[Am-info] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
Fred A. Miller
fm@cupserv.org
Mon, 17 Dec 2001 17:20:36 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
BugTraq ID: 3652
Remote: Yes
Date Published: Dec 07 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3652
Summary:
Internet Protocol Security (IPSec) provides authentication and
encryption
for IP network traffic. The Internet Key Exchange (IKE) protocol is a
management protocol standard which is used with the IPSec standard. IKE
contributes to the IPSec standard by providing additional features and
by default listens on UDP port 500.
An issue exists in IKE which could cause a Windows 2000 host to stop
responding.
If a user connects to port 500 on a Windows 2000 host running IKE, and
proceeds to submit a continuous stream of packets, the target will
consume
all available system resources.
A restart of the system maybe required in order to regain normal
functionality.
It should be noted that this vulnerability may be due to an underlying
issue with the UDP protocol.
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8Hm+0IhTtc6nTZIIRAjliAJ4rjKIEpLCd4bBUBKygSh1iPVDhwQCeMqYF
+Ggoo3mB6r4Kz7cY9S8WPcg=
=j2LS
-----END PGP SIGNATURE-----