MS-RPC: ARNUDP RPC Denial of Service
This signature detects denial-of-service (DoS) attempts against the Windows RPC service. Attackers can send a small amount of invalid data to port 135 to crash a Windows RPC service.
Extended Description
The Microsoft Windows RPC service may contain a flaw that allows a remote attacker to cause a denial of service. By sending a specifically malformed packet to TCP port 135, the RPC service will be disabled. This issue may be related to BID 6005, however, this has not been confirmed.
Affected Products
Microsoft windows_nt_terminal_server
References
CVE: CVE-2003-0605
URL: http://securityresponse.symantec.com/avcenter/attack_sigs/s20089.html
Short Name
MS-RPC:ARNUDP-RPC-DOS
Severity
Minor
Recommended
False
Recommended Action
None
Category
MS-RPC
Keywords
ARNUDP CVE-2003-0605 Denial RPC Service of
Release Date
03/18/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
UDP/135
False Positive
Rarely
Vendors
Microsoft
CVSS Score
7.5