Revised: Microsoft Security Bulletin - MS01-041

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 04/25/02

Date:         Thu, 25 Apr 2002 03:07:42 -0400
From: Russ <Russ.Cooper@RC.ON.CA>

This bulletin has been revised.
V1.0 (July 26, 2001): Bulletin Created.
V1.1 (April 24, 2002): Bulletin updated to advise availability of Windows NT 4.0 Server, Terminal Server Edition Security Rollup Package

Original bulletin details follow;

Malformed RPC Request Can Cause Service Failure

Originally posted: July 26, 2001


Who should read this bulletin: System administrators using Microsoft® Windows NT® 4.0, Windows® 2000, SQL Server(tm), or Exchange Server.

Impact of vulnerability: Denial of service

Recommendation: System administrators consider applying the patches for any affected products they have installed.

Affected Software:
- Microsoft Exchange Server 5.5
- Microsoft Exchange Server 2000
- Microsoft SQL Server 7.0
- Microsoft SQL Server 2000
- Microsoft Windows NT 4.0
- Microsoft Windows 2000

Technical description:

Several of the RPC servers associated with system services in Microsoft Exchange, SQL Server, Windows NT 4.0 and Windows 2000 do not adequately validate inputs, and in some cases will accept invalid inputs that prevent normal processing. The specific input values at issue here vary from RPC server to RPC server.

An attacker who sent such inputs to an affected RPC server could disrupt its service. The precise type of disruption would depend on the specific service, but could range in effect from minor (e.g., the service temporarily hanging) to major (e.g., the service failing in a way that would require the entire system to be restarted).

Mitigating factors:
- Proper firewalling would help minimize an affected system's exposure to attack by Internet-based users. In general, a firewall should block access to all RPC services except those that are specifically intended for use by untrusted users.

Vulnerability identifier: CAN-2001-0509

This email is sent to NTBugtraq automatically as a service to my subscribers. Since its programmatically created, and since its been a long time since anyone paid actual money for my programming skills, it may or may not look that good...;-]

I can only hope that the information it does contain can be read well enough to serve its purpose.

Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

Relevant Pages