Windows NT 4.0 Terminal Server RegAPI.DLL Buffer Overflow

GINA stands for Graphical Identification aNd Authorization and describes an interface for the validation of logon credentials. The default implementation is MSGINA.DLL.

The MSGINA.DLL in Microsoft Windows 4.0 is responsable of performing the authentication policy of the interactive logon model, and is expected to perform all identification and authentication user interactions Microsoft Windows NT 4.0 Terminal Server ships with a remotely and locally exploitable buffer overflow in a Dynamically Linked Library (RegAPI.DLL) that MSGINA.DLL uses.

It could be exploited by entering a long string in the username field. This buffer overflow when being triggered will result in a system crash (if triggered locally) or a connection drop (if triggered remotely). By providing a specially crafted username an attacker has the ability to obtain access to the Terminal Server and execute arbitrary commands as user SYSTEM.


Privacy Statement
Copyright 2010, SecurityFocus