Signature Detail

IKE: Windows 2000 DoS

This protocol anomaly is a maliciously crafted IKE packet that can cause a Windows 2000 host to stop responding. Attackers can connect to UDP/500 and submit a continuous stream of arbitrary packets to spike the CPU utilization and cause a denial of service (DoS).

Extended Description

Internet Protocol Security (IPSec) provides authentication and encryption for IP network traffic. The Internet Key Exchange (IKE) protocol is a management protocol standard which is used with the IPSec standard. IKE contributes to the IPSec standard by providing additional features and by default listens on UDP port 500. An issue exists in IKE which could cause a Windows 2000 host to stop responding. Connecting to port 500 and submitting a continuous stream of arbitrary packets, will cause the CPU utilization to spike to approximately 100%. It should be noted that this vulnerability may be due to an underlying issue with the UDP protocol.

Affected Products

• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Terminal Services SP1
• Microsoft Windows 2000 Terminal Services SP2
• Microsoft Windows 2000 Terminal Services

References

• BugTraq: 3652
• CVE: CVE-2001-0951
• URL: http://www.securityfocus.com/data/vulnerabilities/exploits/nb-isakmp.c