Microsoft Internet Security and Acceleration Server UDP Fragmentation Processing Can Cause 100% of CPU Resources to Be Consumed
|
|
SecurityTracker Alert ID: 1002693 |
|
SecurityTracker URL: http://securitytracker.com/id/1002693
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 3 2001
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): Tested on Windows 2000 Server + Service Pack 2 Microsoft ISA Server Enterprise Edition Full + All Fixes
|
Description:
A denial of service vulnerability was reported in Microsoft's Internet Security and Acceleration server. Remote users can cause the server to consume 100% of CPU resources.
A remote user can send a large number of fragmented UDP packets through the Internet Security and Acceleration (ISA) server to cause the server to consume 100% of CPU resources. This causes the packet throughput to drop.
A session log of an example attack session is available at:
http://www.tamersahin.net/downloads/isa.txt
Exploit code (opentear.c by RootShell) is available at:
http://www.tamersahin.net/downloads/opentear.c
The vendor has reportedly been notified.
|
Impact:
A remote user can cause the server to consume 100% of CPU resources.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Windows (2000)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 2 Nov 2001 19:51:07 +0200
Subject: [VulnWatch] Microsoft ISA Server Fragmented Udp Flood Vulnerability
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----[ Microsoft ISA Server Fragmented Udp Flood Vulnerability ]----
- ----[ Type
A system resource is exhausted.
- ----[ Summary
A fragmented Udp attack through the microsoft isa server makes the
system hampered by using the cpu at 100%. Meanwhile server uses
processor power too much and therefore packet process ratio
decreases.
- ----[ Log
You may reach the session log through
http://www.tamersahin.net/downloads/isa.txt
- ----[ Exploit
opentear.c by RootShell
http://www.tamersahin.net/downloads/opentear.c
- ----[ Tested
Windows 2000 Server + Service Pack 2
Microsoft ISA Server Enterprise Edition Full + All Fixes
- ----[ Vendor Status
Microsoft has been contacted.
- ----[ Disclaimer
Tamer Sahin is not responsible for the misuse or illegal use of any
of the information and/or the software listed on this security
advisory.
- ----[ Greetz
bLaCkWinD, RhinoCO, nigma, CronoS, inf0, omniheurist, HuzursuZ,
LuNiZ, dEtAy, Derwish, Strange Deja Vu, Nosferatu, dummy, WebEffect
and you!
Tamer Sahin
http://www.tamersahin.net
PGP Key ID: 0x63DE5F63 Fingerprint:
63D9 FBE7 7369 A9A9 1119 C80C 31D3 D363 63DE 5F63
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBO+LA6zHT02Nj3l9jEQJeuACgtbC7PzzRt+PplI/BaFRprnMHCE4An1xy
PbPUdWKgWD3rwCCuZ0MVGXa2
=YpkM
-----END PGP SIGNATURE-----
|
|
