BID:1264

NT Login Request Size Mismatch DoS Vulnerability

Info

NT Login Request Size Mismatch DoS Vulnerability

Bugtraq ID:	1264
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	Yes
Published:	Feb 14 1998 12:00AM
Updated:	Feb 14 1998 12:00AM
Credit:	Discovered by Oliver Friedrichs, publicized in an NAI advisory released February 14, 1998.
Vulnerable:	Microsoft Windows NT 4.0 SP3 + Microsoft Windows NT Enterprise Server 4.0 SP3 + Microsoft Windows NT Enterprise Server 4.0 SP3 + Microsoft Windows NT Server 4.0 SP3 + Microsoft Windows NT Server 4.0 SP3 + Microsoft Windows NT Terminal Server 4.0 SP3 + Microsoft Windows NT Terminal Server 4.0 SP3 + Microsoft Windows NT Workstation 4.0 SP3 + Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT 4.0 SP2 + Microsoft Windows NT Enterprise Server 4.0 SP2 + Microsoft Windows NT Enterprise Server 4.0 SP2 + Microsoft Windows NT Server 4.0 SP2 + Microsoft Windows NT Server 4.0 SP2 + Microsoft Windows NT Terminal Server 4.0 SP2 + Microsoft Windows NT Terminal Server 4.0 SP2 + Microsoft Windows NT Workstation 4.0 SP2 + Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT 4.0 SP1 + Microsoft Windows NT Enterprise Server 4.0 SP1 + Microsoft Windows NT Enterprise Server 4.0 SP1 + Microsoft Windows NT Server 4.0 SP1 + Microsoft Windows NT Server 4.0 SP1 + Microsoft Windows NT Terminal Server 4.0 SP1 + Microsoft Windows NT Terminal Server 4.0 SP1 + Microsoft Windows NT Workstation 4.0 SP1 + Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT 4.0 + Microsoft Windows NT Enterprise Server 4.0 + Microsoft Windows NT Enterprise Server 4.0 + Microsoft Windows NT Server 4.0 + Microsoft Windows NT Server 4.0 + Microsoft Windows NT Terminal Server 4.0 + Microsoft Windows NT Terminal Server 4.0 + Microsoft Windows NT Workstation 4.0 + Microsoft Windows NT Workstation 4.0

Not Vulnerable:	Microsoft Windows NT 4.0 SP6 + Microsoft Windows NT Enterprise Server 4.0 SP6 + Microsoft Windows NT Enterprise Server 4.0 SP6 + Microsoft Windows NT Server 4.0 SP6 + Microsoft Windows NT Server 4.0 SP6 + Microsoft Windows NT Terminal Server 4.0 SP6 + Microsoft Windows NT Terminal Server 4.0 SP6 + Microsoft Windows NT Workstation 4.0 SP6 + Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT 4.0 SP5 + Microsoft Windows NT Enterprise Server 4.0 SP5 + Microsoft Windows NT Enterprise Server 4.0 SP5 + Microsoft Windows NT Server 4.0 SP5 + Microsoft Windows NT Server 4.0 SP5 + Microsoft Windows NT Terminal Server 4.0 SP5 + Microsoft Windows NT Terminal Server 4.0 SP5 + Microsoft Windows NT Workstation 4.0 SP5 + Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT 4.0 SP4 + Microsoft Windows NT Enterprise Server 4.0 SP4 + Microsoft Windows NT Enterprise Server 4.0 SP4 + Microsoft Windows NT Server 4.0 SP4 + Microsoft Windows NT Server 4.0 SP4 + Microsoft Windows NT Terminal Server 4.0 SP4 + Microsoft Windows NT Terminal Server 4.0 SP4 + Microsoft Windows NT Workstation 4.0 SP4 + Microsoft Windows NT Workstation 4.0 SP4

Discussion

NT Login Request Size Mismatch DoS Vulnerability

If an NT server is sent a login request where the stated size of the request does not match the actual size of the request, the server will crash with a blue screen error.

Exploit / POC

NT Login Request Size Mismatch DoS Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

NT Login Request Size Mismatch DoS Vulnerability

Solution:
Microsoft has released a patch for this issue. The patch is also included in SP4.

Microsoft Windows NT 4.0 SP3

Microsoft Q180963
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfi xes-postSP3/srv-fix

Microsoft Windows NT 4.0 SP1

Microsoft Q180963
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfi xes-postSP3/srv-fix

Microsoft Windows NT 4.0

Microsoft Q180963
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfi xes-postSP3/srv-fix

Microsoft Windows NT 4.0 SP2

Microsoft Q180963
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfi xes-postSP3/srv-fix

References

NT Login Request Size Mismatch DoS Vulnerability

References:

Q180963: Denial of Service Attack Causes Windows NT Systems to Restart (Microsoft)