Follow:

Vulnerability:Win/MSRPC.EndPointMapper.DoS!CAN-2002-1561

Severity rating
Important

Class/Type
Vulnerability

Discovered date
2003-05-13T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

The vulnerability results because the Windows RPC Endpoint Mapper does not properly check message inputs under certain circumstances.



Impact

This is a denial of service vulnerability. An attacker who successfully exploited this vulnerability could cause a remote computer to fail. However, the attacker could not modify or retrieve data or execute code of his or her choice on the remote machine.



Technical details (analysis)

The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service. An endpoint is a protocol port or named pipe on which the server application listens to for client remote procedure calls. There is a flaw in the part of RPC that deals with message exchange over TCP/IP. A failure results because of incorrect handling of malformed messages. This particular failure affects the RPC Endpoint Mapper process, which listens on TCP/IP port 135. The RPC Endpoint Mapper allows RPC clients to determine the port number currently assigned to a particular RPC service. By sending a malformed RPC message, an attacker could the RPC service on a machine to fail.



Affected software

Microsoft Windows NT 4
Microsoft Windows 2000
Microsoft Windows XP



Non-affected software

All applications not on the affected list



References




Solutions




NIS signature

Name: Vulnerability:Win/MSRPC.EndPointMapper.DoS!CAN-2002-1561
Release Date: 2003-05-13T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

BlockPort 135 at your firewall.
Internet Connection Firewall.