Microsoft Windows 2000 RunAs service denial of service

win2k-runas-dos (7533) The risk level is classified as LowLow Risk

Description:

The RunAs service in Windows 2000 allows a user to run applications or services as another user. The RunAs service is vulnerable to a denial of service attack. If a local attacker creates a named pipe session with the authentication server without any requests for service, the attacker can cause other users to be denied access to the service. The RunAs service allows only one session per request.

Platforms Affected:

  • Microsoft, Windows 2000

Remedy:

Apply the latest Windows 2000 Service Pack (SP3 or later), when it becomes available from the Microsoft Web site. See References.

As a workaround, do no use the RunAs service.

Consequences:

Denial of Service

References:

  • Microsoft Corporation Web site, Service Packs at http://www.microsoft.com/windows2000/downloads/servicepacks/default.asp.
  • Team RADIX Research Report: RADIX1112200103, Denial of Service Vulnerability in Windows 2000 RunAs Service at http://www.camisade.com/research/reports/radix1112200103.html.
  • BID-3291: Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
  • CVE-2001-1518: RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.

Reported:

Nov 12, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page