Q192788: SMS: Wuser32 Leaks Memory After UDP Port 1762 Attack
Article: Q192788
Product(s): Microsoft Systems Management Server
Version(s): winnt:1.2
Operating System(s):
Keyword(s):
Last Modified: 20-MAY-2002
-------------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Systems Management Server version 1.2
-------------------------------------------------------------------------------
SYMPTOMS
========
When using a utility to send packets to UDP port 1762, the Systems Management
Server Remote Control Agent (Wuser32.exe) will rapidly allocate memory. This
will continue until either no more memory can be allocated or the Systems
Management Server Remote Control Agent is stopped.
RESOLUTION
==========
A supported fix that corrects this problem is now available from Microsoft, but
has not been fully regression tested and should be applied only to systems
experiencing this specific problem. If you are not severely affected by this
specific problem, Microsoft recommends that you wait for the next Systems
Management Server service pack that contains this fix.
To resolve this problem immediately, contact Microsoft Product Support Services
to obtain the fix. For a complete list of Microsoft Product Support Services
phone numbers and information on support costs, please go to the following
address on the World Wide Web:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS
The English version of this fix should have the following file attributes or
later:
Date Time Size File name Platform
------------------------------------------------------------
10/5/98 3:36pm 170,720 Wuser32.exe (Intel)
10/5/98 3:29pm 345,872 Wuser32.exe (Alpha)
10/5/98 3:35pm 54,112 Multprot.dll (Intel)
10/5/98 3:30pm 129,296 Multprot.dll (Alpha)
STATUS
======
Microsoft has confirmed this to be a problem in Systems Management Server
version 1.2.
MORE INFORMATION
================
To install the hotfix, perform the following steps on the Systems Management
Server site server:
1. Replace the Wuser32.exe file in the
<SMS_root_directory>\Site.srv\Maincfg.box\Client.src\<platform>.bin
directory with the hotfixed version.
2. Replace the Multprot.dll file in the
<SMS_root_directory>\Site.srv\Maincfg.box\Client.src\<platform>.bin
directory with the hotfixed version.
3. Maintenance manager will replicate the updated files to the
Logon.srv\<platform>.bin directory on the Systems Management Server
logon servers during its next work cycle. After that occurs, you can update
the clients. To update the clients, either manually run Upgrade.bat on each
client or follow the instructions in the following article in the Microsoft
Knowledge Base:
Q166771 SMS: How to Force Site-Wide Client Updates
NOTE: For consistency, Multprot.dll should also be updated in the
<SMS_root_directory>\Site.srv\<platform>.bin on the Systems
Management Server site server, as well as on any computers running the Systems
Management Server Administrator tools.
Additional query words: prodsms smsremtshoot out of virtual memory
======================================================================
Keywords :
Technology : kbSMSSearch kbSMS120
Version : winnt:1.2
Hardware : ALPHA x86
Issue type : kbbug
Solution Type : kbfix
=============================================================================
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Copyright Microsoft Corporation 1986-2002.