• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Invalid RPC Request Denial Of Service Vulnerability

A denial of service condition has been reported for RPC applications that use the Sun RPC library. This vulnerability is the result of RPC applications improperly checking the size of TCP requests. RPC clients that use the Sun RPC library are expected to have TCP requests that specify the size of the record that follows. Due to a flaw in the way the RPC server handles client packets, it is possible for an attacker to send a malformed request to the RPC server.

When RPC servers receive malformed TCP requests, it results in the server failing to respond to further requests for service.