Vulnerability CVE-1999-1361

Vulnerability Name:

CVE-1999-1361 (CCN-7329)

Assigned:

1998-05-09

Published:

1998-05-09

Updated:

2016-10-18

Summary:

Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: BugTraq Mailing List, Sat, 9 May 1998 05:33:10 -0400
coke.c

Source: MITRE
Type: CNA
CVE-1999-1361

Source: BUGTRAQ
Type: UNKNOWN
19980509 coke.c

Source: CCN
Type: OSVDB ID: 10609
Microsoft Windows WINS Malformed Packet Consumption DoS

Source: XF
Type: UNKNOWN
winnt-wins-packet-flood-dos(7329)

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_nt:3.5.1:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_nt:3.51:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK