File: 1447.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (64 lines) | stat: -rw-r--r-- 1,585 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Rule:
--
Sid:
1447

--
Summary:
This event is generated when a malicious packet is sent to the Microsoft Terminal Server port.

--
Impact:
Denial of service.  Sending repeated packets may cause a denial of service by consuming all available memory resources.

--
Detailed Information:
A flaw exists in the Microsoft Terminal Server port on certain versions of Windows that may cause a denial of service of the vulnerable host by consuming all available memory resources.  This attack requires multiple malicious packets to cause a denial of service.

--
Affected Systems:
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
Microsoft Windows NT Terminal Server 4.0

--
Attack Scenarios:
An attacker may attempt to cause a denial of service against a vulnerable server by sending repeated malicious packets.

--
Ease of Attack:
Simple. 

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Apply the patches discussed in Microsoft Security Bulletin MS01-040.
Block access to the Microsoft Terminal Server port from outside the network.

--
Contributors:
Original rule writer unknown.
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>

--
Additional References:

CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0540

--