BID:1781

Microsoft Windows 9x / Me IPX NMPI Packet DoS Vulnerability

Info

Microsoft Windows 9x / Me IPX NMPI Packet DoS Vulnerability

Bugtraq ID:	1781
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	Yes
Published:	Oct 10 2000 12:00AM
Updated:	Oct 10 2000 12:00AM
Credit:	Publicized in a Microsoft Security Bulletin (MS00-073) on October 10, 2000.
Vulnerable:	Microsoft Windows ME Microsoft Windows 98SE Microsoft Windows 98 Microsoft Windows 95

Not Vulnerable:	Microsoft Windows NT 4.0 + Microsoft Windows NT Enterprise Server 4.0 + Microsoft Windows NT Enterprise Server 4.0 + Microsoft Windows NT Server 4.0 + Microsoft Windows NT Server 4.0 + Microsoft Windows NT Terminal Server 4.0 + Microsoft Windows NT Terminal Server 4.0 + Microsoft Windows NT Workstation 4.0 + Microsoft Windows NT Workstation 4.0 Microsoft Windows 2000 Professional

Exploit / POC

Microsoft Windows 9x / Me IPX NMPI Packet DoS Vulnerability

See discussion.

Solution / Fix

Microsoft Windows 9x / Me IPX NMPI Packet DoS Vulnerability

Solution:
Microsoft has released the following patches which eliminate the vulnerability:

Microsoft Windows 98

Microsoft Q273727
http://download.microsoft.com/download/win98SE/Update/11974/W98/EN-US/ 273727USA8.EXE

Microsoft Windows 98SE

Microsoft Q273727
http://download.microsoft.com/download/win98SE/Update/11974/W98/EN-US/ 273727USA8.EXE

Microsoft Windows ME

Microsoft Q273727
http://download.microsoft.com/download/winme/Update/11974/WinMe/EN-US/ 273727USAM.EXE

Microsoft Windows 95

Microsoft Q273727
http://download.microsoft.com/download/win95/Update/11974/W95/EN-US/27 3727USA5.EXE

References

Microsoft Windows 9x / Me IPX NMPI Packet DoS Vulnerability

References:

Frequently Asked Questions: Microsoft Security Bulletin (MS00-073) (Microsoft)
Q273727: Denial of Service Possible on an IPX/SPX Protocol Using the Name Manage (Microsoft)