Signature Detail

DOS: IGMP Fragment

This signature detects attempts to exploit a known vulnerability against Microsoft Windows 98 and 2000 TCP/IP stacks. Attackers can send maliciously crafted malformed IGMP headers to cause a stack to fail, thereby creating a denial-of-service (DoS) condition.

Extended Description

The Windows 98 and Windows 2000 TCP/IP stacks were not built to reliably tolerate malformed IGMP headers. When one is received, the stack will sometimes fail with unpredictable results ranging from a Blue Screen to instantaneous reboot.

Affected Products

• Microsoft windows_2000_server
• Microsoft windows_95
• Microsoft windows_98
• Microsoft windows_nt 4.0
• Microsoft windows_nt 4.0 SP1
• Microsoft windows_nt 4.0 SP2
• Microsoft windows_nt 4.0 SP3
• Microsoft windows_nt 4.0 SP4
• Microsoft windows_nt 4.0 SP5
• Microsoft windows_nt_enterprise_server 4.0
• Microsoft windows_nt_enterprise_server 4.0 SP1
• Microsoft windows_nt_enterprise_server 4.0 SP2
• Microsoft windows_nt_enterprise_server 4.0 SP3
• Microsoft windows_nt_enterprise_server 4.0 SP4
• Microsoft windows_nt_enterprise_server 4.0 SP5
• Microsoft windows_nt_server 4.0
• Microsoft windows_nt_server 4.0 SP1
• Microsoft windows_nt_server 4.0 SP2
• Microsoft windows_nt_server 4.0 SP3
• Microsoft windows_nt_server 4.0 SP4
• Microsoft windows_nt_server 4.0 SP5
• Microsoft windows_nt_terminal_server 4.0
• Microsoft windows_nt_terminal_server 4.0 SP1
• Microsoft windows_nt_terminal_server 4.0 SP2
• Microsoft windows_nt_terminal_server 4.0 SP3
• Microsoft windows_nt_terminal_server 4.0 SP4
• Microsoft windows_nt_terminal_server 4.0 SP5
• Microsoft windows_nt_workstation 4.0
• Microsoft windows_nt_workstation 4.0 SP1
• Microsoft windows_nt_workstation 4.0 SP2
• Microsoft windows_nt_workstation 4.0 SP3
• Microsoft windows_nt_workstation 4.0 SP4
• Microsoft windows_nt_workstation 4.0 SP5

References

• BugTraq: 514
• CVE: CVE-1999-0918
• URL: http://www.microsoft.com/technet/security/bulletin/ms99-034.asp