Bugtraq mailing list archives
SecureXpert Advisory [SX-20000620-2]
From: sxdirect () SECUREXPERT COM (SecureXpert DIRECT Sender)
Date: Fri, 30 Jun 2000 16:20:55 -0400
FSC Internet Corp. / SecureXpert Labs SecureXpert Labs Advisory [SX-20000620-2] - Multiple ports/protocols partial Denial of Service in Microsoft Windows 2000 Server Summary Multiple ports and protocols on Microsoft Windows 2000 Server are susceptible to a simple network attack which raises CPU utilization on Windows 2000 Server to 100%. Details Multiple services on Windows 2000 Server are vulnerable to a simple attack which allows remote network users to drive the CPU utilization to 100% in an extremely short period of time, at little cost to the attacker's machine. The ports that were found vulnerable include TCP ports 7, 9, 21, 23, 7778 and UDP ports 53, 67, 68, 135, 137, 500, 1812, 1813, 2535, 3456. While this attack does not cause an immediate lockup of the machine, it does cause excessive CPU resource utilization on the target machine. This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as "nc target.host 7 < /dev/zero" for the TCP variant or "nc -u target.host 53 < /dev/zero" for the UDP variant. Due to the large number of services affected, this could likely allow a very quick and easy distributed attack Status Microsoft Corp. has been informed of this vulnerability, and has assigned it incident ID# [MSRC 291]. SecureXpert Labs staff are working with Microsoft to reproduce the vulnerability and prepare a fix. Credits Mike Murray, SecureXpert Labs Max Degtyar, SecureXpert Labs Richard Reiner, SecureXpert Labs About SecureXpert DIRECT SecureXpert DIRECT is an advance security advisory service provided by SecureXpert Labs. Subscriptions are free of charge and may be obtained online at http://www.securexpert.com/services.html.
Current thread:
- Re: WuFTPD: Providing *remote* root since at least1994, (continued)
- Re: WuFTPD: Providing *remote* root since at least1994 Carson Gaspar (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Casper Dik (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Eric Hines (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Carson Gaspar (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Valentin Nechayev (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
- Multiple vulnerabilities in Sybergen Secure Desktop anders.ingeborn () INFOSEC SE (Jun 30)
- SecureXpert Advisory [SX-20000620-2] SecureXpert DIRECT Sender (Jun 30)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
- Update to Integrity Protection Driver Available IPD (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 29)
- Buggy ARP handling in Windoze Paul Starzetz (Jun 29)
- Re: Buggy ARP handling in Windoze Jurjen Oskam (Jun 29)
- Re: Buggy ARP handling in Windoze Steven Alexander (Jun 29)
- vpopmail-3.4.11 problems H D Moore (Jun 29)