Vulnerability Name:	CVE-1999-0103 (CCN-36)
Assigned:	1996-02-08
Published:	1996-02-08
Updated:	2018-08-22
Summary:	Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
CVSS v3 Severity:	5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Exploitability Metrics: Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None Scope: Scope (S): Unchanged Impact Metrics: Confidentiality (C): None Integrity (I): None Availibility (A): Low
CVSS v2 Severity:	5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) Exploitability Metrics: Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None Impact Metrics: Confidentiality (C): None Integrity (I): None Availibility (A): Partial 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) Exploitability Metrics: Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None Impact Metrics: Confidentiality (C): None Integrity (I): None Availibility (A): Partial
Vulnerability Type:	CWE-Other
Vulnerability Consequences:	Denial of Service
References:	Source: MITRE Type: CNA CVE-1999-0103 Source: CCN Type: CERT Advisory CA-1996-01 UDP Port Denial-of-Service Attack Source: MISC Type: UNKNOWN https://ics-cert.us-cert.gov/advisories/ICSMA-18-233-01
Vulnerability Name:	CVE-1999-0103 (CCN-44)
Summary:	The echo service was detected as running. The echo (port 7) service can be spoofed into sending data from one service on one computer to another service on another computer. This action causes an infinite loop and creates a denial of service attack. The attack can consume increasing amounts of network bandwidth, causing loss of performance or a total shutdown of the affected network segments. The attack can also disable your Unix server by causing it to spend all its time processing packets that are echoed back to itself.
CVSS v3 Severity:
CVSS v2 Severity:	5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) Exploitability Metrics: Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None Impact Metrics: Confidentiality (C): None Integrity (I): None Availibility (A): Partial
Vulnerability Consequences:	Denial of Service
References:	Source: CCN Type: Caldera International, Inc. Security Advisory SA-1997.33 Vulnerabilities in "inetd" in netkit-base-0.10-1 Source: CCN Type: BugTraq Mailing List, Mon, 10 Mar 1997 15:05:20 -0500 Lynx/MSIE denial-of-service Source: MITRE Type: CNA CVE-1999-0103 Source: MITRE Type: CNA CVE-1999-0635 Source: CCN Type: SA18514 ACT WLAN Phone P202S Multiple Security Issues Source: CCN Type: Novell Technical Information Document #2946023 TCPIP blocking ports (7, 9, 19, etc) Source: CCN Type: Novell Technical Information Document #2946023 TCPIP blocking ports (7, 9, 19, etc) Source: CCN Type: CERT Advisory CA-1996-01 UDP Port Denial-of-Service Attack Source: XF Type: UNKNOWN chargen(36) Source: XF Type: UNKNOWN echo(44)
BACK