APP: MS Server Kerberos Denial of Service over TCP
This signature detects attempts to exploit a known flaw in the Microsoft implementation of the Kerberos protocol. A denial of service vulnerability exists that could allow an attacker to send a specially crafted message to a Windows domain controller that could cause the service responsible for authenticating users in an Active Directory domain to stop responding.
Extended Description
Microsoft Windows is susceptible to a remote Kerberos denial of service vulnerability. By sending unspecified packets to the Kerberos service on TCP or UDP port 88, attackers may cause the affected service to crash. This vulnerability allows remote attackers to crash the affected authentication service, denying further domain authentication to legitimate users. It should be noted that exploitation requires that attackers have valid logon credentials.
Affected Products
Microsoft windows_server_2003_datacenter_edition_itanium
References
BugTraq: 14519
CVE: CVE-2005-1981
URL: http://www.microsoft.com/technet/Security/bulletin/ms05-042.mspx
Short Name
APP:KERBEROS:DOS-TCP
Severity
Minor
Recommended
False
Recommended Action
None
Category
APP
Keywords
CVE-2005-1981 Denial Kerberos MS Server Service TCP bid:14519 of over
Release Date
08/16/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
Port
TCP/88
False Positive
Unknown
Vendors
Microsoft
CVSS Score
2.1