NT SetThreadPriority() hole
| Description: | NT SetThreadPriority call resets a Thread's time quantum, possibly allowing the process to run forever and hog available resources. |
| Author: | ntinternals.com |
| Compromise: | NT local DoS |
| Vulnerable Systems: | Windoze NT |
| Date: | 19 October 1997 |
Date: Sun, 19 Oct 1997 05:37:14 +0200
From: Roger Espel Llima <espel@LLAIC.U-CLERMONT1.FR>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: WinNT syscalls insecurity
On Sun, Oct 19, 1997 at 04:02:34AM -0300, Solar Designer wrote:
> Here's some [already known] information to make sure everyone understands
> the stuff I'll be talking about. More information can be found at sites
> like www.ntinternals.com.
and if your message wasn't enough to convince us that NT is a joke of
an OS, here's a snippet from http://www.ntinternals.com./tips.htm :
| Never-ending Quantum?
|
| In NT, as with most time-sharing operating systems, threads run in turns
| called quantums. Normally, a thread executes until its quantum runs out.
| The next time it is scheduled it starts with a full quantum. However, in
| NT a thread also gets its quantum refreshed every time its thread or
| process priority is set. This means that a thread can reset its quantum
| by calling SetThreadPriority (without changing its priority) before its
| turn runs out. If it continues to do this it will effectively have an
| infinite quantum. Why does NT do this? Its not clear, but it appears to
| be a bug.
can we say easy DoS?
--
Roger Espel Llima
espel@llaic.univ-bpclermont.fr, espel@unix.bigots.org
http://www.eleves.ens.fr:8080/home/espel/index.html
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources:
