Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DOS:WINDOWS:MS-RDP-PATTERN-DOS

Severity

 Medium

Recommended

 No

Category

 DOS

Keywords

 Windows XP RDP Denial of Service

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DOS: Windows XP RDP Denial of Service


Microsoft RDP Server shipped with Windows XP is vulnerable to a denial of service attack. This attack does not require that the client be authenticated with the RDP server because the attack happens in the negotiation before the drawing of the login screen. This vulnerability is present in Microsoft RDP 4.0, 5.0 and 5.1. It affects Windows XP and Windows .NET Standard Server Beta 3.

Extended Description

The Microsoft Windows XP Professional Remote Desktop implementation is prone to a denial of service. It is possible for a malicious client to trigger this condition by sending a maliciously crafted packet to the vulnerable host during the negotiation of client/server graphics capabilities. Clients may specify drawing commands based on what is supported. If the Pattern BLT command is specified in a packet, Microsoft Windows XP Professional will crash when it tries to render the pattern. This issue also exists in Microsoft Windows .NET Standard Server Beta 3.

Affected Products

  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Advanced Server SP3
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server SP1
  • Microsoft Windows 2000 Datacenter Server SP2
  • Microsoft Windows 2000 Datacenter Server SP3
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows 2000 Professional SP2
  • Microsoft Windows 2000 Professional SP3
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Server SP3
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Terminal Services SP1
  • Microsoft Windows 2000 Terminal Services SP2
  • Microsoft Windows 2000 Terminal Services SP3
  • Microsoft Windows 2000 Terminal Services
  • Microsoft Windows .NET Standard Server Beta 3
  • Microsoft Windows XP 64-bit Edition
  • Microsoft Windows XP Home
  • Microsoft Windows XP Professional

References

  • BugTraq: 5713
  • CVE: CVE-2002-0864
  • URL: http://securityvulns.com/docs3503.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out