Microsoft Windows 2000 and XP RPC race condition
| win-rpc-race-condition (13426) |  Medium Risk |
Description:
Microsoft Windows is vulnerable to a denial of service, caused by a multi-threaded race condition when handling Remote Procedure Call (RPC) requests. If two threads process the same request, memory corruption could occur, which would result in a denial of service. A remote attacker could send multiple RPC requests to cause the RPC service to crash.
Consequences:
Denial of Service
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-051. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-012, but it was superseded by the patch released with MS05-051.
For Windows 2000:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS06-018. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS04-012, but it was superseded by the patch released with MS05-051, and then superseded by the patch released with MS06-018. See References.
References:
- CIAC Information Bulletin O-115: Microsoft Cumulative Update for RPC/DCOM.
- Internet Security Systems Security Advisory, October 14, 2003: Microsoft RPC Race Condition Denial of Service.
- Internet Security Systems Security Alert, April 13, 2004: Multiple Vulnerabilities in Microsoft Products.
- Microsoft Security Bulletin MS04-012: Cumulative Update for Microsoft RPC/DCOM (828741).
- Microsoft Security Bulletin MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400).
- Microsoft Security Bulletin MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580).
- BID-8811: Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability
- CVE-2003-0813: A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
- US-CERT VU#547820: Microsoft Windows DCOM/RPC vulnerability
Platforms Affected:
- Microsoft Windows 2000
- Microsoft Windows XP
Reported:
Oct 14, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net