Microsoft Windows 2000 DNS Memory Leak Vulnerability
BID:2007
Info
Microsoft Windows 2000 DNS Memory Leak Vulnerability
| Bugtraq ID: | 2007 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jan 01 2000 12:00AM |
| Updated: | Jan 01 2000 12:00AM |
| Credit: | This problem was described in a Microsoft Bulletin. See References. |
| Vulnerable: |
Microsoft Windows 2000 Server Microsoft Windows 2000 Advanced Server |
| Not Vulnerable: |
Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Advanced Server SP1 |
Discussion
Microsoft Windows 2000 DNS Memory Leak Vulnerability
Windows 2000 Server and Advanced Server, without any service packs installed, contain a minor issue that could, in theory, be used by an attacker in a Denial of Service attack. DNS Services provided by DNS.EXE contain a "memory leak" bug that can, in some cases, continue to slowly consume system rmemory. The rate of memory usage growth depends on the number of DNS queries the server receives, so submitting a flood of requests to a vulnerable system could cause a Denial of Service. The server would have to be restarted in order to resume normal functioning.
Windows 2000 Server and Advanced Server, without any service packs installed, contain a minor issue that could, in theory, be used by an attacker in a Denial of Service attack. DNS Services provided by DNS.EXE contain a "memory leak" bug that can, in some cases, continue to slowly consume system rmemory. The rate of memory usage growth depends on the number of DNS queries the server receives, so submitting a flood of requests to a vulnerable system could cause a Denial of Service. The server would have to be restarted in order to resume normal functioning.
Exploit / POC
Microsoft Windows 2000 DNS Memory Leak Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft Windows 2000 DNS Memory Leak Vulnerability
Solution:
This problem was corrected with Windows 2000 Service Pack 1.
Solution:
This problem was corrected with Windows 2000 Service Pack 1.
References
Microsoft Windows 2000 DNS Memory Leak Vulnerability
References:
References:
- DNS Service Memory Leak (Microsoft)