Signature Detail

DOS: IGMP Oversize

This signature detects attempts to exploit a known vulnerability against the IGMP header in Microsoft Windows 98 and 2000 TCP/IP stacks. Attackers can send maliciously crafted IGMP headers to cause the stack to fail and cause a denial of service.

Extended Description

The Windows 98 and Windows 2000 TCP/IP stacks were not built to reliably tolerate malformed IGMP headers. When one is received, the stack will sometimes fail with unpredictable results ranging from a Blue Screen to instantaneous reboot.

Affected Products

• Microsoft Windows 2000 Server
• Microsoft Windows 95
• Microsoft Windows 98
• Microsoft Windows NT 4.0
• Microsoft Windows NT 4.0 SP1
• Microsoft Windows NT 4.0 SP2
• Microsoft Windows NT 4.0 SP3
• Microsoft Windows NT 4.0 SP4
• Microsoft Windows NT 4.0 SP5
• Microsoft Windows NT Enterprise Server 4.0
• Microsoft Windows NT Enterprise Server 4.0 SP1
• Microsoft Windows NT Enterprise Server 4.0 SP2
• Microsoft Windows NT Enterprise Server 4.0 SP3
• Microsoft Windows NT Enterprise Server 4.0 SP4
• Microsoft Windows NT Enterprise Server 4.0 SP5
• Microsoft Windows NT Server 4.0
• Microsoft Windows NT Server 4.0 SP1
• Microsoft Windows NT Server 4.0 SP2
• Microsoft Windows NT Server 4.0 SP3
• Microsoft Windows NT Server 4.0 SP4
• Microsoft Windows NT Server 4.0 SP5
• Microsoft Windows NT Terminal Server 4.0
• Microsoft Windows NT Terminal Server 4.0 SP1
• Microsoft Windows NT Terminal Server 4.0 SP2
• Microsoft Windows NT Terminal Server 4.0 SP3
• Microsoft Windows NT Terminal Server 4.0 SP4
• Microsoft Windows NT Terminal Server 4.0 SP5
• Microsoft Windows NT Workstation 4.0
• Microsoft Windows NT Workstation 4.0 SP1
• Microsoft Windows NT Workstation 4.0 SP2
• Microsoft Windows NT Workstation 4.0 SP3
• Microsoft Windows NT Workstation 4.0 SP4
• Microsoft Windows NT Workstation 4.0 SP5

References

• BugTraq: 514
• CVE: CVE-1999-0918