HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-37
Microsoft Distributed Transaction Coordinator Heap Overflow Vulnerability

Original Issue Date: May 10, 2006

Severity Rating: Medium

Systems Affected

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 for Itanium-based Systems

Overview

Two vulnerabilities have been reported in Microsoft Distributed Transaction Coordinator (MSDTC). These vulnerabilities could be exploited by attacker to launch a denial of service attack.

Description

MDTC is a transaction manager which permits client application to include several different sources of data in one transaction and which then coordinates committing the distributed transaction across all the server that are enticed in the transaction. Some of the application such as Microsoft's Personal Web Server, and Microsoft SQL Server uses this service. The following vulnerabilities have been reported in MSDTC.

MSDTC Invalid Memory Access Vulnerability (CVE-2006-0034)

This vulnerability is caused due to an unchecked buffer in the CRpcIoManagerServer::BuildContext function of MSDTCPRX.DLL file of MSDTC. This function could accept specially crafted network messages. This is a heap based buffer overflow vulnerability.

This vulnerability could be exploited by an remote attacker by sending specially crafted network messages to the affected system and could cause the affected system to stop responding. It may be noted that exploitation of this vulnerability does not allow the execution of arbitrary code.

MSDTC Denial of Service Vulnerability (CVE-2006-1184)

This vulnerability is caused due to an unchecked buffer in the MIDL_user_allocate function of MSDTCPRX.DLL file of MSDTC. This function could accept specially crafted network messages.

This vulnerability could be exploited by an remote attacker by sending specially crafted network messages to the affected system and could cause the affected system to stop responding but it does not allow the execution of arbitrary code.


Workaround

Disable the Distributed Transaction Coordinator to help protect the affected system from attempts to exploit this vulnerability

Solution:

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-018

Vendor information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx

References

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx

Secunia
http://secunia.com/advisories/20000

Frsirt
http://www.frsirt.com/english/advisories/2006/1742

eEye Digital security http://www.eeye.com/html/research/advisories/AD20060509a.html http://www.eeye.com/html/research/advisories/AD20060509b.html

CVE Name

 CVE-2006-0034
CVE-2006-1184

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91 11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003