MS01-009: Malformed PPTP Packet Stream Remote DoS (283001)

This script is Copyright (C) 2001-2013 Tenable Network Security, Inc.


Synopsis :

A flaw in the remote PPTP implementation could allow an attacker to
cause a denial of service.

Description :

The hotfix for the 'Malformed PPTP Packet Stream' problem has not
been applied. This hotfix corrects a memory leak in Windows NT PPTP
implementation that could cause it to use all the resources of the
remote host.

An attacker could use this flaw by sending malformed PPTP packets to the
remote host until no more memory is available. This would result in a
denial of service of the remote service or the whole system.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms01-009

Solution :

Microsoft has released a set of patches for Windows NT 4.0.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 10615 ()

Bugtraq ID: 2368

CVE ID: CVE-2001-0017