Unchecked Buffer Could Enable DoS Attacks

By Thomas McGuire on October 31, 2002, 12:28 PM
Issue:
Windows 2000 & Windows XP natively support Point-to-Point Tunneling Protocol (PPTP), a Virtual Private Networking technology that is implemented as part of Remote Access Services (RAS). PPTP support is an optional component in Windows NT 4.0, Windows 98, Windows 98SE, & Windows ME.

A security vulnerability results in the Windows 2000 & Windows XP implementations because of an unchecked buffer in a section of code that processes the control data used to establish, maintain & tear down PPTP connections. By delivering specially malformed PPTP control data to an affected server, an attacker could corrupt kernel memory & cause the system to fail, disrupting any work in progress on the system.

Affected Software:
Microsoft Windows 2000
Microsoft Windows XP

Patch availability:
[URL=http://www.microsoft.com/downloads/Release.asp?ReleaseID=43606]Microsoft Windows 2000[/URL]
[URL=http://www.microsoft.com/downloads/Release.asp?ReleaseID=43635]Microsoft Windows XP 32-bit[/URL]
[URL=http://www.microsoft.com/downloads/Release.asp?ReleaseID=43631]Windows XP 64-bit[/URL]

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.