Multiple Vendor TCP/IP Resource Exhaustion Vulnerability

Microsoft's implementation NetBIOS is vulnerable to a remotely exploitable denial of service attack. An attacker who has access to the NBT port can cause the system to become exhausted of network resources and cease functioning.

The attack is carried out by initiating many connections and then closing them, leaving the target tcp sockets in FINWAIT_1 state. Although the sockets will eventually time out and be freed, an attacker can continuously send more, initiating and closing new connections using up any freed network resources. The result may be a denial of useful NetBIOS services until the attack stops.

This type of attack is well known as simple resource exhaustion, but has become an issue with new tools that enable attackers to launch more effective resource exhaustion attacks. Microsoft has released fixes to patch this vulnerability in NT 4.0sp6. This vulnerability affects many operating systems aside from Microsoft Windows, however Microsoft is the only vendor thus far to issue a patch and workaround.


Privacy Statement
Copyright 2010, SecurityFocus