12048: Microsoft Windows RPC Service Denial of Service Vulnerability (DOS)

Microsoft Windows RPC Service Denial of Service Vulnerability (DOS)

General Info

	TC:	12048
	Description:	Microsoft Windows 2000 is subject to a denial of service in the RPC service (Remote Procedure Call). If the TCP port 135 is opened and accessible from the Internet a remote attacker can disable it. Sending a malformed packet to the RPC service on TCP port 135, will result in the need for a reboot for the system since the RCP service has a lot of dependencies in the system.
	TC Impact:	Denial of Service
	Service:	epmap

Specific Operations and Actions:

	Vulnerability Publication:	October 25, 2002
	Advisory Copyright:	Dave Aitel of Immunity Security
	Summary:	An unauthenticated, remote attacker could cause the RPC Endpoint Mapper to terminate, denying service to legitimate users.
	Risk:	Medium
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
	CVSS 2.0 Base Score:	5.0

	Vulnerability Impact:	Denial of Service

	Host Impact:	Denial of service. Restart of host is necessary.
	Nature of Remediation:	Update the software.

Step required to fix the reported vulnerability:

***** Solution type: Upgrade Software *****

Microsoft has issued fixes for Windows 2000 and XP. They state that they will not be releasing fixes for Windows NT 4.0.
The Windows 2000 patches can be applied to systems that already have Service Pack 2 or 3.
The Windows XP patches can be applied to Gold and Service Pack 1 systems.
The patches provided in MS03-010 may cause problems for users of the COM+ packages in an IIS environment. Specifically, ASP transactions with COM+ may have some issues. Affected users are advised to contact PSS and ask for 814119.

A possible workaround is to disable remote access TCP port 135.

See references for more details.

Glossary and References :

	References:
	* BUGTRAQ: 20021018 [Immunity, Inc.]Vulnerability: RPC Service DoS (port 135/tcp) onWindows 2000 SP3 http://www.securityfocus.com/archive/1/296114/2002-10-14/2002-10-20/0 * MS: MS03-010 http://www.microsoft.com/technet/security/bulletin/MS03-010.asp * CERT-VN: VU#261537 http://www.kb.cert.org/vuls/id/261537 * BID: 6005 http://www.securityfocus.com/bid/6005 * OVAL: oval:org.mitre.oval:def:59 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:59

	CVE Link:	CVE-2002-1561

	Glossary:	Denial of Service RPC

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)