Vulnerabilities > CVE-2005-3945 - Remote Denial of Service vulnerability in Microsoft Windows 2000 and Windows 2003 Server

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

microsoft

NVD

Published: 2005-12-01

Updated: 2019-04-30

Summary

The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2000 * Microsoft Windows 2003 Server Enterprise Microsoft Windows 2003 Server R2 Microsoft Windows 2003 Server Standard Microsoft Windows 2003 Server Web	9

References

http://www.securityfocus.com/archive/1/417952/100/0/threaded
http://www.securityfocus.com/bid/15613