Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Malformed RPC Request Can Cause Service Failure

Malformed RPC Request Can Cause Service Failure

by phiber on July 27th, 2001 Several of the RPC servers associated with system services in Microsoft Exchange, SQL Server, Windows NT 4.0 and Windows 2000 do not adequately validate inputs, and in some cases will accept invalid inputs that prevent normal processing. The specific input values at issue here vary from RPC server to RPC server.


An attacker who sent such inputs to an affected RPC server could
disrupt its service. The precise type of disruption would depend on
the specific service, but could range in effect from minor (e.g., the
service temporarily hanging) to major (e.g., the service failing in a
way that would require the entire system to be restarted).


Workaround:

Proper firewalling would help minimize an affected system's exposure to attack by Internet-based users. In general, a firewall should block access to all RPC services except those that are specifically intended for use by untrusted users.


Patch:
A patch is available to fix this vulnerability. Please read the Security Bulletin for information on obtaining this patch.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »