CVE-2000-0983
CVSS5.0
发布时间 :2000-12-19 00:00:00
修订时间 :2008-09-10 15:06:16
NMCOE    

[原文]Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.


[CNNVD]Microsoft网络会议漏洞(CNNVD-200012-093)

        带远程桌面共享启用的Microsoft网络会议存在漏洞。远程攻击者借助一系列到网络会议端口的空字节导致服务拒绝(CPU 利用),也称为“网络桌面共享”漏洞。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0983
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0983
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200012-093
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/static/5368.php
(VENDOR_ADVISORY)  XF  netmeeting-desktop-sharing-dos
http://www.securityfocus.com/bid/1798
(VENDOR_ADVISORY)  BID  1798
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q273854
(UNKNOWN)  MSKB  Q273854
http://www.securityfocus.com/archive/1/140341
(UNKNOWN)  BUGTRAQ  20001018 Denial of Service attack against computers running Microsoft NetMeeting
http://www.microsoft.com/technet/security/bulletin/ms00-077.asp
(UNKNOWN)  MS  MS00-077

- 漏洞信息

Microsoft网络会议漏洞
中危 未知
2000-12-19 00:00:00 2005-10-12 00:00:00
远程  
        带远程桌面共享启用的Microsoft网络会议存在漏洞。远程攻击者借助一系列到网络会议端口的空字节导致服务拒绝(CPU 利用),也称为“网络桌面共享”漏洞。

- 公告与补丁

        

- 漏洞信息 (20289)

Microsoft NetMeeting 3.0.1 4.4.3385 Remote Desktop Sharing DoS Vulnerability (EDBID:20289)
windows dos
2000-10-13 Verified
0 Kirk Corey
N/A [点击下载]
source: http://www.securityfocus.com/bid/1798/info

The Remote Desktop Sharing component of Microsoft NetMeeting for Windows NT 4.0 / 2000 does not properly handle a particular type of malformed input string sent over port 1720. CPU utilization can be caused to spike to 100% and any existing NetMeeting sessions would fail in the event of an attack. Restarting the application would be required in order to regain normal functionality.

NetMeeting, including the affected component Remote Desktop Sharing, is shipped with Microsoft 2000 but is not enabled by default. NetMeeting can be downloaded as an add-on for NT 4.0.

*A new variant of this vulnerability has been discovered, the result of the new variant is the same as the originally discovered issue. No further technical details have been made available. User's are encouraged to install the latest patch.

nc target 1720 < /dev/zero		

- 漏洞信息

1609
Microsoft NetMeeting Remote Desktop Sharing Malformed String Handling DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

- 时间线

2000-10-13 Unknow
2000-10-13 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站