ISS X-Force Database: win-rpc-dcom-dos(12679): Microsoft Windows RPC DCOM denial of service

Microsoft Windows RPC DCOM denial of service

win-rpc-dcom-dos (12679)

High Risk

Description:

Microsoft Windows is vulnerable to a denial of service. By sending a malformed message to the Distributed Component Object Model (DCOM) interface of the RPC (Remote Procedure Call) service, a remote attacker can cause the service to crash.

Platforms Affected:

HP, OpenVMS Alpha 7.3
HP, OpenVMS Alpha 7.3-1
HP, OpenVMS Alpha 7.3-2
Microsoft, Windows 2000
Microsoft, Windows 2003 Server
Microsoft, Windows NT 4.0 Terminal Server
Microsoft, Windows NT 4.0 Server
Microsoft, Windows NT 4.0 Workstation
Microsoft, Windows XP SP1

Remedy:

For Windows XP SP1, and Windows Server 2003:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-051. See References.

Note: Microsoft originally provided a patch for this vulnerability in MS03-039, but it was superseded by the patch released with MS05-012, which was superseded by the patch released with MS05-051.

For Windows 2000:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS06-018. See References.

Note: Microsoft originally provided a patch for this vulnerability in MS03-039, but it was superseded by the patch released with MS05-012 and MS05-051, which was superseded by the patch released with MS06-018.

For Windows NT:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-029. See References.

Note: Microsoft originally provided a patch for this vulnerability in MS03-039, but it was superseded by the patch released with MS04-029. See References.

For HP OpenVMS V7.3, V7.3-1, and V7.3-2:
Apply the appropriate patch for this vulnerability, as listed in Hewlett-Packard Security Bulletin HPSBOV01056. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Denial of Service

References:

BugTraq Mailing List, Sun Jul 20 2003 - 14:01:13 CDT, Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability at http://archives.neohapsis.com/archives/bugtraq/2003-07/0255.html.
CERT Advisory CA-2003-19, Exploitation of Vulnerabilities in Microsoft RPC Interface at http://www.cert.org/advisories/CA-2003-19.html.
Microsoft Security Bulletin MS03-039, Buffer Overrun In RPCSS Service Could Allow Code Execution (824146) at http://www.microsoft.com/technet/security/bulletin/ms03-039.mspx.
Microsoft Security Bulletin MS04-029, Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350) at http://www.microsoft.com/technet/security/bulletin/ms04-029.mspx.
Microsoft Security Bulletin MS05-012, Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) at http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx.
Microsoft Security Bulletin MS05-051, Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) at http://www.microsoft.com/technet/security/Bulletin/MS05-051.mspx.
Microsoft Security Bulletin MS06-018, Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) at http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx.
BID-8234: Microsoft Windows RPCSS DCOM Interface Denial of Service Vulnerability
CVE-2003-0605: The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
US-CERT VU#326746: Microsoft Windows RPC service vulnerable to denial of service

Reported:

Jul 20, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page