CVE-2001-0721
CVSS5.0
发布时间 :2001-12-06 00:00:00
修订时间 :2016-10-17 22:11:48
NMCOS    

[原文]Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.


[CNNVD]Microsoft UPnP服务拒绝漏洞(CNNVD-200112-013)

        Windows 98,98SE,ME,和XP的Universal Plug and Play (UPnP)存在漏洞。远程攻击者借助畸形UPnP请求导致服务拒绝(内存消耗或者崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_98seMicrosoft windows 98_se
cpe:/o:microsoft:windows_meMicrosoft Windows ME
cpe:/o:microsoft:windows_98::goldMicrosoft windows 98_gold
cpe:/o:microsoft:windows_xp::goldMicrosoft windows xp_gold

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0721
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0721
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200112-013
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=100467787323377&w=2
(UNKNOWN)  BUGTRAQ  20011101 Three Windows XP UPNP DOS attacks
http://marc.info/?l=bugtraq&m=100528449024158&w=2
(UNKNOWN)  BUGTRAQ  20011109 Important Information Regarding MS01-054 and WindowsME
http://www.microsoft.com/technet/security/bulletin/MS01-054.asp
(VENDOR_ADVISORY)  MS  MS01-054

- 漏洞信息

Microsoft UPnP服务拒绝漏洞
中危 其他
2001-12-06 00:00:00 2005-10-20 00:00:00
远程  
        Windows 98,98SE,ME,和XP的Universal Plug and Play (UPnP)存在漏洞。远程攻击者借助畸形UPnP请求导致服务拒绝(内存消耗或者崩溃)。

- 公告与补丁

        **UPDATE**: New fixes for Windows 98/98SE and Windows Me are available.
        Microsoft has released a patch for Windows 98/98SE and Windows Me.
        For XP systems, the fix is contained in the update titled "Windows XP Update Package, October 25, 2001". This fix can be obtained through the WindowsUpdate web site.
        See the reference section for a link to the Windows Update website.
        Microsoft Windows 98
        
        Microsoft Windows 98SE
        
        Microsoft Windows ME
        

- 漏洞信息

13959
Microsoft Windows Universal Plug and Play (UPnP) Malformed Request DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-11-01 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft UPnP Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 3499
Yes No
2001-11-01 12:00:00 2009-07-11 09:06:00
Credited to 'Ken' from FTU, <franklin_tech_unlimited@yahoo.com>.

- 受影响的程序版本

Microsoft Windows XP Professional
Microsoft Windows XP Home
Microsoft Windows XP 0
Microsoft Windows ME
Microsoft Windows 98SE
Microsoft Windows 98

- 漏洞讨论

A denial of service vulnerability exists in UPnP implementations that may allow for a remotely exploitable denial of service. When the UPnP service recieves invalid data, system performance degradation may occur on Windows 98, 98SE and ME systems.

On XP systems, each request consumes a small amount of memory that is not freed. This is due to a memory leak error. It is possible to exhaust memory resources by repeatedly sending invalid UPnP data to the target XP system.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

**UPDATE**: New fixes for Windows 98/98SE and Windows Me are available.

Microsoft has released a patch for Windows 98/98SE and Windows Me.

For XP systems, the fix is contained in the update titled "Windows XP Update Package, October 25, 2001". This fix can be obtained through the WindowsUpdate web site.

See the reference section for a link to the Windows Update website.


Microsoft Windows 98

Microsoft Windows 98SE

Microsoft Windows ME

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站