Microsoft Windows NT 4.0/2000 - LPC Zone Memory Depletion Denial of Service

EDB-ID:

20255

CVE:





Platform:

Windows

Date:

2000-10-03


source: https://www.securityfocus.com/bid/1745/info

LPC (Local Procedure Call) is a message-passing service that allows threads and processes to communicate with each other on a local machine as opposed to RPC (Remote Procedure Call) that takes place between different hosts. LPC allocates memory from a pool specifically for message-storage into what is known as the LPC Zone. If the LPC Zone allocated memory cannot handle the volume of messages received, then memory is transferred from the kernel to the LPC Zone. Under normal circumstances, the memory should be diverted back to the kernel from the LPC Zone once it is no longer in use. However, creating a specially malformed request can cause the memory to be withheld by the LPC Zone which could eventually utilize all of the kernel's memory resources if this action was repeated.

Reboot of the system is required in order to regain normal functionality.

This vulnerability can only be launched against a machine a user can interactively log onto, therefore remote exploitation is not possible.

start porttool -s6 \BaseNamedObjects\Foo
porttool -c6 \BaseNamedObject\Foo 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20254.zip