IKE: Windows 2000 DoS
This protocol anomaly is a maliciously crafted IKE packet that can cause a Windows 2000 host to stop responding. Attackers can connect to UDP/500 and submit a continuous stream of arbitrary packets to spike the CPU utilization and cause a denial of service (DoS).
Extended Description
Internet Protocol Security (IPSec) provides authentication and encryption for IP network traffic. The Internet Key Exchange (IKE) protocol is a management protocol standard which is used with the IPSec standard. IKE contributes to the IPSec standard by providing additional features and by default listens on UDP port 500. An issue exists in IKE which could cause a Windows 2000 host to stop responding. Connecting to port 500 and submitting a continuous stream of arbitrary packets, will cause the CPU utilization to spike to approximately 100%. It should be noted that this vulnerability may be due to an underlying issue with the UDP protocol.
Affected Products
Microsoft windows_2000_advanced_server
References
BugTraq: 3652
CVE: CVE-2001-0951
URL: http://www.securityfocus.com/data/vulnerabilities/exploits/nb-isakmp.c
Short Name
IKE:DOS:WIN2K-DOS
Severity
Major
Recommended
False
Recommended Action
None
Category
IKE
Keywords
CVE-2001-0951 bid:3652 dos ike win2k
Release Date
02/02/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.0