SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#396645

Microsoft Windows vulnerable to DoS via LAND attack

Overview

A vulnerability in Microsoft Windows may allow a remote attacker to cause a denial of service.

I. Description

Microsoft Windows XP SP2 and Windows Server 2003 are vulnerable to a denial-of-service attack via a crafted TCP packet. The packet is spoofed in a manner such that the source and destination IP addresses are the same, the source and destination ports are the same, and the SYN flag is set. This type of attack is known as a LAND attack.

Upon receiving such a packet, Windows may become unresponsive for several seconds.

II. Impact

By sending a specially crafted TCP packet to a Windows machine, an attacker could cause excessive CPU usage on the target system. Repeated exploitation of this vulnerability could result in a sustained denial-of-service condition.

III. Solution

Apply a patch

Apply a patch as described in Microsoft Security Bulletin MS05-019.

Filter Network Traffic

Network firewall, Intrusion Detection and Prevention Systems, and packet filtering technology may be able to detect and block LAND attacks. If a perimeter network device is configured to drop incoming packets with source IP addresses that match addresses within the network, a remote attacker may not be able to exploit this vulnerability.

Systems Affected

VendorStatusDate NotifiedDate Updated
Microsoft CorporationVulnerable23-Mar-2005

References


http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
http://secunia.com/advisories/14512
http://www.securityfocus.com/bid/2666
http://xforce.iss.net/xforce/xfdb/19593
http://osvdb.org/displayvuln.php?osvdb_id=14578

Credit

This vulnerability was publicly disclosed by Dejan Levaja.

This document was written by Will Dormann.

Other Information

Date Public:2005-03-05
Date First Published:2005-04-13
Date Last Updated:2005-04-13
CERT Advisory: 
CVE-ID(s):CAN-2005-0688
NVD-ID(s):CAN-2005-0688
US-CERT Technical Alerts: 
Metric:12.15
Document Revision:14

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader