-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MSRPC UPnP DoS Advisory
Date: 2005-11-17
Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of a
vulnerability in the Microsoft implementation of RPC (MSRPC) that
may allow an attacker to perform a Denial of Service (DoS) attack
on an affected platform.
The Sourcefire VRT has confirmed that a rule identified as sid 4324,
released on October 12, 2005, will generate events when an attempt is
made to exploit this vulnerability via the UPnP service.
Details:
A vulnerability exists in the Microsoft RPC system that may present a
remote attacker with the opportunity to cause a DoS condition on an
affected host.
The condition is manifest when a malformed request is made to the UPnP
service in the data section of a call to the GetDeviceList function. On
processing this request, memory consumption increases to the point
where the system becomes unresponsive, repeated requests of this nature
will cause the DoS to occur.
Additional References:
Microsoft
http://www.microsoft.com/technet/security/advisory/911052.mspx
Sourcefire VRT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDfRBkMpm0ve0NhMcRApLjAJ9zPUGz+ua8B3pWdS1SlJDerhU/8ACeJG4v
pXwQqmcyWHSKjw/lxFe4C/s=
=ANYJ
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
