header-logo
Suggest Exploit
vendor:
N/A
by:
SecurityFocus
7.2
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

LPC Zone Memory Allocation Vulnerability

LPC (Local Procedure Call) is a message-passing service that allows threads and processes to communicate with each other on a local machine as opposed to RPC (Remote Procedure Call) that takes place between different hosts. LPC allocates memory from a pool specifically for message-storage into what is known as the LPC Zone. If the LPC Zone allocated memory cannot handle the volume of messages received, then memory is transferred from the kernel to the LPC Zone. Under normal circumstances, the memory should be diverted back to the kernel from the LPC Zone once it is no longer in use. However, creating a specially malformed request can cause the memory to be withheld by the LPC Zone which could eventually utilize all of the kernel's memory resources if this action was repeated. Reboot of the system is required in order to regain normal functionality. This vulnerability can only be launched against a machine a user can interactively log onto, therefore remote exploitation is not possible.

Mitigation:

Reboot of the system is required in order to regain normal functionality.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1745/info

LPC (Local Procedure Call) is a message-passing service that allows threads and processes to communicate with each other on a local machine as opposed to RPC (Remote Procedure Call) that takes place between different hosts. LPC allocates memory from a pool specifically for message-storage into what is known as the LPC Zone. If the LPC Zone allocated memory cannot handle the volume of messages received, then memory is transferred from the kernel to the LPC Zone. Under normal circumstances, the memory should be diverted back to the kernel from the LPC Zone once it is no longer in use. However, creating a specially malformed request can cause the memory to be withheld by the LPC Zone which could eventually utilize all of the kernel's memory resources if this action was repeated.

Reboot of the system is required in order to regain normal functionality.

This vulnerability can only be launched against a machine a user can interactively log onto, therefore remote exploitation is not possible.

start porttool -s6 \BaseNamedObjects\Foo
porttool -c6 \BaseNamedObject\Foo 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20254.zip

Navigation

Suggest Exploit

Services By CQR