Bugtraq mailing list archives
Microsoft ISA Server Fragmented Udp Flood Vulnerability
From: "Tamer Sahin" <ts () blackhat cc>
Date: Fri, 2 Nov 2001 19:51:40 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----[ Microsoft ISA Server Fragmented Udp Flood Vulnerability ]---- - ----[ Type A system resource is exhausted. - ----[ Summary A fragmented Udp attack through the microsoft isa server makes the system hampered by using the cpu at 100%. Meanwhile server uses processor power too much and therefore packet process ratio decreases. - ----[ Log You may reach the session log through http://www.tamersahin.net/downloads/isa.txt - ----[ Exploit opentear.c by RootShell http://www.tamersahin.net/downloads/opentear.c - ----[ Tested Windows 2000 Server + Service Pack 2 Microsoft ISA Server Enterprise Edition Full + All Fixes - ----[ Vendor Status Microsoft has been contacted. - ----[ Disclaimer Tamer Sahin is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. - ----[ Greetz bLaCkWinD, RhinoCO, nigma, CronoS, inf0, omniheurist, HuzursuZ, LuNiZ, dEtAy, Derwish, Strange Deja Vu, Nosferatu, dummy, WebEffect and you! Tamer Sahin http://www.tamersahin.net PGP Key ID: 0x63DE5F63 Fingerprint: 63D9 FBE7 7369 A9A9 1119 C80C 31D3 D363 63DE 5F63 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO+LBDDHT02Nj3l9jEQLqZwCg4AU8Vlymy7NY1QELhGCQJtzaXk0An1Yd HDDJ8gi5v4Bq4TEczZY/dZPe =glWR -----END PGP SIGNATURE-----
Current thread:
- Microsoft ISA Server Fragmented Udp Flood Vulnerability Tamer Sahin (Nov 03)
- <Possible follow-ups>
- RE: Microsoft ISA Server Fragmented Udp Flood Vulnerability Microsoft Security Response Center (Nov 08)