Multiple Vendor Out Of Band Data DoS (WinNuke)

This script is Copyright (C) 1999-2014 Tenable Network Security, Inc.


Synopsis :

The remote service is vulnerable to denial of service.

Description :

It was possible to crash the remote host using the 'Winnuke' attack,
that is to send an OOB message to this port.

An attacker may use this flaw to make this host crash continuously,
preventing the system from working properly.

See also :

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-10/att-0333/01-winnuke.c

Solution :

http://support.microsoft.com/default.aspx?scid=kb
EN-US
179129

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Denial of Service

Nessus Plugin ID: 10314 ()

Bugtraq ID: 2010

CVE ID: CVE-1999-0153