Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
bugtraq id 4006 may not be valid
scheidell at secnap
Feb 3, 2002, 7:04 PM
Post #1 of 1 (433 views)
Permalink
MSDTC dos attack:
bugtraq id 4006
object msdtc
class Failure to Handle Exceptional Conditions

http://www.securityfocus.com/bid/4006

(see :
tried to reproduce by sending 1024 bytes (and 2048 bytes and 10K bytes) of
random data to msdtc listeingt port 3372.
no effect.
no ms event log, service still running.
system is MS win2k, sp2, running ms sql server 7 sp2.

Methodology used: nessus security scanner:
(am I reading things reight in the advisory, and would my script do what the
advisory suggests?)

if (get_port_state(3372))
{
sock3372 = open_sock_tcp(3372);
if (sock3372)
{
send(socket:sock3372, data:crap(10000));
close(sock3372);
sleep(5);
sock3372_sec = open_sock_tcp(3372);
if (!sock3372_sec)
{
security_hole(port:3372);
}
}
}

I verified logic by starting security test and stoping the service by hand
(and it gave me positive, which is what I would have thought if I manually
stopped service during test)
--
Michael Scheidell
Secnap Network Security, LLC
(561) 368-9561 scheidell@secnap.net
Sign up Live WEBCAST Q & A : Should I migrate from IIS?
http://www.secnap.net

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal