Source: cve@mitre.org
Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message.
Microsoft Dynamics GP (Great Plains) versions 9.0 and earlier are vulnerable to a remote denial-of-service (DoS) attack. Attackers can send a crafted message with an invalid magic number to the Distributed Process Server (DPS), causing it to crash and become unavailable. This can disrupt critical business operations reliant on Dynamics GP, leading to significant financial and operational impact.
Step 1: Target Identification: The attacker identifies a vulnerable Microsoft Dynamics GP server, specifically versions 9.0 or earlier, with the DPS enabled and accessible over the network.
Step 2: Message Crafting: The attacker crafts a malicious DPS message. This message includes a specially crafted 'magic number' value that is invalid or outside of the expected range.
Step 3: Payload Delivery: The attacker sends the crafted DPS message to the target server, specifically to the port used by the DPS service.
Step 4: Vulnerability Trigger: The DPS server receives the malicious message and attempts to process it. Due to the invalid magic number, the DPS fails to correctly interpret the message, leading to an error condition.
Step 5: Denial of Service: The error condition causes the DPS process to crash, resulting in a denial of service. The Dynamics GP system becomes unavailable until the DPS service is restarted.
The vulnerability stems from insufficient input validation within the DPS message handling logic. Specifically, the software fails to properly validate the 'magic number' field within incoming DPS messages. The DPS, upon receiving a message, reads this field to determine the message type and how to process it. An attacker can craft a message with a malformed magic number. The DPS then attempts to process this invalid message, likely leading to an unhandled exception, memory corruption, or an attempt to access invalid memory addresses. This results in a crash of the DPS process, rendering the Dynamics GP system unavailable. The root cause is a lack of bounds checking or type validation on the magic number, allowing for an out-of-bounds read or write, which triggers the DoS condition. This is a classic example of a validation flaw leading to a denial-of-service.
Due to the age of the vulnerability, it's unlikely to be actively targeted by sophisticated APT groups. However, commodity malware or opportunistic attackers could exploit it if they identify vulnerable systems. This vulnerability is not listed on the CISA KEV catalog.
Monitor network traffic for unusual patterns or large volumes of traffic directed to the DPS port (typically TCP/UDP port 1433, or other configured ports).
Analyze server logs for DPS service crashes or error messages related to message processing or invalid data.
Implement intrusion detection systems (IDS) with rules that identify malformed DPS messages based on the invalid magic number.
Monitor system resource usage (CPU, memory) for sudden spikes or unusual behavior related to the DPS process.
Upgrade to a supported version of Microsoft Dynamics GP. This is the most effective mitigation.
If upgrading is not immediately possible, apply any available security patches or hotfixes from Microsoft.
Restrict network access to the DPS service. Implement firewall rules to limit access to only trusted IP addresses and networks.
Monitor the DPS service for unexpected crashes and implement automated restart mechanisms.
Implement a Web Application Firewall (WAF) or similar security solution in front of the application to filter malicious traffic.