Microsoft Windows DHCP Server Logging Remote Denial Of Service Vulnerability

2004-12-14T00:00:00
ID SMNTC-11919
Type symantec
Reporter Symantec Security Response
Modified 2004-12-14T00:00:00

Description

Description

Microsoft Windows DHCP server on NT 4 server platforms is reported susceptible to a remote denial of service vulnerability in its logging functionality. This issue is due to a failure of the application to properly handle user-supplied network input. This vulnerability allows remote attackers to crash the affected service, denying service to legitimate users. This may allow attackers to interrupt network services to an entire network. It is believed that this issue would only result in a denial of service, though an unconfirmed possibility of code execution exists due to the apparent nature of the vulnerability. It is noted that the service is not installed by default, nor is the affected logging facility enabled by default where the service has been installed.

Technologies Affected

  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0 SP1
  • Microsoft Windows NT 4.0 SP1 alpha
  • Microsoft Windows NT 4.0 SP2
  • Microsoft Windows NT 4.0 SP2 alpha
  • Microsoft Windows NT 4.0 SP3
  • Microsoft Windows NT 4.0 SP3 alpha
  • Microsoft Windows NT 4.0 SP4
  • Microsoft Windows NT 4.0 SP4 alpha
  • Microsoft Windows NT 4.0 SP5
  • Microsoft Windows NT 4.0 SP5 alpha
  • Microsoft Windows NT 4.0 SP6
  • Microsoft Windows NT 4.0 SP6 alpha
  • Microsoft Windows NT 4.0 SP6a
  • Microsoft Windows NT 4.0 SP6a alpha
  • Microsoft Windows NT 4.0 alpha
  • Microsoft Windows NT Enterprise Server 4.0
  • Microsoft Windows NT Enterprise Server 4.0 SP1
  • Microsoft Windows NT Enterprise Server 4.0 SP2
  • Microsoft Windows NT Enterprise Server 4.0 SP3
  • Microsoft Windows NT Enterprise Server 4.0 SP4
  • Microsoft Windows NT Enterprise Server 4.0 SP5
  • Microsoft Windows NT Enterprise Server 4.0 SP6
  • Microsoft Windows NT Enterprise Server 4.0 SP6a
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows NT Server 4.0 SP1
  • Microsoft Windows NT Server 4.0 SP2
  • Microsoft Windows NT Server 4.0 SP3
  • Microsoft Windows NT Server 4.0 SP4
  • Microsoft Windows NT Server 4.0 SP5
  • Microsoft Windows NT Server 4.0 SP6
  • Microsoft Windows NT Server 4.0 SP6a
  • Microsoft Windows NT Terminal Server 4.0
  • Microsoft Windows NT Terminal Server 4.0 SP1
  • Microsoft Windows NT Terminal Server 4.0 SP2
  • Microsoft Windows NT Terminal Server 4.0 SP3
  • Microsoft Windows NT Terminal Server 4.0 SP4
  • Microsoft Windows NT Terminal Server 4.0 SP5
  • Microsoft Windows NT Terminal Server 4.0 SP6
  • Microsoft Windows NT Terminal Server 4.0 SP6a
  • Microsoft Windows NT Terminal Server 4.0 alpha
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Workstation 4.0 SP1
  • Microsoft Windows NT Workstation 4.0 SP2
  • Microsoft Windows NT Workstation 4.0 SP3
  • Microsoft Windows NT Workstation 4.0 SP4
  • Microsoft Windows NT Workstation 4.0 SP5
  • Microsoft Windows NT Workstation 4.0 SP6
  • Microsoft Windows NT Workstation 4.0 SP6a

Recommendations

Block external access at the network boundary, unless external parties require service.

Access to the affected service should be filtered at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploitation. This includes blocking UDP ports 67 and 68 at the perimeter.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.

Deploy network intrusion detection software to monitor network activity. Network traffic should be monitored for malformed DHCP packets.

Microsoft has released updates to address this vulnerability in supported versions of the Windows operating system.