Info

Disclosure

Jul 30, 2001

Discovery

Unknown

Dates

Exploit

Jul 30, 2001

Solution

Unknown

Description

Windows, Exchange and SQL Server contain a flaw that may allow a remote denial of service. The issue is triggered when sending a large stream of NULL requests to every interface supported by a DCE/RPC server, and will result in loss of availability for the platform.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	SQL Server	2000
	SQL Server	7.0
	Exchange Server	5.0
		5.5 SP3
		5.5 SP2
		5.5 SP1
		5.5
	Windows	NT 4.0 SP5
		NT 4.0 SP6
		2000 Server SP1
		NT 4.0 SP1
		2000 Pro SP1
		2000 Server
		2000 Server SP2
		NT 4.0 SP2
		2000 Pro SP2
		NT 4.0
		NT 4.0 SP3
		NT 4.0 SP4
		2000 Pro

References

Security Tracker: 1002104 1002105 1002106
CVE ID: 2001-0509 (see also: NVD)
Bugtraq ID: 3104
ISS X-Force ID: 6914 7526 7527 7528
Other Advisory URL: http://oval.mitre.org/oval/definitions/pseudo/OVAL82.html
http://www.bindview.com/Support/RAZOR/Advisories/2001/adv_DCE_RPC_DoS.cfm
CIAC Advisory: l-126
Microsoft Security Bulletin: MS01-041

Credit

Todd Sabin - tsabinrazor.bindview.com - Bindview RAZOR

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

SQL Server

Exchange Server

Windows

References

Credit