The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Windows: denial of service of NetrWkstaUserEnum

Synthesis of the vulnerability 

A network attacker can use a RPC request calling NetrWkstaUserEnum() in order to use a large amount of memory.
Impacted products: Windows 2000, Windows XP.
Severity of this bulletin: 2/4.
Creation date: 27/12/2006.
Références of this threat: CVE-2006-6723, VIGILANCE-VUL-6423.

Description of the vulnerability 

The NetWkstaUserEnum() function lists information about all users currently logged on:
  NET_API_STATUS NetWkstaUserEnum([...], DWORD prefmaxlen, [...]);
This function is provided by the "Workstation service" (wkssvc.exe) and is available via RPC.

The "prefmaxlen" parameter indicates the maximal size of received data. The size requested by the attacker is allocated by the system before being filled by data. There is no imposed limit.

An attacker can thus connect to the 445/tcp port and use a NetWkstaUserEnum() RPC query in order to consume memory of computer.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security vulnerability impacts software or systems such as Windows 2000, Windows XP.

Our Vigil@nce team determined that the severity of this computer weakness bulletin is medium.

The trust level is of type confirmed by a trusted third party, with an origin of intranet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this security note.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computers vulnerabilities patch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.