APP: MS Server Kerberos Denial of Service
This signature detects attempts to exploit a known vulnerability against Microsoft Windows Active Directory. Attackers can craft a domain authentication requests containing invalid Kerberos information. A successful attack can trigger a denial of service against Active Directory servers.
Extended Description
Microsoft Windows is susceptible to a remote Kerberos denial of service vulnerability. By sending unspecified packets to the Kerberos service on TCP or UDP port 88, attackers may cause the affected service to crash. This vulnerability allows remote attackers to crash the affected authentication service, denying further domain authentication to legitimate users. It should be noted that exploitation requires that attackers have valid logon credentials.
Affected Products
Microsoft windows_server_2003_datacenter_edition_itanium
References
BugTraq: 14519
CVE: CVE-2009-0846
URL: http://www.microsoft.com/technet/security/Bulletin/MS05-042.mspx
Short Name
APP:KERBEROS:DOS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2004-0523 CVE-2005-1175 CVE-2005-1981 CVE-2009-0846 Denial Kerberos MS Server Service bid:14519 of
Release Date
08/09/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
Port
UDP/88
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5
10.0
2.1