosoft Windows 2000 Advanced Server SP1
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP5
cpe:/o:microsoft:windows_2000::sp2:serverMicrosoft Windows 2000 Server SP2
cpe:/o:microsoft:windows_nt:4.0:sp6:workstationMicrosoft Windows 4.0 sp6 workstation
cpe:/o:microsoft:windows_nt:4.0:sp6Microsoft Windows 4.0 sp6
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP2
cpe:/o:microsoft:windows_2000::sp4:professionalMicrosoft Windows 2000 Professional SP4
cpe:/o:microsoft:windows_2000::sp4:advanced_serverMicrosoft Windows 2000 Advanced Server SP4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1990MSDTC Denial of Service Vulnerability (Win2K)
oval:org.mitre.oval:def:1912MSDTC Denial of Service Vulnerability (XP,SP2)
oval:org.mitre.oval:def:1779MSDTC Denial of Service Vulnerability (Server 2003)
oval:org.mitre.oval:def:1295MSDTC Denial of Service Vulnerability (XP,SP1)
oval:gov.nist.fdcc.patch:def:38MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
oval:gov.nist.USGCB.patch:def:38MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1184
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1184
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-156
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/17905
(PATCH)  BID  17905
http://www.securityfocus.com/archive/1/archive/1/433425/100/0/threaded
(PATCH)  BUGTRAQ  20060509 [EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service
http://www.microsoft.com/technet/security/bulletin/ms06-018.mspx
(PATCH)  MS  MS06-018
http://www.eeye.com/html/research/advisories/AD20060509b.html
(VENDOR_ADVISORY)  MISC  http://www.eeye.com/html/research/advisories/AD20060509b.html
http://secunia.com/advisories/20000
(VENDOR_ADVISORY)  SECUNIA  20000
http://www.vupen.com/english/advisories/2006/1742
(UNKNOWN)  VUPEN  ADV-2006-1742
http://xforce.iss.net/xforce/xfdb/25558
(UNKNOWN)  XF  msdtc-message-dos(25558)
http://www.osvdb.org/25336
(UNKNOWN)  OSVDB  25336
http://securitytracker.com/id?1016047
(UNKNOWN)  SECTRACK  1016047
http://securityreason.com/securityalert/864
(UNKNOWN)  SREASON  864

- 漏洞信息

Microsoft Windows MSDTC无效内存访问 拒绝服务漏洞
中危 边界条件错误
2006-05-09 00:00:00 2006-05-10 00:00:00
远程  
        Microsoft Windows是微软发布的非常流行的操作系统。
        Windows系统的MSDTC处理某些畸形DCE-RPC请求时存在内存分配漏洞,远程攻击者可能利用此漏洞对服务器执行拒绝服务攻击。
        MS05-051中所述的MSDTC RPC漏洞利用的是MSDTCPRX.DLL中MIDL_user_allocate函数实现内存管理器的方式。该函数接收任何分配大小,但最多只能分配4KB的内存。然后RPCRT4会试图将管理数据储存到(memory address + requested size),这就可能导致修改任意内存,因为任意大小的分配尝试都会成功,但所保留的内存最多只有4KB。
        MS05-051的hotfix对分配大小设置了上限,在Windows Server 2003为0xFA8,在Windows 2000中为0xFB0。这种检查还不足以防范对所分配4KB以外内存的访问。在Windows 2000上,如果将单个BuildContextW请求的"UuidString"或"GuidIn"设置为最大字符计数0x7D0的话,就会导致默认状态的MSDTC崩溃。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx?pf=true

- 漏洞信息 (F46384)

AD20060509b.txt (PacketStormID:F46384)
2006-05-21 00:00:00
 
advisory
windows
CVE-2006-1184
[点击下载]

In July 2005, eEye Digital Security notified Microsoft of a critical vulnerability in the Distributed Transaction Coordinator service included with Windows, a report which culminated in the release of the MS05-051 hotfix on October 11th. Following its release, we observed that the hotfix only mitigated the vulnerability, reducing its maximum potential to a denial-of-service attack against the MSDTC service but failing to treat the underlying flaw, and we again reported the finding to Microsoft.

Microsoft Distributed Transaction Coordinator Denial of Service
http://www.eeye.com/html/research/advisories/AD20060509b.html

Release Date:
May 9, 2006

Date Reported:
October 11, 2005

Patch Development Time (In Days):
210   

Severity:
Low (Denial of Service)

Systems Affected:
Windows NT 4.0
Windows 2000 SP4
Windows XP SP1/SP2
Windows Server 2003

References:
This vulnerability has been assigned CVE-2006-1184

Overview:
In July 2005, eEye Digital Security notified Microsoft of a critical
vulnerability in the Distributed Transaction Coordinator service
included with Windows, a report which culminated in the release of the
MS05-051 hotfix on October 11th. Following its release, we observed that
the hotfix only mitigated the vulnerability, reducing its maximum
potential to a denial-of-service attack against the MSDTC service but
failing to treat the underlying flaw, and we again reported the finding
to Microsoft.

In short, an anonymous attacker can slightly modify an existing MSDTC
exploit and use it to crash the service, regardless of whether or not
the MS05-051 hotfix is installed.

Technical Details:
The MSDTC RPC vulnerability publicly addressed by MS05-051 took
advantage of an unusual memory manager implementation in the
MIDL_user_allocate function of MSDTCPRX.DLL, which would accept any
allocation size but would only allocate at most 4KB of memory. RPCRT4
would then attempt to store management data at (memory address +
requested size), effectively allowing arbitrary memory to be modified,
because any arbitrarily large allocation attempt would succeed while
only reserving at most 4KB.

The MS05-051 hotfix added an upper limit to the allocation size, 0xFA8
on Windows Server 2003 and 0xFB0 on Windows 2000. This check is
insufficient to prevent attempts to access memory beyond the allocated
4KB, and in fact, on Windows 2000, MSDTC in its default state may be
made to crash with a single BuildContextW request where 'UuidString' or
'GuidIn' has a maximum character count of 0x7D0.

Protection:
Retina Network Security Scanner has been updated to identify this
vulnerability. Blink - Endpoint Vulnerability Prevention - preemptively
protects from this vulnerability.

Vendor Status:
Microsoft has released a patch for this vulnerability,
http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx.

Credit:
Derek Soeder

Greetings:
The next one.

Copyright (c) 1998-2006 eEye Digital Security
Permission is hereby granted for the redistribution of this alert
electronically. It is not to be edited in any way without express
consent of eEye. If you wish to reprint the whole or any part of this
alert in any other medium excluding electronic medium, please email
alert@eEye.com for permission.

Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are no warranties, implied or express, with regard to this information.
In no event shall the author be liable for any direct or indirect
damages whatsoever arising out of or in connection with the use or
spread of this information. Any use of this information is at the user's
own risk.
    

- 漏洞信息

25336
Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability Patch / RCS
Vendor Verified

- 漏洞描述

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when the Distributed Transaction Coordinator receives a single BuildContextW request where the 'UuidString' or 'GuidIn' value has a maximum character count of 0x7D0, and will result in loss of availability for the service.

- 时间线

2006-05-09 Unknow
Unknow 2006-05-09

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Windows MSDTC Heap Buffer Overflow Vulnerability
Boundary Condition Error 17905
Yes No
2006-05-09 12:00:00 2006-05-10 07:24:00
Discovery is credited to Derek Soeder of eEye Digital Security and Kai Zhang of VenusTech.

- 受影响的程序版本

Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP Embedded SP1
Microsoft Windows XP Embedded
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 0
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Server 4.0 SP6a
+ Avaya DefinityOne Media Servers
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
+ Avaya S8100 Media Servers 0
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT 4.0 SP6a
+ Microsoft Windows NT Enterprise Server 4.0 SP6a
+ Microsoft Windows NT Enterprise Server 4.0 SP6a
+ Microsoft Windows NT Server 4.0 SP6a
+ Microsoft Windows NT Server 4.0 SP6a
+ Microsoft Windows NT Terminal Server 4.0 SP6a
+ Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT 4.0 SP6
+ Microsoft Windows NT Enterprise Server 4.0 SP6
+ Microsoft Windows NT Enterprise Server 4.0 SP6
+ Microsoft Windows NT Server 4.0 SP6
+ Microsoft Windows NT Server 4.0 SP6
+ Microsoft Windows NT Terminal Server 4.0 SP6
+ Microsoft Windows NT Terminal Server 4.0 SP6
+ Microsoft Windows NT Workstation 4.0 SP6
+ Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT 4.0 SP5
+ Microsoft Windows NT Enterprise Server 4.0 SP5
+ Microsoft Windows NT Enterprise Server 4.0 SP5
+ Microsoft Windows NT Server 4.0 SP5
+ Microsoft Windows NT Server 4.0 SP5
+ Microsoft Windows NT Terminal Server 4.0 SP5
+ Microsoft Windows NT Terminal Server 4.0 SP5
+ Microsoft Windows NT Workstation 4.0 SP5
+ Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT 4.0 SP4
+ Microsoft Windows NT Enterprise Server 4.0 SP4
+ Microsoft Windows NT Enterprise Server 4.0 SP4
+ Microsoft Windows NT Server 4.0 SP4
+ Microsoft Windows NT Server 4.0 SP4
+ Microsoft Windows NT Terminal Server 4.0 SP4
+ Microsoft Windows NT Terminal Server 4.0 SP4
+ Microsoft Windows NT Workstation 4.0 SP4
+ Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT 4.0 SP3
+ Microsoft Windows NT Enterprise Server 4.0 SP3
+ Microsoft Windows NT Enterprise Server 4.0 SP3
+ Microsoft Windows NT Server 4.0 SP3
+ Microsoft Windows NT Server 4.0 SP3
+ Microsoft Windows NT Terminal Server 4.0 SP3
+ Microsoft Windows NT Terminal Server 4.0 SP3
+ Microsoft Windows NT Workstation 4.0 SP3
+ Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT 4.0 SP2
+ Microsoft Windows NT Enterprise Server 4.0 SP2
+ Microsoft Windows NT Enterprise Server 4.0 SP2
+ Microsoft Windows NT Server 4.0 SP2
+ Microsoft Windows NT Server 4.0 SP2
+ Microsoft Windows NT Terminal Server 4.0 SP2
+ Microsoft Windows NT Terminal Server 4.0 SP2
+ Microsoft Windows NT Workstation 4.0 SP2
+ Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT 4.0 SP1
+ Microsoft Windows NT Enterprise Server 4.0 SP1
+ Microsoft Windows NT Enterprise Server 4.0 SP1
+ Microsoft Windows NT Server 4.0 SP1
+ Microsoft Windows NT Server 4.0 SP1
+ Microsoft Windows NT Terminal Server 4.0 SP1
+ Microsoft Windows NT Terminal Server 4.0 SP1
+ Microsoft Windows NT Workstation 4.0 SP1
+ Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Workstation 4.0
+ Microsoft Windows NT Workstation 4.0
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server

- 漏洞讨论

Microsoft Windows Distributed Transaction Coordinator is prone to a remote heap buffer-overflow vulnerability. This issue is due to the failure of the software to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This BID is flagged with the 'Conflicting Details' credibility rating because of the discrepancy between the vendor and the discoverer as to the possibility of remote code execution.

Microsoft states that this issue may be exploited only to disrupt the MSDTC service and any services that depend on MSDTC, but the discoverer of this issue states that it may be exploited for remote code execution.

This vulnerability affects Windows NT and Windows 2000 by default, since the service comes enabled. The vulnerability affects Windows XP and Windows Server 2003 only if the service is manually enabled.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Microsoft has released a security bulletin to address this issue.


Microsoft Windows XP Media Center Edition SP2

Microsoft Windows XP Media Center Edition SP1

Microsoft Windows Server 2003 Enterprise Edition Itanium 0

Microsoft Windows Server 2003 Standard Edition

Microsoft Windows Server 2003 Datacenter Edition Itanium 0

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Windows 2000 Advanced Server SP4

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows XP Home SP2

Microsoft Windows 2000 Datacenter Server SP4

Microsoft Windows Server 2003 Web Edition

Microsoft Windows XP Home SP1

Microsoft Windows XP Professional SP2

Microsoft Windows 2000 Server SP4

Microsoft Windows 2000 Professional SP4

Microsoft Windows XP Professional SP1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站