Bugtraq mailing list archives
BindView Security Advisory: jolt2 - Remote DoS against NT, W2K, 9x
From: tsabin () RAZOR BINDVIEW COM (BindView Security Advisory)
Date: Fri, 19 May 2000 20:20:21 -0400
BindView Security Advisory -------- Jolt2 - Remote Denial of Service attack against Windows 2000, NT4, and Win9x Issue Date: May 19, 2000 Contact: <tsabin () razor bindview com> Topic: Fragmented IP packets cause denial of service Overview: Sending large numbers of identical fragmented IP packets to a Windows 2000, NT4, or Win9x host may cause the target to lock-up for the duration of the attack. Affected Systems: Windows 2000, Windows NT4, and Win9x. Impact: The CPU utilization on the target goes to 100% for the duration of the attack. This causes both the UI and network interfaces to lock up. During testing a target was observed to BSOD, but this was not reproducible, and it's not clear that it was actually related to the attack. Details: Send identical fragmented IP packets to the target at the rate of approximately 150 packets per second. The contents of the packet do not appear to matter greatly. Our testing was mostly done with ICMP packets, however the problem is not specific to ICMP. Workarounds: Filter fragmnented IP packets at your routers, if possible. Recommendations: Apply Microsoft's hotfix. Credits: This vulnerability was discovered by Dmitri Netes of BindView's HackerShield development team. CVE: The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2000-0305 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. References: Microsoft's security bulletin: http://www.microsoft.com/technet/security/bulletin/ms00-029.asp Microsoft's Hotfix: Windows NT 4.0 Workstation, Server and Server, Enterprise Edition: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20829 Windows NT 4.0 Server, Terminal Server Edition: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20830 Windows 2000 Professional, Server and Advanced Server: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20827 Windows 95: http://download.microsoft.com/download/win95/update/8070/w95/EN-US/259728USA5.EXE Windows 98: http://download.microsoft.com/download/win98/update/8070/w98/EN-US/259728USA8.EXE Microsoft's Knowledge Base article: http://www.microsoft.com/technet/support/kb.asp?ID=Q259728 (may take a couple days to appear)
Current thread:
- RFP2K05: NetProwler vs. RFProwler, (continued)
- RFP2K05: NetProwler vs. RFProwler rain forest puppy (May 19)
- Key Generation Security Flaw in PGP 5.0 gec () ACM ORG (May 23)
- Filesystem vulnerability in AIX salme () US IBM COM (May 23)
- Re: RFP2K05: NetProwler vs. RFProwler Pedro Quintanilha (May 23)
- Security Vulnerability in Qpopper 2.53 (Upgrade to 3.0.2) Qpopper Support (May 23)
- Remote xploit for MDBMS |[TDP]| (May 24)
- HP Web JetAdmin Version 6.0 Remote DoS attack Vulnerability Ussr Labs (May 24)
- Re: RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 19)
- revised patches for kerberos vulnerability Tom Yu (May 19)
- Microsoft Security Bulletin (MS00-029) Microsoft Product Security (May 19)
- BindView Security Advisory: jolt2 - Remote DoS against NT, W2K, 9x BindView Security Advisory (May 19)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 17)
- KNapster Vulnerability Compromises User-readable Files Tom Daniels (May 10)
- Gnapster Vulnerability Compromises User-readable Files Jim Early (May 10)
- Possible symlink problems with Netscape 4.73 foo (May 10)
- SSH Authentication Vulnerability John P. McNeely (May 10)
- Re: [cert] SSH Authentication Vulnerability Ignacio Kadel-Garcia (May 11)
- Black Watch Labs Vulnerability Alert Black Watch Labs (May 10)
- issues with free Perl CGI's (Re: Black Watch Labs...) Peter W (May 10)
- Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Frank van Vliet (May 10)
- Re: Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Todd C. Miller (May 10)