home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacks & Cracks
/
Hacks_and_Cracks.iso
/
hackersclub
/
km
/
news
/
1996
/
dec
/
hack26.txt
< prev
next >
Wrap
Text File
|
1998-03-25
|
6KB
|
91 lines
December 18, 1996 5:45 PM ET
NT vulnerable to attack on CPU
By Eamonn Sullivan
Errors in the way Windows NT schedules concurrently
running applications leave it vulnerable to a simple, but
very effective, denial of service attack, according to a
Windows NT expert.
"This is a wide-open hole just waiting for exploitation by
an ActiveX control," said Mark Russinovich, a
consulting associate with Open Systems Resources
Inc. who discovered the vulnerability this week. The flaw
is particularly serious, since it can be easily exploited
by an ActiveX control or by a Netscape plug-in.
Russinovich wrote a simple utility that, while running
with no special security privileges, is able to take
complete control of any Windows NT server or
workstation, rendering it useless for any other
applications. The algorithm used by Windows NT to
protect itself against such CPU-hogging attacks
appears to be seriously flawed and ineffective,
Russinovich said.
The source code for the utility, which is called CpuHog,
is available on the Web at www.ntinternals.com.
How it works
Basically, Russinovich's program exploits a
vulnerability in the way Windows NT schedules the
execution of processes.
Applications can set their own priority level, which
affects how often Windows NT allows those
applications to run. An application running under a user
account with administrative privileges can set its
priority to any of 32 levels, with the highest level giving it
more time slices. Applications running under accounts
without administrative privileges can set their priority to
any of the first 16 of those levels.
CpuHog sets its priority to the highest level available,
which is level 16 when run by a normal user. Windows
NT attempts to deal with CPU-hogging applications by
boosting the priority of other applications. However,
Russinovich found that Windows NT will only boost
applications as high as level 15. Thus, all other
applications - even system utilities such as Task
Manager - never get a chance to execute while
CpuHog is running.
PC Week Labs was able to duplicate Russinovich's
findings. When run on Windows NT 4.0, for example,
the only way to regain control once CpuHog was
executed was to reset the PC.
Old problem
Hogging the CPU is one of the oldest known forms of
denial of service attack. So old, in fact, that many
operating systems have developed a defense. Many
forms of Unix allow administrators to set limits on CPU
usage by user - limiting any one user to 50 percent of
available CPU cycles, for example.
Almost all forms of Unix also automatically decrease
the priority of the highest-priority processes when
applications become starved for CPU time, which is
the opposite of what Windows NT does.
Russinovich said Microsoft could get around the
problem fairly easily in one of two ways: Either increase
the maximum priority given to other, CPU-starved
applications above level 15, or increase the priority of
the Task Manager above level 16, so that it can be
used to end CPU-hogging applications.
Microsoft officials contacted for this story did not have
a comment, other than to say they are researching the
problem.
Copyright(c) 1996 Ziff-Davis Publishing Company. All rights reserved. Reproduction in
whole or in part in any form or medium without express written permission of Ziff-Davis
Publishing Company is prohibited. PC Week and the PC Week logo are trademarks of
Ziff-Davis Publishing Company. PC Week Online and the PC Week Online logo are
trademarks of Ziff-Davis Publishing Company.