Skip navigation
Menu
Security

Microsoft Terminal Server 4.0 Vulnerable to DoS Attack


 Reported November 8, 2000 by CORE SDI

VERSIONS AFFECTED
  • Windows NT 4.0 Terminal Server  

DESCRIPTION

A buffer overflow in Windows NT 4.0 Terminal Server running SP6a and below has been identified to be remotely exploitable.  The overflow is present in the RegAPI.DLL that is called by MSGINA.DLL when a user attempts to login.

By entering a long username in the username edit box, a malicious user could cause the Terminal Server to crash.  When performed locally, this overflow could result in the execution of arbitrary commands.

VENDOR RESPONSE

Microsoft has released a security bulletin, MS00-0087 and a patch that is available from;

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25565

CREDIT
 Discovered by CORE SDI
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Red Hat Summit logo sign
Red Hat Touts New Automation, AI, and Security Tools
May 23, 2023
ukraine and russia flags on broken cement
NSA Gives Assessment of Cyber Threats from Russia, China, and AI
May 05, 2023
zero trust
Zero Trust Implementation for Government Agencies Starts with Cultural Change
May 02, 2023
Google logo on building
AI Pioneer Quits Google to Warn Humanity of the Tech's Existential Threat
May 02, 2023