Reported July 24, 2001, by Microsoft.
VERSION AFFECTED
-
Microsoft Services for UNIX 2.0
DESCRIPTION
A
vulnerability exists in both the Telnet and NFS service components of Microsoft
Services for UNIX 2.0. An attacker can exploit the vulnerability to trigger
memory leaks in both services. By using repeated requests, a potential attacker
can cause the depletion of resources on the server, resulting in a Denial of
Service (DoS) condition.
VENDOR RESPONSE
The vendor, Microsoft, has released security bulletin MS01-039 to address this vulnerability and recommends that users apply one of the following patches that's relevant to their system:
Windows NT 4.0 NFS patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31600
Windows NT 4.0 Telnet patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31601
Windows 2000 NFS Patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31592
Windows 2000 Telnet patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31595
CREDIT
Discovered by Peter
Grundl.