what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

win2k.lanman.txt

win2k.lanman.txt
Posted Apr 23, 2002
Authored by Peter Grundl

Windows 2000 microsoft-ds Denial of Service - The default LANMAN registry settings on Windows 2000 could allow a malicious user, with access to TCP port 445 on your Windows 2000, to cause a Denial of Service on Windows 2000 server, advanced server, and processional with SP0, SP1, and SP2. An attack could be something as simple as sending a continuous stream of 10k null chars to TCP port 445.

tags | denial of service, registry, tcp
systems | windows
SHA-256 | 7fe2f78f85a4b46727a496296575d34dab9432bafa9cfa3c252c2610e27d4ae9

win2k.lanman.txt

Change Mirror Download
--------------------------------------------------------------------

-=>Windows 2000 microsoft-ds Denial of Service<=-
courtesy of KPMG Denmark

BUG-ID: 2002011
Released: 17th Apr 2002
--------------------------------------------------------------------
Problem:
========
The default LANMAN registry settings on Windows 2000 could allow a
malicious user, with access to TCP port 445 on your Windows 2000, to
cause a Denial of Service.


Vulnerable:
===========
- Windows 2000 Server (SP0, SP1, SP2)
- Windows 2000 Advanced Server (SP0, SP1, SP2)
- Windows 2000 Professional (SP0, SP1, SP2)


Details:
========
Sending malformed packets to the microsoft-ds port (TCP 445) can
result in kernel ressources being allocated by the LANMAN service.
The consequences of such an attack could vary from the Windows
2000 host completely ignoring the attack to a blue screen.

An attack could be something as simple as sending a continuous
stream of 10k null chars to TCP port 445.

The most common symptoms would be that the LANMAN service would
allocate a lot of kernel memory, until a point, where very few
applications would be able to run. The routine that draws windows
would commence to draw incomplete windows, the warning "beep"
would be replaced by an error stating that the sound driver could
not be loaded. Internet Information Server would no longer be
able to service .asp pages, attempts to reboot the server (as
administrator) would result in the error "You do not have
permissions to shutdown or restart this computer.", aso.

It would frequently be possible to cause the system service
to enter a state where it constantly used 100% CPU usage.
A PC was left in this state over the weekend, to see if it
would recover on it's own. It did not recover.


Vendor URL:
===========
You can visit the vendors webpage here: https://www.microsoft.com


Vendor response:
================
The vendor was contacted mid-October, 2001. The vendor released a
Q-article, describing the problem and possible solutions on the 11th
of April, 2002. KPMG was notified of the publication on the 17th of
April, 2002.


Corrective action:
==================
The vendor has suggested two possible solutions, available here:
https://support.microsoft.com/default.aspx?scid=kb;en-us;Q320751


Author: Peter Gründl (pgrundl@kpmg.dk)

--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close