TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
569
memory corruption vulnerability which could allow for execution of arbitrary code in the context of the service. The
Distributed Transaction Coordinator interface proxy (MSDTCPRX.DLL) functions as an RPC server that handles
requests on the interface {906B0CE0-C70B-1067-B317-00DD010662DA} v1.0. MIDL_user_allocate function
implemented in MSDTCPRX.DLL allocates a single 4KB page memory regardless of the size requested by user. By
binding to the MSDTC interface and using RPC function BuildContextW (opnum 7) with large parameter values,
buffer can be overflown when MIDL_user_allocate function allocates only 4KB of memory. Since memory is allocated
using VirtualAlloc function allocation will always succeed and return a pointer to a 4KB block, entirely disregarding
the allocation size. This only corrupts parts of memory but execution can be made possible by using another flaw in
RPC run-time library RPCRT4.DLL. In RPCRT4.DLL, the NdrAllocate function writes management data to memory
after certain RPC calls and memory allocation. Due to a failure to validate user input, it is possible for a user to write a
limited amount of data at an arbitrary, user-specified address, with certain limitations. Windows 2000 Server SP0 -
SP4, Windowx XP SP1 and Windows 2003 Server are affected by this issue. Please refer MS05-051 for patch details.
Dasher worm uses this vulnerability to compromise systems.
Signature ID: 21090
Microsoft Distributed Transaction Service Coordinator MSDTC Message Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2119 Bugtraq: 15056
Signature Description: Microsoft Distributed Transaction Coordinator (MSDTC) Service, coordinates transactions that
span multiple resource managers, such as databases, message queues and file systems. MSDTC service is prone to a
memory corruption vulnerability which could allow for execution of arbitrary code in the context of the service. The
Distributed Transaction Coordinator interface proxy (MSDTCPRX.DLL) functions as an RPC server that handles
requests on the interface {906B0CE0-C70B-1067-B317-00DD010662DA} v1.0. MIDL_user_allocate function
implemented in MSDTCPRX.DLL allocates a single 4KB page memory regardless of the size requested by user. By
binding to the MSDTC interface and using RPC function BuildContextW (opnum 7) with large parameter values,
buffer can be overflown when MIDL_user_allocate function allocates only 4KB of memory. Since memory is allocated
using VirtualAlloc function allocation will always succeed and return a pointer to a 4KB block, entirely disregarding
the allocation size. This only corrupts parts of memory but execution can be made possible by using another flaw in
RPC run-time library RPCRT4.DLL. In RPCRT4.DLL, the NdrAllocate function writes management data to memory
after certain RPC calls and memory allocation. Due to a failure to validate user input, it is possible for a user to write a
limited amount of data at an arbitrary, user-specified address, with certain limitations. Windows 2000 Server SP0 - SP4
(enabled by default), Windowx XP SP1 (locally exploitable unless default configuration adjusted then remote) and
Windows 2003 Server (locally exploitable unless default configuration adjusted then remote) are affected by this issue.
(Ref: MS05-051). Dasher worm uses this vulnerability to compromise systems. Administrators are advised to install the
updates mentioned in MS05-051.
Signature ID: 21091
Microsoft Distributed Transaction Service Coordinator MSDTC Message Buffer Overflow
Vulnerability
Threat Level: Critical
Industry ID: CVE-2005-2119
Bugtraq: 15056
Signature Description: Microsoft Distributed Transaction Coordinator (MSDTC) Service, coordinates transactions that
span multiple resource managers, such as databases, message queues and file systems. MSDTC service is prone to a
memory corruption vulnerability which could allow the execution of arbitrary code in the context of the service. The
Distributed Transaction Coordinator interface proxy (MSDTCPRX.DLL) functions as an RPC server that handles
requests on the interface {906B0CE0-C70B-1067-B317-00DD010662DA} v1.0. MIDL_user_allocate function
implemented in MSDTCPRX.DLL allocates a single 4KB page memory regardless of the size requested by user. By
binding to the MSDTC interface and using RPC function BuildContextW (opnum 7) with large parameter values,
buffer can be overflown when MIDL_user_allocate function allocates only 4KB of memory. Since memory is allocated