[Dailydave] SrvSvc DoS confirmed
Dave Aitel
dave at immunitysec.com
Tue Nov 22 13:27:34 EST 2005
Well, I can confirm (as can anyone in our Partner's program) that the
srvsvc DoS works against up2date XP SP2, or at least, that it works
against Justine's laptop. I'm fairly impressed with how well XP SP2
handles a memory overload attack. It chugs along even with no ram left
quite well. I can only imagine they have all the ram they need to run
explorer and the desktop pre-allocated and you can't kick it out. Things
get pretty choppy, of course, but it's at least...viewable. I think a
few processes died maybe. It's hard to tell.
So to sum up:
XP SP2 is vulnerable to a memory denial of service from remote anonymous
users via named pipes or other MSRPC. This is a lopsided attack and not
a simple memory leak - I don't have to send millions of bytes, just
about a hundred, and the target allocates as much ram as I want it to
and then gets "funny". I imagine this is more annoying (aka
catastrophic) if you're trying to run an Exchange server or something. I
haven't tested on 2003 yet. That's next. :>
The srvsvc attack also works against the Win2K image I tested.
-dave
More information about the Dailydave
mailing list