ID

VAR-199712-0007


CVE

CVE-1999-0016


TITLE

Microsoft Internet Explorer DHTML objects contain a race condition

Trust: 0.8

sources: CERT/CC: VU#774338

DESCRIPTION

Land IP denial of service. MSN Messenger clients before version 7.0 will allow remote attackers to take control of a computer if malicious GIF files are processed. Microsoft Windows does not adequately validate IP options, allowing an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. An attacker could take complete control of a vulnerable system. A number of TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and port spoofed to equal the destination source and port. When a packet of this sort is received, an infinite loop is initiated and the affected system halts. This is known to affect Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices &amp; Catalyst switches, and HP-UX up to 11.00. It is noted that on Windows Server 2003 and XP SP2, the TCP and IP checksums must be correct to trigger the issue. **Update: It is reported that Microsoft platforms are also prone to this vulnerability. The vendor reports that network routers may not route malformed TCP/IP packets used to exploit this issue. As a result, an attacker may have to discover a suitable route to a target computer, or reside on the target network segment itself before exploitation is possible. TCP/IP The network protocol stack is implemented by most operating systems for Internet The most widely used network protocol for networking. Early BSD Derived system (Linux except ) and Windows system TCP/IP There are loopholes in the protocol stack implementation, and remote attackers can use this loophole to perform denial of service attacks on the server. due to TCP/IP Implementation problems, the target system may have problems handling this kind of malformed package. Different system pairs Land The attack response is different, many old versions UNIX Similar operating system will crash, NT of CPU Resource consumption will be close to 100\\%( Lasts about five minutes ) . Information about this vulnerability is available in newsgroups and mailing lists \"Land denial of service\" , \"Land Attack\" Search for keywords. The vulnerability is caused due to improper handling of IP packets with the same destination and source IP and the SYN flag set. This causes a system to consume all available CPU resources for a certain period of time. This kind of attack was first reported in 1997 and became known as LAND attacks. SOLUTION: Filter traffic with the same IP address as source and destination address at the perimeter. The vulnerability is caused due to a boundary error in the SMTP service within the handling of a certain extended verb request. This can be exploited to cause a heap-based buffer overflow by connecting to the SMTP service and issuing a specially crafted command. Instead, this requires permissions usually only granted to other Exchange servers in a domain. Microsoft Exchange 2000 Server (requires SP3): http://www.microsoft.com/downloads/details.aspx?FamilyId=2A2AF17E-2E4A-4479-8AC9-B5544EA0BD66 Microsoft Exchange Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=97F409EB-C8D0-4C94-A67B-5945E26C9267 Microsoft Exchange Server 2003 (requires SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=35BCE74A-E84A-4035-BF18-196368F032CC The following versions are not affected: * Microsoft Exchange Server 5.5 SP4 * Microsoft Exchange Server 5.0 SP2 PROVIDED AND/OR DISCOVERED BY: Mark Dowd and Ben Layer, ISS X-Force. ORIGINAL ADVISORY: MS05-021 (KB894549): http://www.microsoft.com/technet/security/Bulletin/MS05-021.mspx ISS X-Force: http://xforce.iss.net/xforce/alerts/id/193 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA05-102A Multiple Vulnerabilities in Microsoft Windows Components Original release date: April 12, 2005 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows Systems For a complete list of affected versions of the Windows operating systems and components, refer to the Microsoft Security Bulletins. Overview Microsoft has released a Security Bulletin Summary for April, 2005. This summary includes several bulletins that address vulnerabilities in various Windows applications and components. Details of the vulnerabilities and their impacts are provided below. I. Description The list below provides a mapping between Microsoft's Security Bulletins and the related US-CERT Vulnerability Notes. More information related to the vulnerabilities is available in these documents. III. Solution Apply a patch Microsoft has provided the patches for these vulnerabilities in the Security Bulletins and on Windows Update. Appendix A. References * Microsoft's Security Bulletin Summary for April, 2005 - < http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx> * US-CERT Vulnerability Note VU#774338 - <http://www.kb.cert.org/vuls/id/774338> * US-CERT Vulnerability Note VU#756122 - <http://www.kb.cert.org/vuls/id/756122> * US-CERT Vulnerability Note VU#222050 - <http://www.kb.cert.org/vuls/id/222050> * US-CERT Vulnerability Note VU#275193 - <http://www.kb.cert.org/vuls/id/275193> * US-CERT Vulnerability Note VU#633446 - <http://www.kb.cert.org/vuls/id/633446> * US-CERT Vulnerability Note VU#233754 - <http://www.kb.cert.org/vuls/id/233754> _________________________________________________________________ Feedback can be directed to the authors: Will Dormann, Jeff Gennari, Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff Havrilla. _________________________________________________________________ This document is available from: <http://www.us-cert.gov/cas/techalerts/TA05-102A.html> _________________________________________________________________ Copyright 2005 Carnegie Mellon University. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History April 12, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQlxwexhoSezw4YfQAQJ4RAf/bTgaa6SBDMJveqW/GnQET79F9aVPM1S2 glam1w4YFyOdyIHpDYqQZRBqgXgpJjel/MiH02tZreU5mgIjkPIWA3gleepyWvnN 7VYv8KcbSnyvGxDl/8K2YjFz550gxA3pkRD7IiqdpOums87lJ7xM7sjdUY0ZA8aF JEvA4gfndpgLSuISV7Gf8y1s4MU329DurNy3t8W4EB9Iuef/E4Z058IvHnz9dTnT XwBnyW1KfH2Ohpy7QBOtcXt1wXU8X0F+d01g/VZmTL7xVwXmcPi8UpS7bPK8A17+ asqo582KjZVR56iL7fqNQzsrXUGZncEnX/8QOhi3Ym2LfAEkKrg3rw== =BY/p -----END PGP SIGNATURE-----

Trust: 6.66

sources: NVD: CVE-1999-0016 // CERT/CC: VU#774338 // CERT/CC: VU#756122 // CERT/CC: VU#222050 // CERT/CC: VU#633446 // CERT/CC: VU#396645 // CERT/CC: VU#233754 // CERT/CC: VU#275193 // BID: 2666 // VULHUB: VH-CVE-1999-0016 // VULMON: CVE-1999-0016 // PACKETSTORM: 36523 // PACKETSTORM: 37141 // PACKETSTORM: 37198

AFFECTED PRODUCTS

vendor:microsoftmodel: - scope: - version: -

Trust: 5.6

vendor:sunmodel:sunosscope:eqversion:4.1.4

Trust: 1.9

vendor:sunmodel:sunosscope:eqversion:4.1.3u1

Trust: 1.6

vendor:hpmodel:hp-uxscope:eqversion:10.01

Trust: 1.3

vendor:hpmodel:hp-uxscope:eqversion:10.10

Trust: 1.3

vendor:netbsdmodel:netbsdscope:eqversion:1.0

Trust: 1.3

vendor:microsoftmodel:windows ntscope:eqversion:4.0

Trust: 1.3

vendor:hpmodel:hp-uxscope:eqversion:10.16

Trust: 1.3

vendor:netbsdmodel:netbsdscope:eqversion:1.1

Trust: 1.3

vendor:hpmodel:hp-uxscope:eqversion:10.24

Trust: 1.3

vendor:hpmodel:hp-uxscope:eqversion:10.20

Trust: 1.3

vendor:hpmodel:hp-uxscope:eqversion:10.30

Trust: 1.3

vendor:hpmodel:hp-uxscope:eqversion:10.00

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:9.03

Trust: 1.0

vendor:microsoftmodel:windows 95scope:eqversion:*

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:9.07

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:9.00

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:7000

Trust: 1.0

vendor:microsoftmodel:winsockscope:eqversion:2.0

Trust: 1.0

vendor:gnumodel:inetscope:eqversion:5.01

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:9.04

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:9.01

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:11.00

Trust: 1.0

vendor:hpmodel:hp-uxscope:eqversion:9.05

Trust: 1.0

vendor:microsoftmodel:windows xp home sp1scope: - version: -

Trust: 0.3

vendor:bsdimodel:bsd/osscope:eqversion:2.1

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp3scope:eqversion:4.0

Trust: 0.3

vendor:netbsdmodel:netbsdscope:neversion:1.3.1

Trust: 0.3

vendor:microsoftmodel:windows nt sp5scope:neversion:4.0

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.0.31

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.5

Trust: 0.3

vendor:ciscomodel:ios aascope:neversion:11.1.15

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:neversion:2.2.6

Trust: 0.3

vendor:microsoftmodel:windows nt sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows xp professionalscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp4scope:neversion:4.0

Trust: 0.3

vendor:bsdimodel:bsd/osscope:neversion:3.0

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition sp1 betascope:eqversion:20031

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.0.34

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp2scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:ios fscope:neversion:11.2.4

Trust: 0.3

vendor:ciscomodel:ios btscope:neversion:11.0.12

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp4scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition itaniumscope:eqversion:20030

Trust: 0.3

vendor:microsoftmodel:windows xp tablet pc edition sp1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios iascope:neversion:11.1.15

Trust: 0.3

vendor:netbsdmodel:netbsdscope:neversion:1.3

Trust: 0.3

vendor:microsoftmodel:windows xp tablet pc editionscope: - version: -

Trust: 0.3

vendor:bsdimodel:bsd/osscope:neversion:3.1

Trust: 0.3

vendor:microsoftmodel:windows nt sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition sp1scope:eqversion:2003

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.1.x

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.2

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.1

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit editionscope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:10.3.16

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition itanium sp1scope:eqversion:2003

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.0.38

Trust: 0.3

vendor:microsoftmodel:windows server standard edition sp1 betascope:eqversion:20031

Trust: 0.3

vendor:novellmodel:netwarescope:eqversion:4.1

Trust: 0.3

vendor:microsoftmodel:windows server standard edition sp1scope:eqversion:2003

Trust: 0.3

vendor:bsdimodel:bsd/osscope:eqversion:2.0

Trust: 0.3

vendor:microsoftmodel:windows xp media center editionscope: - version: -

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.0.36

Trust: 0.3

vendor:microsoftmodel:windows xp media center edition sp2scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows nt workstationscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:10.3

Trust: 0.3

vendor:ciscomodel:ios btscope:neversion:11.0.17

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition itaniumscope:eqversion:20030

Trust: 0.3

vendor:microsoftmodel:windows nt sp2scope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:neversion:3.x

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition sp1 betascope:eqversion:20031

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp3scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.2.10

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp1scope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1.5

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.1.7

Trust: 0.3

vendor:bsdimodel:bsd/osscope:eqversion:2.0.1

Trust: 0.3

vendor:microsoftmodel:windows server web edition sp1scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows xp tablet pc edition sp2scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition itanium sp1 betascope:eqversion:20031

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.3

Trust: 0.3

vendor:bsdimodel:bsd/osscope:eqversion:1.1

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.0.33

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp3scope:eqversion:4.0

Trust: 0.3

vendor:scomodel:open desktopscope:eqversion:3.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1.6.1

Trust: 0.3

vendor:ciscomodel:ios iascope:neversion:11.1.9

Trust: 0.3

vendor:netbsdmodel:netbsdscope:neversion:1.3.2

Trust: 0.3

vendor:ciscomodel:ios aascope:neversion:11.1.7

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.0.17

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition itanium sp1 betascope:eqversion:20031

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows server datacenter editionscope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows nt terminal serverscope:eqversion:4.0

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:9.0

Trust: 0.3

vendor:scomodel:unixwarescope:eqversion:2.1

Trust: 0.3

vendor:microsoftmodel:windows xp professional sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows nt sp3 alphascope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:neversion:2.2.2

Trust: 0.3

vendor:microsoftmodel:windows server standard editionscope:eqversion:2003

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.2.4

Trust: 0.3

vendor:ciscomodel:ios ascope:neversion:10.3.19

Trust: 0.3

vendor:ciscomodel:ios f1scope:neversion:11.2.4

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.0.35

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.0

Trust: 0.3

vendor:microsoftmodel:windows xp homescope: - version: -

Trust: 0.3

vendor:scomodel:cmw+scope:eqversion:3.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2

Trust: 0.3

vendor:bsdimodel:bsd/osscope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows server web editionscope:eqversion:2003

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:ios cascope:neversion:11.1.15

Trust: 0.3

vendor:microsoftmodel:windows xp media center edition sp1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios/700scope:eqversion:1.0

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.0.30

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:11.1

Trust: 0.3

vendor:microsoftmodel:windows nt server sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windowsscope:eqversion:95

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.2.10

Trust: 0.3

vendor:ciscomodel:catalyst supervisor softwarescope:neversion:29xx2.4.401

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.0.37

Trust: 0.3

vendor:sunmodel:sunos u1scope:eqversion:4.1.3

Trust: 0.3

vendor:microsoftmodel:windows nt sp4scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows ntscope:eqversion:3.5.1

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:10.0

Trust: 0.3

vendor:marconimodel:atm switchscope:eqversion:6.1.1

Trust: 0.3

vendor:linuxmodel:kernelscope:neversion:2.0.32

Trust: 0.3

vendor:microsoftmodel:windows nt server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp4scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows xp professional sp2scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp home sp2scope: - version: -

Trust: 0.3

vendor:ciscomodel:catalyst supervisor softwarescope:neversion:29xx2.1.1102

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:1.2.1

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit edition sp1scope: - version: -

Trust: 0.3

vendor:scomodel:open serverscope:eqversion:5.0

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit edition version sp1scope:eqversion:2003

Trust: 0.3

vendor:freebsdmodel:freebsdscope:neversion:2.2.8

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp2scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:ios pscope:neversion:11.2.9

Trust: 0.3

vendor:marconimodel:atm switchscope:eqversion:7.0.1

Trust: 0.3

vendor:microsoftmodel:windows nt sp6scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition sp1scope:eqversion:2003

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.4

Trust: 0.3

vendor:microsoftmodel:windows nt server sp4scope:neversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt serverscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.1.15

Trust: 0.3

vendor:microsoftmodel:windows server enterprise editionscope:eqversion:2003

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1.6

Trust: 0.3

vendor:bsdimodel:bsd/osscope:neversion:4.0.1

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit edition versionscope:eqversion:2003

Trust: 0.3

vendor:ciscomodel:ios cascope:neversion:11.1.7

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition itanium sp1scope:eqversion:2003

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:1.2

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp2scope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1x

Trust: 0.3

vendor:microsoftmodel:windows server web edition sp1 betascope:eqversion:20031

Trust: 0.3

sources: CERT/CC: VU#774338 // CERT/CC: VU#756122 // CERT/CC: VU#222050 // CERT/CC: VU#633446 // CERT/CC: VU#396645 // CERT/CC: VU#233754 // CERT/CC: VU#275193 // BID: 2666 // CNNVD: CNNVD-199712-002 // NVD: CVE-1999-0016

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-1999-0016
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#774338
value: 21.80

Trust: 0.8

CARNEGIE MELLON: VU#756122
value: 21.80

Trust: 0.8

CARNEGIE MELLON: VU#222050
value: 4.36

Trust: 0.8

CARNEGIE MELLON: VU#633446
value: 23.63

Trust: 0.8

CARNEGIE MELLON: VU#396645
value: 12.15

Trust: 0.8

CARNEGIE MELLON: VU#233754
value: 12.29

Trust: 0.8

CARNEGIE MELLON: VU#275193
value: 36.15

Trust: 0.8

CNNVD: CNNVD-199712-002
value: MEDIUM

Trust: 0.6

VUL-HUB: VH-CVE-1999-0016
value: LOW RISK

Trust: 0.1

VULMON: CVE-1999-0016
value: MEDIUM

Trust: 0.1

VULMON: CVE-1999-0016
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VH-CVE-1999-0016
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#774338 // CERT/CC: VU#756122 // CERT/CC: VU#222050 // CERT/CC: VU#633446 // CERT/CC: VU#396645 // CERT/CC: VU#233754 // CERT/CC: VU#275193 // VULHUB: VH-CVE-1999-0016 // VULMON: CVE-1999-0016 // CNNVD: CNNVD-199712-002 // NVD: CVE-1999-0016

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0016

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 37198 // CNNVD: CNNVD-199712-002

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-199712-002

CONFIGURATIONS

sources: NVD: CVE-1999-0016

EXPLOIT AVAILABILITY

sources: VULHUB: VH-CVE-1999-0016 // VULMON: CVE-1999-0016

PATCH

title:CVE-1999-0016-Land-DOS-toolurl:https://github.com/pexmee/cve-1999-0016-land-dos-tool

Trust: 0.1

title:opensimsurl:https://github.com/ascendantlogic/opensims

Trust: 0.1

title:CVE-1999-0016-POCurl:https://github.com/pommaq/cve-1999-0016-poc

Trust: 0.1

sources: VULMON: CVE-1999-0016

EXTERNAL IDS

db:NVDid:CVE-1999-0016

Trust: 2.1

db:SECUNIAid:14512

Trust: 1.7

db:BIDid:2666

Trust: 1.1

db:CERT/CCid:VU#774338

Trust: 0.9

db:CERT/CCid:VU#756122

Trust: 0.9

db:CERT/CCid:VU#222050

Trust: 0.9

db:CERT/CCid:VU#633446

Trust: 0.9

db:CERT/CCid:VU#233754

Trust: 0.9

db:SECUNIAid:14920

Trust: 0.9

db:USCERTid:TA05-102A

Trust: 0.9

db:CERT/CCid:VU#275193

Trust: 0.9

db:OSVDBid:14578

Trust: 0.8

db:XFid:19593

Trust: 0.8

db:CERT/CCid:VU#396645

Trust: 0.8

db:BIDid:13116

Trust: 0.8

db:SECTRACKid:1013686

Trust: 0.8

db:OSVDBid:15467

Trust: 0.8

db:CNNVDid:CNNVD-199712-002

Trust: 0.7

db:HPid:HPSBUX9801-076

Trust: 0.6

db:VULHUBid:VH-CVE-1999-0016

Trust: 0.1

db:EXPLOIT-DBid:20812

Trust: 0.1

db:VULMONid:CVE-1999-0016

Trust: 0.1

db:PACKETSTORMid:36523

Trust: 0.1

db:PACKETSTORMid:37141

Trust: 0.1

db:PACKETSTORMid:37198

Trust: 0.1

sources: CERT/CC: VU#774338 // CERT/CC: VU#756122 // CERT/CC: VU#222050 // CERT/CC: VU#633446 // CERT/CC: VU#396645 // CERT/CC: VU#233754 // CERT/CC: VU#275193 // VULHUB: VH-CVE-1999-0016 // VULMON: CVE-1999-0016 // BID: 2666 // PACKETSTORM: 36523 // PACKETSTORM: 37141 // PACKETSTORM: 37198 // CNNVD: CNNVD-199712-002 // NVD: CVE-1999-0016

REFERENCES

url:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx

Trust: 1.9

url:http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux9801-076

Trust: 1.7

url:about vulnerability notes

Trust: 1.6

url:contact us about this vulnerability

Trust: 1.6

url:provide a vendor statement

Trust: 1.6

url:http://secunia.com/advisories/14512/

Trust: 0.9

url:http://xforce.iss.net/xforce/alerts/id/193

Trust: 0.9

url:http://www.microsoft.com/technet/security/bulletin/ms05-021.mspx

Trust: 0.9

url:http://secunia.com/advisories/14920/

Trust: 0.9

url:http://www.microsoft.com/technet/security/bulletin/ms05-020.mspx

Trust: 0.8

url:http://www.idefense.com/application/poi/display?id=228&type=vulnerabilities

Trust: 0.8

url:http://www.microsoft.com/security/bulletins/200504_msnmessenger.mspx

Trust: 0.8

url:http://www.microsoft.com/technet/security/bulletin/ms05-022.mspx

Trust: 0.8

url:http://support.microsoft.com/kb/889829

Trust: 0.8

url:http://support.microsoft.com/kb/896597

Trust: 0.8

url:http://messenger.msn.com

Trust: 0.8

url:http://www.w3.org/graphics/gif/spec-gif89a.txt

Trust: 0.8

url:http://secunia.com/advisories/14512

Trust: 0.8

url:http://www.securityfocus.com/bid/2666

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/19593

Trust: 0.8

url:http://osvdb.org/displayvuln.php?osvdb_id=14578

Trust: 0.8

url:http://xforce.iss.net/xforce/alerts/id/192

Trust: 0.8

url:http://www.iana.org/assignments/ip-parameters

Trust: 0.8

url:http://www.securityfocus.com/bid/13116/

Trust: 0.8

url:http://securitytracker.com/alerts/2005/apr/1013686.html

Trust: 0.8

url:http://www.us-cert.gov/cas/techalerts/ta05-102a.html

Trust: 0.8

url:http://www.osvdb.org/displayvuln.php?osvdb_id=15467

Trust: 0.8

url:http://support.microsoft.com/support/kb/articles/q165/0/05.asp

Trust: 0.3

url:http://support.microsoft.com/support/kb/articles/q177/5/39.asp

Trust: 0.3

url:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2932511

Trust: 0.3

url:http://www.cisco.com/warp/public/770/land-pub.shtml#iosvers

Trust: 0.3

url:http://www.securityfocus.com/archive/1/392354

Trust: 0.3

url:/archive/1/392642

Trust: 0.3

url:/archive/1/393045

Trust: 0.3

url:/archive/1/392354

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/about_secunia_advisories/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://github.com/pexmee/cve-1999-0016-land-dos-tool

Trust: 0.1

url:https://github.com/ascendantlogic/opensims

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/20812/

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=8889

Trust: 0.1

url:http://secunia.com/product/1173/

Trust: 0.1

url:http://secunia.com/product/22/

Trust: 0.1

url:http://secunia.com/product/1174/

Trust: 0.1

url:http://secunia.com/product/1176/

Trust: 0.1

url:http://secunia.com/product/1175/

Trust: 0.1

url:http://secunia.com/product/16/

Trust: 0.1

url:https://ca.secunia.com/?f=l

Trust: 0.1

url:http://www.microsoft.com/downloads/details.aspx?familyid=35bce74a-e84a-4035-bf18-196368f032cc

Trust: 0.1

url:http://www.microsoft.com/downloads/details.aspx?familyid=2a2af17e-2e4a-4479-8ac9-b5544ea0bd66

Trust: 0.1

url:http://secunia.com/secunia_vacancies/

Trust: 0.1

url:http://secunia.com/product/41/

Trust: 0.1

url:http://www.microsoft.com/downloads/details.aspx?familyid=97f409eb-c8d0-4c94-a67b-5945e26c9267

Trust: 0.1

url:http://secunia.com/product/1828/

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/633446>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/222050>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/233754>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/275193>

Trust: 0.1

url:http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/774338>

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta05-102a.html>

Trust: 0.1

url:http://www.us-cert.gov/legal.html>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/756122>

Trust: 0.1

sources: CERT/CC: VU#774338 // CERT/CC: VU#756122 // CERT/CC: VU#222050 // CERT/CC: VU#633446 // CERT/CC: VU#396645 // CERT/CC: VU#233754 // CERT/CC: VU#275193 // VULMON: CVE-1999-0016 // BID: 2666 // PACKETSTORM: 36523 // PACKETSTORM: 37141 // PACKETSTORM: 37198 // CNNVD: CNNVD-199712-002 // NVD: CVE-1999-0016

CREDITS

m3lt meltman@lagged.net

Trust: 0.6

sources: CNNVD: CNNVD-199712-002

SOURCES

db:CERT/CCid:VU#774338
db:CERT/CCid:VU#756122
db:CERT/CCid:VU#222050
db:CERT/CCid:VU#633446
db:CERT/CCid:VU#396645
db:CERT/CCid:VU#233754
db:CERT/CCid:VU#275193
db:VULHUBid:VH-CVE-1999-0016
db:VULMONid:CVE-1999-0016
db:BIDid:2666
db:PACKETSTORMid:36523
db:PACKETSTORMid:37141
db:PACKETSTORMid:37198
db:CNNVDid:CNNVD-199712-002
db:NVDid:CVE-1999-0016

LAST UPDATE DATE

2022-05-06T12:03:12.731000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#774338date:2005-08-18T00:00:00
db:CERT/CCid:VU#756122date:2005-04-13T00:00:00
db:CERT/CCid:VU#222050date:2005-04-13T00:00:00
db:CERT/CCid:VU#633446date:2005-04-12T00:00:00
db:CERT/CCid:VU#396645date:2005-04-13T00:00:00
db:CERT/CCid:VU#233754date:2005-05-03T00:00:00
db:CERT/CCid:VU#275193date:2005-08-02T00:00:00
db:VULHUBid:VH-CVE-1999-0016date:2008-09-09T00:00:00
db:VULMONid:CVE-1999-0016date:2008-09-09T00:00:00
db:BIDid:2666date:2009-07-11T06:06:00
db:CNNVDid:CNNVD-199712-002date:2006-11-16T00:00:00
db:NVDid:CVE-1999-0016date:2008-09-09T12:33:00

SOURCES RELEASE DATE

db:CERT/CCid:VU#774338date:2005-04-12T00:00:00
db:CERT/CCid:VU#756122date:2005-04-12T00:00:00
db:CERT/CCid:VU#222050date:2005-04-12T00:00:00
db:CERT/CCid:VU#633446date:2005-04-12T00:00:00
db:CERT/CCid:VU#396645date:2005-04-13T00:00:00
db:CERT/CCid:VU#233754date:2005-04-12T00:00:00
db:CERT/CCid:VU#275193date:2005-04-12T00:00:00
db:VULHUBid:VH-CVE-1999-0016date:1997-12-01T00:00:00
db:VULMONid:CVE-1999-0016date:1997-12-01T00:00:00
db:BIDid:2666date:1997-11-20T00:00:00
db:PACKETSTORMid:36523date:2005-03-15T04:45:15
db:PACKETSTORMid:37141date:2005-04-18T07:20:47
db:PACKETSTORMid:37198date:2005-04-19T06:59:49
db:CNNVDid:CNNVD-199712-002date:1997-11-13T00:00:00
db:NVDid:CVE-1999-0016date:1997-12-01T05:00:00