Details of VAR-200205-0126

ID

VAR-200205-0126

CVE

CVE-2002-0224

TITLE

Microsoft MSDTC Service Denial of Service Attack Vulnerability (MS02-018)

Trust: 0.6

sources: CNNVD: CNNVD-200205-013

DESCRIPTION

The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. It is installed by default on Windows 2000, as well as with Microsoft SQL Server 6.5 and higher. It has been reported that it is possible to cause this service to crash by sending 1024 bytes of random data to its listening port, by default port 3372. Restarting the service will reportedly allow it to resume normal operation. The existence of this vulnerability has not been confirmed by Microsoft. * Further reports indicate that sending approximately 20200 null bytes to the service, will cause the entire system to become unresponsive

Trust: 1.17

sources: NVD: CVE-2002-0224 // BID: 4006

AFFECTED PRODUCTS

vendor:	microsoft	model:	sql server	scope:	eq	version:	2000	Trust: 1.9
vendor:	microsoft	model:	sql server	scope:	eq	version:	7.0	Trust: 1.9
vendor:	microsoft	model:	sql server	scope:	eq	version:	6.5	Trust: 1.9
vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.0
vendor:	microsoft	model:	windows 2000	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	windows 2000	scope:	eq	version:	sp2	Trust: 0.6
vendor:	microsoft	model:	windows server sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows server	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows professional	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows datacenter server	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	windows advanced server	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	sql server sp2	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	sql server sp1	scope:	eq	version:	2000	Trust: 0.3
vendor:	microsoft	model:	sql server sp3 alpha	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	sql server sp3	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	sql server sp2 alpha	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	sql server sp2	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	sql server sp1 alpha	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	sql server sp1	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	sql server alpha	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 4006 // CNNVD: CNNVD-200205-013 // NVD: CVE-2002-0224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0224
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200205-013
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2002-0224
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200205-013 // NVD: CVE-2002-0224

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0224

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200205-013

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200205-013

EXTERNAL IDS

db:	NVD	id:	CVE-2002-0224	Trust: 1.9
db:	BID	id:	4006	Trust: 1.9
db:	BUGTRAQ	id:	20020131 MSDTC ON 3372	Trust: 0.6
db:	BUGTRAQ	id:	20020419 KPMG-2002015: MICROSOFT DISTRIBUTED TRANSACTION COORDINATOR DOS	Trust: 0.6
db:	XF	id:	8046	Trust: 0.6
db:	CNNVD	id:	CNNVD-200205-013	Trust: 0.6

sources: BID: 4006 // CNNVD: CNNVD-200205-013 // NVD: CVE-2002-0224

REFERENCES

url:	http://www.securityfocus.com/bid/4006	Trust: 2.6
url:	http://www.iss.net/security_center/static/8046.php	Trust: 2.6
url:	http://online.securityfocus.com/archive/1/268593	Trust: 2.6
url:	http://online.securityfocus.com/archive/1/253360	Trust: 2.6
url:	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp	Trust: 0.3

sources: BID: 4006 // CNNVD: CNNVD-200205-013 // NVD: CVE-2002-0224

CREDITS

palante@subterrain.net※>palante@subterrain.net</a>※ palante@subterrain.net

Trust: 0.6

sources: CNNVD: CNNVD-200205-013

SOURCES

db:	BID	id:	4006
db:	CNNVD	id:	CNNVD-200205-013
db:	NVD	id:	CVE-2002-0224

LAST UPDATE DATE

2024-11-22T23:12:10.696000+00:00

SOURCES UPDATE DATE

db:	BID	id:	4006	date:	2009-07-11T09:56:00
db:	CNNVD	id:	CNNVD-200205-013	date:	2006-09-01T00:00:00
db:	NVD	id:	CVE-2002-0224	date:	2024-11-20T23:38:35.610

SOURCES RELEASE DATE

db:	BID	id:	4006	date:	2002-01-31T00:00:00
db:	CNNVD	id:	CNNVD-200205-013	date:	2002-01-31T00:00:00
db:	NVD	id:	CVE-2002-0224	date:	2002-05-16T04:00:00