Reported April 17, 2002, by Peter Gründl.
VERSIONS AFFECTED
-
Windows 2000 Advanced Server Service Pack 1 (SP1) and SP2
-
Windows 2000 Server SP1 and SP2
-
Windows 2000 Professional SP1 and SP2
DESCRIPTION
A
Denial of Service (DoS) condition exists in Microsoft’s Directory Services
running on TCP port 445. An attacker sending a large stream
of null characters or malformed characters to the service can freeze the system
because of CPU and kernel-resource depletion or, in some cases, can cause a blue
screen.
VENDOR RESPONSE
The vendor, Microsoft, has released two workarounds that mitigate this vulnerability.
CREDIT
Discovered by Peter
Gründl.
1 comment
Hide comments