ID

VAR-200503-0010

CVE

CVE-2005-0688

TITLE

Microsoft Windows vulnerable to DoS via LAND attack

DESCRIPTION

Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016). Microsoft Windows does not adequately validate IP options, allowing an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. An attacker could take complete control of a vulnerable system. When a packet of this sort is received, an infinite loop is initiated and the affected system halts. This is known to affect Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices &amp; Catalyst switches, and HP-UX up to 11.00. It is noted that on Windows Server 2003 and XP SP2, the TCP and IP checksums must be correct to trigger the issue. **Update: It is reported that Microsoft platforms are also prone to this vulnerability. The vendor reports that network routers may not route malformed TCP/IP packets used to exploit this issue. As a result, an attacker may have to discover a suitable route to a target computer, or reside on the target network segment itself before exploitation is possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA05-102A Multiple Vulnerabilities in Microsoft Windows Components Original release date: April 12, 2005 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows Systems For a complete list of affected versions of the Windows operating systems and components, refer to the Microsoft Security Bulletins. Overview Microsoft has released a Security Bulletin Summary for April, 2005. This summary includes several bulletins that address vulnerabilities in various Windows applications and components. Details of the vulnerabilities and their impacts are provided below. I. Description The list below provides a mapping between Microsoft's Security Bulletins and the related US-CERT Vulnerability Notes. More information related to the vulnerabilities is available in these documents. Microsoft Security Bulletin MS05-020: Cumulative Security Update for Internet Explorer (890923) VU#774338 Microsoft Internet Explorer DHTML objects contain a race condition VU#756122 Microsoft Internet Explorer URL validation routine contains a buffer overflow VU#222050 Microsoft Internet Explorer Content Advisor contains a buffer overflow Microsoft Security Bulletin MS05-02: Vulnerability in Exchange Server Could Allow Remote Code Execution (894549) VU#275193 Microsoft Exchange Server contains unchecked buffer in SMTP extended verb handling Microsoft Security Bulletin MS05-022: Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597) VU#633446 Microsoft MSN Messenger GIF processing buffer overflow Microsoft Security Bulletin MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) VU#233754 Microsoft Windows does not adequately validate IP packets II. III. Solution Apply a patch Microsoft has provided the patches for these vulnerabilities in the Security Bulletins and on Windows Update. Appendix A. References * Microsoft's Security Bulletin Summary for April, 2005 - < http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx> * US-CERT Vulnerability Note VU#774338 - <http://www.kb.cert.org/vuls/id/774338> * US-CERT Vulnerability Note VU#756122 - <http://www.kb.cert.org/vuls/id/756122> * US-CERT Vulnerability Note VU#222050 - <http://www.kb.cert.org/vuls/id/222050> * US-CERT Vulnerability Note VU#275193 - <http://www.kb.cert.org/vuls/id/275193> * US-CERT Vulnerability Note VU#633446 - <http://www.kb.cert.org/vuls/id/633446> * US-CERT Vulnerability Note VU#233754 - <http://www.kb.cert.org/vuls/id/233754> _________________________________________________________________ Feedback can be directed to the authors: Will Dormann, Jeff Gennari, Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff Havrilla. _________________________________________________________________ This document is available from: <http://www.us-cert.gov/cas/techalerts/TA05-102A.html> _________________________________________________________________ Copyright 2005 Carnegie Mellon University. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History April 12, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQlxwexhoSezw4YfQAQJ4RAf/bTgaa6SBDMJveqW/GnQET79F9aVPM1S2 glam1w4YFyOdyIHpDYqQZRBqgXgpJjel/MiH02tZreU5mgIjkPIWA3gleepyWvnN 7VYv8KcbSnyvGxDl/8K2YjFz550gxA3pkRD7IiqdpOums87lJ7xM7sjdUY0ZA8aF JEvA4gfndpgLSuISV7Gf8y1s4MU329DurNy3t8W4EB9Iuef/E4Z058IvHnz9dTnT XwBnyW1KfH2Ohpy7QBOtcXt1wXU8X0F+d01g/VZmTL7xVwXmcPi8UpS7bPK8A17+ asqo582KjZVR56iL7fqNQzsrXUGZncEnX/8QOhi3Ym2LfAEkKrg3rw== =BY/p -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

Failure to Handle Exceptional Conditions

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Dejan Levaja dejan@levaja.com

SOURCES

LAST UPDATE DATE

2025-01-10T20:56:48.657000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE