[Am-info] Win2K DCOM clients leak memory data
Fred A. Miller
fm@cupserv.org
Fri, 05 Apr 2002 14:33:39 -0500
Win2K DCOM clients leak memory data
An advisory has surfaced that indicates the Windows 2000 DCOM client
will include a small chunk of arbitrary memory (and any data within
it) in remote requests. This could lead to an information exposure,
depending on what data is contained in the memory when sent.
This vulnerability is confirmed; a fix is included in the Windows
2000 SRP1.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-04/0005.html
--
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
--- SuSE Linux v7.3 Pro---