• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft MSDTC Service Denial of Service Vulnerability

The Microsoft Distributed Transaction Service Coordinator (MSDTC) allows for ditributed transaction processing in a clustered or distributed environment. It is installed by default on Windows 2000, as well as with Microsoft SQL Server 6.5 and higher.

It has been reported that it is possible to cause this service to crash by sending 1024 bytes of random data to its listening port, by default port 3372.

Restarting the service will reportedly allow it to resume normal operation.

The existence of this vulnerability has not been confirmed by Microsoft.

* Further reports indicate that sending approximately 20200 null bytes to the service, will cause the entire system to become unresponsive.