Title: Microsoft Universal Plug and Play Simple Service Discovery Protocol Denial of Service Vulnerability
Severity: HIGH
Description:
Universal Plug and Play, or UPnP, is a service that allows for hosts to locate and use devices on the local network. UPnP support ships with Windows XP and ME. For Windows 98 and 98SE, it is available with Windows XP's Internet Connection Sharing client.
The Simple Service Discovery Protocol (SSDP) is a component of UPnP that allows a system to enumerate the resources of a newly installed network device on a UPnP network. When a new device is installed, it will broadcast a UDP NOTIFY packet to all devices on the UPnP network specifying the address and port for all other devices to download its description from.
It is possible to construct a UDP NOTIFY packet that will direct UPnP devices to download the description from a port on a system which echoes the requests, the requesting UPnP systems could enter an endless download cycle. The system could be manually restarted to exit this condition.
It could also be possible to use this technique to initiate a distributed denial of service attack on a third party. By constructing a NOTIFY packet which directs a large number of UPnP devices to the address of a third party server, the responding UPnP devices could flood the server with requests.
For both scenarios, the NOTIFY packet could be directed to a broadcast or multicast domain which would affect all the UPnP systems within earshot with a single packet.
Affected Products:
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
References:
- Microsoft: Microsoft Security Bulletin MS01-059
- Microsoft: Technet Security
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
