| Vulnerability Name: | CVE-1999-0969 (CCN-1372) | ||||||||
| Assigned: | 1998-09-29 | ||||||||
| Published: | 1998-09-29 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-1999-0969 Source: MSKB Type: UNKNOWN Q193233 Source: CCN Type: CIAC Information Bulletin K-032 DDoS Mediation Action List Source: CCN Type: Internet Security Systems Security Alert #09 Snork Denial of Service Attack Against Windows NT RPC Service Source: CCN Type: Microsoft Security Bulletin MS04-012 Cumulative Update for Microsoft RPC/DCOM (828741) Source: CCN Type: Microsoft Security Bulletin MS04-029 Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350) Source: CCN Type: Microsoft Security Bulletin MS98-014 Update available for RPC Spoofing Denial of Service on Windows NT Source: CCN Type: OSVDB ID: 11265 Microsoft Windows NT Malformed RPC Packet Error Message Loop DoS (snork) Source: CCN Type: SANS Institute Resources Web site Help Defeat Denial of Service Attacks: Step-by-Step Source: CCN Type: BID-2234 Microsoft Windows NT RPC DoS Vulnerability Source: MS Type: UNKNOWN MS98-014 Source: XF Type: UNKNOWN snork-dos(1372) Source: CCN Type: Microsoft Knowledge Base Article 193233 Rpcss.exe Consumes 100% CPU Due to RPC Spoofing Attack | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||