[SA14061] Windows Registry Key Locking Denial of Service

http://secunia.com/advisories/14061/

Secunia Advisory:	SA14061
Release Date:	2005-01-31

Critical:	Not critical
Impact:	DoS
Where:	Local system
Solution Status:	Unpatched

OS:	Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows NT 4.0 Server Microsoft Windows NT 4.0 Server, Terminal Server Edition Microsoft Windows NT 4.0 Workstation Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP Home Edition Microsoft Windows XP Professional
	Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description: Vladimir Kraljevic has reported a security issue in Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The problem is that only a certain number of handles can be opened on a registry key. This can be exploited to prevent other users from logging on both locally and remotely via terminal services by opening a large amount of handles on the "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" registry key and not closing them again. Solution: Grant only trusted users access to affected systems. Provided and/or discovered by: Vladimir Kraljevic

Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Send Feedback to Secunia:

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback is most welcome.

Found: 115 Related Secunia Security Advisories, displaying 10

- Microsoft Windows Indexing Service Buffer Overflow Vulnerability

- Microsoft Windows Multiple Vulnerabilities

- Windows XP Firewall Dial-Up Security Issue

- Microsoft Windows WINS "Name" Validation Vulnerability

- Microsoft Windows Kernel and LSASS Privilege Escalation Vulnerabilities

- Microsoft Windows HyperTerminal Buffer Overflow Vulnerability

- Microsoft Windows NT DHCP Buffer Overflow Vulnerabilities

- Microsoft Word for Windows Converter Buffer Overflow Vulnerabilities

- Microsoft Windows WINS Replication Packet Handling Vulnerability

- Microsoft Windows Shell and Program Group Converter Vulnerabilities

Show all related advisories

Trackbacks

No Trackbacks

Comments

No Comments

Recent Posts

Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.

Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Original theme designed by Styleshout and imported by Keyvan Nayyeri