[security-alerts] FW: [SA23487] Windows Workstation Service NetrWkstaUserEnum Denial of Service

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> ----------------------------------------------------------------------
> 
> TITLE:
> Windows Workstation Service NetrWkstaUserEnum Denial of Service
> 
> SECUNIA ADVISORY ID:
> SA23487
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/23487/
> 
> CRITICAL:
> Not critical
> 
> IMPACT:
> DoS
> 
> WHERE:
> From local network
> 
> OPERATING SYSTEM:
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> 
> DESCRIPTION:
> h07 has discovered a weakness in Microsoft Windows, which can be
> exploited by malicious people to cause a DoS (Denial of Service).
> 
> The weakness is caused due to an error in the Workstation service
> when handling NetrWkstaUserEnum RPC requests with a large value in
> the maxlen field.
> 
> Successful exploitation causes svchost.exe to consume a large amount
> of memory and may result in the system becoming temporarily
> unresponsive.
> 
> The weakness is confirmed on a fully patched Windows XP SP2 system
> and has also been reported in Windows 2000 SP4.
> 
> SOLUTION:
> Filter NetrWkstaUserEnum RPC requests with a large maxlen value.
> 
> PROVIDED AND/OR DISCOVERED BY:
> h07
> 
> ORIGINAL ADVISORY:
> http://milw0rm.com/exploits/3013
>