Flaw in NNTP could paralyze Windows systems

From...

By Joris Evers

(IDG) -- A flaw in the Network News Transport Protocol (NNTP) service in Microsoft's Windows NT and Windows 2000 could allow attackers to paralyze the server, Microsoft said in a security bulletin.

An attacker could deplete the system's memory, effectively bringing it to a standstill, by sending malformed postings to the NNTP service, Microsoft said in its first security alert after the large-scale Code Red alarm (see story). This type of flaw is called a memory leak.

The NNTP flaw, a denial-of-service vulnerability, doesn't allow attackers to gain control of the system or get access to any data on the system, Microsoft said.

Visit an IDG site Choose a site: IDG.net CIO Computerworld Darwin Dummies.com GamePro.com The Industry Standard ITWorld.com InfoWorld.com JavaWorld LinuxWorld Macworld Online Network World Fusion PC World Publish.com UnixInsider IDG.net search

NNTP is a standard protocol that specifies a method for posting, distributing, searching and archiving news articles on the Internet. The technology is used, for example, for the Internet discussion group, or newsgroup, service known as Usenet.

Microsoft's NNTP service is installed by default on Windows 2000 servers and is run by default on Windows NT 4.0 if the Option Pack is installed. However, no groups are set up by default and a system is only vulnerable if newsgroups are configured and set up to accept postings, Microsoft said.

An affected Windows NT 4.0 system can be restored by rebooting it, while Windows 2000 systems are designed to automatically restore service, Microsoft said.

A patch to fix the flaw is available from Microsoft's TechNet Web site.