Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows :: hack4166.htm

NT4 RPC server memory leak and DoS
BindView Advisory: Memory Leak and DoS in NT4 RPC server

BindView Security Advisory
Remote anonymous attackers can read large amounts of memory from and/or 
crash any NT4 RPC server
Issue Date: 12Oct2004
Author:  Todd Sabin
A flaw in rpc__mgmt_inq_stats allows attackers to retrieve memory from and
crash NT4 RPC servers.
Due to a flaw in the implementation of a standard RPC interface,
attackers can retrieve large amounts of the memory from the address
space of NT4 RPC servers.  In addition to retrieving memory, it is
possible to crash any NT4 RPC server by asking for extremely large
amounts of memory, the RPC server will attempt to read from
inaccessible parts of memory, causing an exception, and the
termination of the RPC server.
Affected Systems:
All NT4 systems running RPC servers
Anonymous attackers can crash any RPC server.  This includes the SAM
and LSA, the main RPC service, the Server service, etc.  Many
applications are also based on RPC or support it, including Exchange
and SQL Server.
In addition to crashing servers, an attacker can read large amounts of
memory from the address space of the servers.  Depending on the
server, this may result in the disclosure of sensitive information.
For example, during testing against the LSA of an NT4 domain
controller, the Administrator's password hash was retrieved.
As per the guidelines as set forth in the Organization for Internet 
Safety, BindView will not be releasing technical details about this flaw 
for 30 days. See for more details on these 

None known
Install the patch from Microsoft. 

 CVE Name: CAN-2004-0569
 The mgmt interface. 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH