ID

VAR-200005-0006


CVE

CVE-2000-0305


TITLE

IP Packet Fragment Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200005-076

DESCRIPTION

Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. CPU utilization will return to normal after the attack has ceased. In some cases, this attack could produce a blue screen of death. An analysis of the exploit was posted to BugTraq on May 26, 2000 by Mikael Olsson <mikael.olsson@enternet.se>. He concludes that the DoS initated by this attack may not be related to IP fragmentation but rather to resource exhaustion and a problem in filtering bad packets by Microsoft Windows. See the message references by Mikael Olsson for a further interpretation of the mechanism of this attack

Trust: 1.35

sources: NVD: CVE-2000-0305 // BID: 1236 // VULHUB: VHN-1884 // VULMON: CVE-2000-0305

AFFECTED PRODUCTS

vendor:microsoftmodel:windows ntscope:eqversion:4.0

Trust: 1.6

vendor:bemodel:beosscope:eqversion:5.0

Trust: 1.3

vendor:microsoftmodel:windows 95scope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:windows 2000scope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:windows 98scope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:terminal serverscope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:windows 98scope:eqversion:gold

Trust: 0.6

vendor:microsoftmodel:windows 95scope: - version: -

Trust: 0.6

vendor:microsoftmodel:terminal serverscope: - version: -

Trust: 0.6

vendor:microsoftmodel:windows 2000scope: - version: -

Trust: 0.6

vendor:microsoftmodel:windows nt workstation sp6ascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstationscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp6ascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp6ascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windowsscope:eqversion:98

Trust: 0.3

vendor:microsoftmodel:windowsscope:eqversion:95

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professionalscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced serverscope:eqversion:2000

Trust: 0.3

sources: BID: 1236 // CNNVD: CNNVD-200005-076 // NVD: CVE-2000-0305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0305
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200005-076
value: HIGH

Trust: 0.6

VULHUB: VHN-1884
value: HIGH

Trust: 0.1

VULMON: CVE-2000-0305
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2000-0305
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-1884
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1884 // VULMON: CVE-2000-0305 // CNNVD: CNNVD-200005-076 // NVD: CVE-2000-0305

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.1

sources: VULHUB: VHN-1884 // NVD: CVE-2000-0305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200005-076

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200005-076

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1884 // VULMON: CVE-2000-0305

EXTERNAL IDS

db:BIDid:1236

Trust: 2.1

db:NVDid:CVE-2000-0305

Trust: 1.8

db:CNNVDid:CNNVD-200005-076

Trust: 0.7

db:MSid:MS00-029

Trust: 0.6

db:BINDVIEWid:20000519 JOLT2 - REMOTE DOS AGAINST NT, W2K, 9X

Trust: 0.6

db:EXPLOIT-DBid:214

Trust: 0.2

db:SEEBUGid:SSVID-62798

Trust: 0.1

db:VULHUBid:VHN-1884

Trust: 0.1

db:VULMONid:CVE-2000-0305

Trust: 0.1

sources: VULHUB: VHN-1884 // VULMON: CVE-2000-0305 // BID: 1236 // CNNVD: CNNVD-200005-076 // NVD: CVE-2000-0305

REFERENCES

url:http://www.securityfocus.com/bid/1236

Trust: 2.8

url:http://www.securityfocus.com/templates/advisory.html?id=2240

Trust: 2.8

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-029

Trust: 2.2

url:http://www.microsoft.com/technet/security/bulletin/ms00-029.asp

Trust: 0.6

url:http://www.microsoft.com/technet/security/bulletin/fq00-029.asp

Trust: 0.3

url: -

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/399.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/214/

Trust: 0.1

sources: VULHUB: VHN-1884 // VULMON: CVE-2000-0305 // BID: 1236 // CNNVD: CNNVD-200005-076 // NVD: CVE-2000-0305

CREDITS

Discovered by Dmitri Netes of the BindView HackerShield Development Team and publicized in a Microsoft Security Bulletin (MS00-029) on May 19, 2000.

Trust: 0.9

sources: BID: 1236 // CNNVD: CNNVD-200005-076

SOURCES

db:VULHUBid:VHN-1884
db:VULMONid:CVE-2000-0305
db:BIDid:1236
db:CNNVDid:CNNVD-200005-076
db:NVDid:CVE-2000-0305

LAST UPDATE DATE

2024-11-22T22:48:59.750000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1884date:2018-10-12T00:00:00
db:VULMONid:CVE-2000-0305date:2018-10-12T00:00:00
db:BIDid:1236date:2000-05-19T00:00:00
db:CNNVDid:CNNVD-200005-076date:2005-10-12T00:00:00
db:NVDid:CVE-2000-0305date:2024-11-20T23:32:11.857

SOURCES RELEASE DATE

db:VULHUBid:VHN-1884date:2000-05-19T00:00:00
db:VULMONid:CVE-2000-0305date:2000-05-19T00:00:00
db:BIDid:1236date:2000-05-19T00:00:00
db:CNNVDid:CNNVD-200005-076date:2000-05-19T00:00:00
db:NVDid:CVE-2000-0305date:2000-05-19T04:00:00